Two separate ransomware events that targeted Grandeur Housing prompted the organization to seek a solution to prevent further attacks. With its backup server replicating data every weekday evening to an ESXi host server across a wireless link, the firm wished to instigate an air gap—a security measure that keeps secure networks physically isolated from unsecured ones such as the Internet. Grandeur Housing wanted its host server to remain offline except during replication, with the air gap extending to the ESXi host that acts as its disaster recovery (DR) server.
After a technology partner suggested that Eaton might offer a solution, Grandeur Housing began to investigate whether the manufacturer’s Intelligent Power Manager (IPM) was capable of performing the desired air gap task. The goal was for a software to orchestrate the process, starting up Grandeur Housing’s replica ESXi host and then shutting it down once the procedure was complete.
"I think this is a very appropriate use of this technology from the standpoint of protecting key infrastructure from being accessed when you don’t want it to be. If there’s a ransomware attack or a fire, or if anything were to take out our main office site, we can replicate and have instant access to everything.”
Deployed in May 2019, IPM and the PDU trigger specific actions on a schedule determined by Grandeur Housing. By signaling that power is off to the receptacle that the replication server is plugged into, the server thinks there was a power outage. IPM’s job is to initiate the startup and shutdown sequences. Currently, the trigger can be initiated at a particular time of day, a specific day of the week or a certain day of the month, with full calendar scheduling expected soon.
“It’s a great model for other companies to consider. I imagine there are probably a number of Eaton customers who have the ability to do this and may not even realize it. They could already have all the pieces in place. It’s definitely a value-added capability.”
“If we were ever attacked during office hours—when a lot of attacks happen—our off-site replication data is protected because the server is off, so there’s no opportunity for access to be gained to it. I feel very good about our setup here and that we are protected by multiple layers.”