Backup Operations & Cybersecurity Protection

Leveraging Comprehensive Backup Monitoring & Reporting Automation To Get Ahead Of Cyber Attacks

The Bocada Team | May 12, 2022

Leveraging Comprehensive Backup Monitoring & Reporting Automation To Get Ahead Of Cyber Attacks


News stories abound of major organizations’ data held hostage by cybercriminals. In just the past few years, this has included international newsworthy events like Colonial Pipeline paying nearly $5 million USD in ransom to retrieve their data. However, there have been several significant yet under-the-radar ransoms likes US travel services company CWT paying $4.5 million, travel insurance provider Travelex paying $2.3 million, and chemical distribution company Brenntag paying $4.4 million in data ransom payments.

It’s all too easy to think legacy backup operations and protocols will safeguard enterprises against ransomware events. This is grossly misguided. Data is growing at astronomical rates. This means days or weeks to troubleshoot data protection issues, assuming they are uncovered in the first place. Relying on traditional data protection oversight practices and assuming all backup assets are properly protected leaves enterprises ripe for attacks.

Proactive backup operation automations address this head on. Improved monitoring, alerting, and data protection integrations keeps data protected and serves as a major cybersecurity protection tool.  Teams adopting these practices enjoy the same outcome as Fujifilm, an organization that successfully got their operations up and running after a ransomware attack…with zero ransom fees paid.

Backup Operations Automations To Safeguard Data Against A Cyberattack

The average time to identify a data breach is 196 days. This tells us that while a cyberattack is in progress, an organization is still generating new data. As a result, ongoing activities that streamline getting assets fully protected play a key role in holistic cybersecurity protection and data resilience.

Use Automated Unprotected Asset Discovery For Cybersecurity Protection

Most organizations have low confidence that all of their organization’s key resources have the correct backup protections in place. This is not surprising. A wide breadth of teams have authority to create new assets meaning new assets appear at breakneck speeds. The result is critical resources and assets left wholly unprotected.

Getting ahead of this through traditional procedures, however, is unwieldy. Teams would first need to collect a complete list of all key assets in their organization. They then need to collect a record of all backup job records from every backup solution in use. A full reconciliation of these two lists must follow to first identify assets missing from the backup records and then determine if they require backup protections. It’s so time intensive that teams perform the task just one or two times per year, often still missing key unprotected assets.

Cybersecurity Protections - Unprotected Asset Discovery

Automated reconciliation and identification streamline this process and shore up unprotected assets on an almost daily basis. Backup monitoring automation tools like Bocada let enterprises take any kind of asset list—CMDB, CSV file, propriety in-house databases—and compare them to backup job logs. The end result is a punch list of assets that need protection intervention. This streamlined approach equips organizations with the backups they need should a ransomware event require data restoration.

Protect Data From Cyber Threats With Streamlined Ticketing Operations

It’s one thing to lose data during a ransomware or cyberattack because it was never protected in the first place. It’s another to lose it because data protection teams could not resolve backup impediments before the attack took place. This is where automating key steps in the ticketing and backup failure resolution process come into play.

Conventional backup resolution procedures are hyper-manual and demand a great deal of time. A backup failure must first be identified. A ticket summarizing the failure and its details is then populated and submitted into a ticketing system. Personnel then monitor the ticket’s status and close it when the underlying issue resolves. It’s a time-tested process, but one whose manual steps make the resolution process take longer than necessary.

Cybersecurity Protections - Streamline Backup Failure Ticketing Operations

Backup operations automation software like Bocada remove these manual touch points. Automated ticket creation based on pre-defined criteria eliminates the need to identify a failure and then create, submit, and route a ticket to the correct team member. Further, consolidated monitoring under a single pane and auto-ticket closure based on resolution criteria enables improved oversight, cleaner operations, and reduced manual intervention.

This end-to-end ticketing automation keeps organizations one step ahead of cyberattacks. Faster overall resolutions aided by automation mean data is restorable, no matter what.

Backup Operations Automations For Proactive Cyberattack Protection Monitoring

Backup operations frequently play the role of being the last line of defense in the event of a cyberattack. However, enacting backup monitoring automation protocols changes this dynamic. With the right protocols in place, backup professionals play a key role in safeguarding organizations with holistic cybersecurity protections.

Use Unusual Backup Patterns To Pinpoint Active Attacks

The amount of data backed up over the course of several days or even weeks rarely varies that much. This is why a variance in the bytes of data backed up over a short period of time can be cause for concern and, sometimes, a signal of an in-progress cyberattack.

Ransomware impacts backup byte volume in a variety of ways. One of the most common scenarios is ransomware completely removing files. This results in a backup file suddenly having no bytes at all. A related ransomware practice is the changing of a file name or extension. Malware replicates the file and gives this new file the original file’s name, all while deleting or altering the contents of the original file. Through this process, the original file’s byte count changes.

Cybersecurity Protections - Backup Byte Variance Report

These are often subtle byte variances that happen file by file over the course of long periods of time. In fact, it’s their very subtly that results in attacks going undetected for so long.

Yet backup monitoring tools like Bocada detect these variances automatically. The software first assesses historical backup byte norms. It then uses these benchmarks to measure the presence of unusual variances in backup byte volume. With a list in-hand of unusual backup byte activity, data protection professionals have a simple tool to identify potential ransomware threats.

Leverage Unusual Storage Usage Behavior Identification As Cybersecurity Protection

Changes in backup bytes point to a related signal of ransomware and cybersecurity attacks: unusual peaks or valleys in backup storage usage. One typical malware practice encrypts server files and then leaves them unavailable for access without an encryption key. Sometimes, this encryption significantly increases the original file’s size and therefore the amount of storage needed to backup up those files. Meanwhile, a slightly less common malware practice involves the insertion of extremely large malware data into files to avoid detection by anti-virus programs that focus on finding small, unexpected files. Again, backup data volume, and therefore storage usage, spike unexpectedly.

While these spikes may be detected by data protection personnel, the real question is how long will it take for that detection to happen. Even a few days lag time may mean millions of dollars in lost data and operational uptime. Instead, imagine receiving alerts the moment these unusual storage spikes occur. Bocada’s automated backup storage monitoring lets data protection personnel set specific benchmarks for such alerting. Rather than relying on personnel to remember to check and then identify unusual storage spikes, these alerts offer yet another proactive tool to get ahead of


In a world where cyber and ransomware attacks are only increasing in frequency and scale, enterprise IT professionals must review the extent to which their existing tools and protocols fully protect their organizations. Leveraging tools that introduce cyberattack protection throughout their infrastructure empowers all IT personnel to be proactive participants in data protection.

When assessing backup operations automation tools’ ability to get ahead of cyberattacks, be sure to assess them on the following key capabilities:

  • Native integration with enterprise backup and storage solutions
  • Automated unprotected asset discovery
  • Streamlined bytes variance detection
  • Centralized ticketing creation, monitoring, and resolution
  • Customizable alert triggers

Tools like Bocada that incorporate these cybersecurity protection features not only address daily backup operations monitoring and reporting needs. They also also offer the added benefit of being valuable cyberattack prevention tools!