The ACSC Essential 8 and Ivanti

The ACSC Essential 8 & Ivanti

ivanti.com.au 1 The ACSC Essential 8 and Ivanti

Contents

What It Is, Why It Matters, How We Help ...... 3 Taking a Step Back ...... 3 The Essential 8 in More Detail ...... 4 Prevent Malware from Running ...... 4 Application whitelisting ...... 4 Patch applications ...... 5 Disable untrusted Microsoft Office macros ...... 6 User application hardening ...... 7 Limit the Extent of Incidents and Recover Data ...... 8 Restrict administrative privileges ...... 8 Patch operating systems ...... 9 Multi-factor authentication ...... 10 Daily backup of important data ...... 11

This document is provided strictly as a guide. No guarantees can be provided or expected. This document contains the confidential information and/or proprietary property of Ivanti, Inc. and its affiliates (referred to collectively as “Ivanti”),and may not be disclosed or copied without prior written consent of Ivanti.

Ivanti retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. Ivanti makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. For the most current product information, please visit www.Ivanti.com.

© 2021, Ivanti. All rights reserved. IVI-2032 06/20 DM/BB/BR/DL

ivanti.com.au 2 The ACSC Essential 8 and Ivanti

The ACSC Essential 8 and Ivanti

What It Is, Why It Matters, How We Help What Is the Essential 8 as Defined by the ACSC? The Australian Cyber Security Centre (ACSC) Strategies to Mitigate Cyber Security Incidents is a prioritised list of practical actions organisations can take to make their computers more secure. The advantage of this guidance is that it is customisable to each organisation based on their risk profile and the threats they are most concerned about. Implementing the ACSC Essential 8 effectively helps you achieve a baseline cybersecurity posture – a level that would have prevented the success of high-profile attacks such as WannaCry and NotPetya. While this sounds straightforward, many companies still struggle to achieve this level of security today. In this document, we’ll discuss the importance of each control that makes up the Essential 8, the pitfalls companies fall into with each, and Ivanti’s approach to solving these problems.

Taking a Step Back

Keep in mind that as threats evolve, we must adjust to meet those threats, so building a strong cybersecurity program is not a set-it-and-forget-it process. It’s a journey, and as you move forward you need to adapt, evolve, and reassess as you go.

The Essential 8 is a critical part of this journey. Without a solid foundation, your cybersecurity program may be doomed to fail, or at the very least you may be met with insurmountable tasks along your journey.

Think of it in terms of a line of defense. If you have to defend a line 50 meters across and you have only three individuals to defend it with, what happens when you see 1,000 people come charging across that line? The three will be overwhelmed. Now consider that 50 meters is your attack surface across your organisation, the three individuals are your SecOps team, and the 1,000 people charging at your line of defense are security incidents ranging from ransomware to malware to Advanced Persistent Threats (APTs) that your SecOps team needs to try and detect and respond to.

The point is, if you leave your attack surface at the 50 meters of exposure, there is no way your SecOps team can be successful, so you need to reduce that attack surface to give your detect-and-response capabilities and SecOps team a chance at being successful. Enter the Essential 8 and the need for that baseline cyber security posture.

ivanti.com.au 3 The ACSC Essential 8 and Ivanti

The Essential 8 in More Detail

The Essential 8 is broken into two sections: ▪ 4 controls to prevent malware from running ▪ 4 controls to limit the extent of incidents and recover data

Prevent Malware from Running Limit the Extent of Incidents and Recover Data Application whitelisting Restrict administrative privileges

Patch applications Patch operating systems

Disable untrusted Microsoft Office macros Multi-factor authentication

User application hardening Daily backup of important data

The preventative measures are going to reduce your attack surface as well as the number of incidents that may occur in your environment. Layering preventative measures accounts for exceptions and gaps in a layer, and short windows of time where one layer is able to be defeated. Let’s face it, there is no way to be 100-percent secure, or to be immune to a security breach or the potential for ransomware to affect your environment. Or, rather, while it can be achieved, there is a tipping point where you lock down endpoints to the point where you cripple the user’s ability to execute and the business’s ability to succeed. What you need is a balance between security and user needs. So, with the first four security controls in the Essential 8 you can focus on reducing the attack surface, and thereby the number of incidents that will potentially hit your environment – by a significant margin.

Of course, when the inevitable happens, you need to limit the extent of a security incident – reduce the ability for the incident to spread to other systems. This, as we say, is the focus of the other half of the Essential 8. And it also starts to address recovery from an incident.

Prevent Malware from Running Application whitelisting

A whitelist allows only selected software applications to run on computers.

Application Whitelisting – Summary

Why do this? All other software applications are stopped, including malware.

Challenges? Traditional whitelisting can work in some cases, but many companies have tried and failed to implement whitelisting.

Ivanti’s approach More dynamic whitelisting reduces ramp-up, cost of ownership once running, and performance impact, while delivering a high level of security.

Level 3 Maturity Ensuring executables, software libraries, installers and scripts are controlled on all servers & workstations. Also obey known block rules for Microsoft system tools are enforced.

Ivanti’s solution Ivanti® Application Control, Ivanti UEM for Mobile.

Why do this? It’s very effective, it blocks all non-approved software. Patching is important to reduce an endpoint’s attack surface, but there are a few exceptions preventing updates: zero days, for example, where a vulnerability gets exploited before an update is available, or when there’s a gap between a vulnerability being identified and the time it takes to patch. There may also be times you choose not to patch due to a stability issue. What if attacks use components that have been approved for use on a system? In these cases, application whitelisting is there to help stop the payload from executing after the exploit gains access to the system, preventing the malware or ransomware executing on that system.

ivanti.com.au 4 The ACSC Essential 8 and Ivanti

Challenges: Traditional whitelisting can work in some cases, but many companies have tried and failed to implement whitelisting. Discovery can be an exhaustive process. Once implemented there is a constant need to maintain and update the whitelist. There is the added cost of ownership with each user request to add a new application to the list, a new version, or simply a minor application update. Some solutions also cause a heavy performance impact to the system, as each application accessed must be evaluated to ensure it matches the known good application and is not modified or a renamed file trying to impersonate the whitelisted file. Today’s users must be enabled to do their jobs quickly and effectively. New apps are introduced daily to our environments, compounding the cost of ownership for traditional whitelisting methods.

Ivanti’s approach: We perform whitelisting more dynamically, reducing the ramp-up, cost of ownership once running, and performance impact, while still delivering a high level of security. Dynamic whitelisting uses different trust models to simplify and reduce the overall burden. Trusted Ownership™ allows NTFS ownership of a file to simplify the process of whitelisting. Using a handful of trusted accounts to define ownership of trusted files allows easy implementation of a whitelist, and continuous addition and update of applications through your management systems, as the trusted owners are the accounts performing the install and update\upgrade efforts.

For other operating systems such as macOS, Ivanti can leverage the robust and native extension-based framework built into the operating system. Using System Policy Controls, administrators can flexible specify what applications are allowed to run in their fleet. On Mobile endpoints, Ivanti can further bridge these controls through the use of the native iOS App Control framework, as well as the Android Enterprise containerisation framework.

To account for a user’s need to introduce additional applications to the environment you can use Trusted Vendor for Windows, as well as macOS GateKeeper and controlled Public AppStores for Mobile. Users can install and run properly signed applications from large, well-known vendors such as Microsoft, Google, and Adobe without exceptions or requests, and without seeking approval for each new version that releases.

In the modern working world with pandemics such as that seen with Covid-19, we need to enable users to work wherever they are and support them in the field. For this reason, there are a number of escalation models to account for exceptions when needed. Short-term self-escalation is audited and reported back – escalation that gets to a help desk analyst or approver and can deliver a policy update to the user without the need to connect to the network.

Level 3 Maturity: The ACSC recommend all environments reach level 3 maturity. Ivanti provide all these capabilities out of the box to aid customers attaining that recommended maturity level.

Patch applications

A patch fixes security vulnerabilities in software applications.

Patch Applications – Summary

Why do this? Adversaries will use known software vulnerabilities to target computers.

Challenges? Microsoft solutions only provide coverage for their OS and applications out of the box. Few solutions provide heterogeneous automated patch support.

Ivanti’s approach Ivanti provides the largest catalog of software updates on the market, through a variety of solutions to meet any customer’s needs.

Level 3 Maturity Security vulnerabilities in applications or drivers identified as extreme risk automatically remediated within 48 hrs. Applications not supported by the vendor are replaced.

Ivanti’s solution See the full patch product list below. There’s a solution tailored to your needs.

Why do this? Adversaries will use known security vulnerabilities to target computers. Most vulnerabilities found on an endpoint are going to be in the software running on the system, and new vulnerabilities are identified regularly.

Challenges: Microsoft solutions only provide coverage for their OS and applications out of the box. The majority of vulnerabilities are in 3rd party non-Microsoft applications. Keeping up with frequent updates requires reboots, scheduled maintenance and downtime, and adequate testing of the critical business apps and processes.

ivanti.com.au 5 The ACSC Essential 8 and Ivanti

Ivanti’s approach: Ivanti provides the largest catalogue of software updates on the market, through a variety of solutions to meet any customer’s needs. Whether you are on a Microsoft Enterprise Agreement (EA) and use Microsoft System Center Configuration Manager (SCCM) to push updates, or you use Ivanti’s own Endpoint Manager, need a standalone solution, or are seeking a solution focused on the needs of complex data centres, we have a solution that can help you. We can provide our extensive third-party catalogue in a native plug-in for SCCM; integrated into Endpoint Manager for Windows, Mac, and Linux support from a single solution; or as a standalone solution – all with granular control over patch management from start to finish. We integrate with vulnerability scanners such as Rapid 7, Qualys and Tenable to automate patching tasks.

Level 3 Maturity: Customers set up automatic patch schedules for their extreme risk applications to ensure they are always updated within the 48 hour window using dashboarding to show compliance.

Ivanti’s solution: ▪ For SCCM environments, Ivanti Patch for SCCM is the solution of choice. ▪ For Ivanti Endpoint Manager customers, Patch for Endpoint Manager is the solution of choice. ▪ For standalone environments, Ivanti Security Controls and Patch for Endpoint Manager are the solutions of choice. ▪ For the data centre, Ivanti Security controls is the solution of choice.

Disable untrusted Microsoft Office macros

Microsoft Office applications can use software known as “macros” to automate routine tasks.

Disable Untrusted Microsoft Office Macros – Summary

Why do this? Macros are used increasingly to enable the download of malware, compromising a system through legitimate functionality.

Challenges? Due to lack of control, special requests, and one-time needs, macros get turned on and then left on.

Ivanti’s approach Ivanti provides a few options to lock down Office macros.

Level 3 Maturity Macro execution limited to trusted locations. Documents originating from the internet macros blocked, security settings cannot be modified by users.

Ivanti’s solution Ivanti® Environment Manager, Ivanti UEM for Mobile.

Why do this? Macros are used increasingly to enable the download of malware, compromising a system through legitimate functionality rather than a known software vulnerability. Adversaries can then access sensitive information.

Challenges: Power users tend to turn on features like macros, which may enable them to do creative and powerful things, but then also open up security risks. In addition, an attacker may craft a document that requires the use of macros, and unwitting users may enable them when they try and view the document, allowing the attacker’s payload to be delivered to the system. The average user should not have macros enabled or be able to turn on macros, but due to lack of control, special requests, and one-time needs, macros get turned on and then left on.

Ivanti’s approach: Ivanti provides a few options to lock down Office macros. The first method can be used to lock down the Office Options section using a proprietary approach, preventing the user from changing the settings. This approach can also get more granular, and through the Trust Center disable just the Macro option in the Options screen. Using this option also allows a custom message to the user to explain the lockdown. Solutions are also available for macOS, iOS and Android.

You can disable macros using a Group Policy ADMX template. You import the settings into Environment Manager & enforce them on a contextual basis. You can include self-heal abilities to protect against disabling the registry settings.

Level 3 Maturity: Using Ivanti customers configure conditional access rule sets to customise macro behaviour.

ivanti.com.au 6 The ACSC Essential 8 and Ivanti

User application hardening

Block web browser access to Adobe Flash player (uninstall if possible), web ads, and untrusted Java code on the Internet.

User application hardening — summary

Why do this? Flash, Java, and web ads have long been popular ways to deliver malware to infect endpoints.

Challenges? Users run many apps and browsers, there are plug-ins to manage in each of those. If you can’t easily lock down the browser or app, it’s hard to manage the in-between.

Ivanti’s approach On desktop we allow lockdown of Chrome, IE, and Firefox with templates, which drive configuration across all three browsers and provide self-heal capabilities. On Mobile, we implement continuous, on-device, risk based application vetting to see what apps are doing.

Level 3 Maturity Web browsers block or disable Flash content, block web advertisements, block Java from the internet. Microsoft Office is configured to disable support for Flash content. Microsoft Office is configured to prevent activation of Object Linking and Embedding packages.

Ivanti’s solution Ivanti® Environment Manager, Ivanti UEM for Mobile, Ivanti Threat Defence.

Why do this? Apps such as Flash & Java have long been popular ways to deliver malware. User-targeted vulnerabilities are the fastest way to gain a foothold in an organization. Updating these applications is critical; but where not needed, remove or block them.

Challenges: Attackers pick popular apps that are likely to exist in most environments. Historically Java was considered exploit target #1. It was a popular-enough target that a website was created to track the number of days since the last Java Zero Day. Flash then took over the top spot, followed by other user applications like the browsers and Adobe Reader, etc.

Today, an exploit that can target a user is highly desirable to exploit unsuspecting users through social engineering tactics. The challenge is that through consumerisation of IT, users can expect flexibility.

Ivanti’s approach: Ivanti allows the lockdown of Chrome, Internet Explorer, and Firefox with ADMX templates on desktop. These templates drive configuration across all three browsers, and with the Environment Manager self-heal capabilities you can protect even a crafty user who tries to circumnavigate the policy. On Mobile, an on-device intrusion detection and prevention system is deployed, when the endpoint is both online and offline. Resulting in your enterprise apps being continually vetted for risky behaviour, using the same technology Google uses to vet apps on the Public Google Play Store. All Mobile Endpoint apps are continuously catalogued and monitored, to detect behavioural, security, privacy, permissions and usage changes – If malicious behaviour is detected, the device is quarantined and relevant actions are taken against the app offline.

Level 3 Maturity: Using Ivanti, customers configure conditional access rule sets to customise browser behaviour on desktop.

ivanti.com.au 7 The ACSC Essential 8 and Ivanti

Limit the Extent of Incidents and Recover Data Restrict administrative privileges

Only use administrator privileges for managing systems, installing legitimate software, and applying software patches. Allocate them solely to those who need them.

Restrict Administrative Privileges – Summary

Why do this? Admin accounts are the “keys to the kingdom.” Adversaries use them to exploit systems.

Challenges? Some companies can enforce total lockdown of permissions, but generally users require some ability that leads to granting them admin privileges.

Ivanti’s approach Just Enough Administration (JEA) and Just-in-Time Administration (JIT)

Level 3 Maturity Privileged access validated when first requested and revalidated on an annual or more frequent basis. Privileged access to systems, applications and data repositories is limited to that required for personnel to undertake their duties. Technical security controls are used to prevent privileged

users from reading emails, browsing the web and obtaining files via online services.

Ivanti’s solution Ivanti® Application Control, Ivanti UEM for Mobile.

Why do this? Admin accounts are the “keys to the kingdom.” Adversaries use them for full access to information and systems. There are many vulnerabilities that, if exploited, give the attacker permissions equal to the current user.

Challenges: Gone are the days when we could lock down the user experience and call it a day. There are still companies that can enforce a policy of total lockdown of user permissions, but generally users require some ability that inevitably requires us to grant them administrative privileges on their system. Microsoft provides just two levels of control: user or a full admin. There’s some variation in between, but not enough to make it a good experience for the user or administrator. For comparison on Mobile, Apple only gives iOS admins certain security controls via a trusted MDM Connection to help circumvent device exploitation; without impacting end user experience. Google provides various Android Enterprise deployment modes, where each invoke different levels of native containerisation and security controls; to cater for different device ownership models (E.g. BYOD, Corporate, Dedicated Kiosk).

Ivanti’s approach: We implement Just Enough Administration (JEA) and Just-in-Time Administration (JIT) for desktop – letting you take back your admin rights but still enable users to do what they need to, including easing the process of escalating or adding additional permissions if needed. Now you can choose. Take a full admin back down to a regular user, and provide escalation of privileges where and when needed, from access to install applications, install a printer, use PowerShell, or whatever the user may need, but nothing more than what the user should have. Or you can take that full administrator and strip away the things they should not have access to. Take PowerShell away or access to specific capabilities.

For Mobile the security playing field is quite different, where almost all deployment methods make users device-level administrators by default (regardless of device ownership). Ivanti can help mitigate this risk by ensuring corporate data can only be installed and accessed from a natively segregated Work Container, after the endpoint is first validated and secured. By using this method of native OS-Level security, it fundamentally changes the ownership of data. End users will still be the only admin of the endpoint’s personal storage volume, but only the organisation will have administrator rights of the Work Container and its data. If required, there are other deployment modes that can remove all end-user admin rights and work volumes. To further mitigate risks, such as an escalation of privilege attack from the personal storage volume - Ivanti Threat Defence can immediately detect, quarantine/airgap the device and shutdown the attack without an internet connection required.

Level 3 Maturity: Enforced policy so high risk applications never get elevated privileges, coupled with running all users in standard accounts with elevation JIT rather than Just in Case on desktop.

ivanti.com.au 8 The ACSC Essential 8 and Ivanti

Patch operating systems

A patch fixes security vulnerabilities in operating systems.

Patch Operating Systems – Summary

Why do this? Attackers use these vulnerabilities to move laterally through the network after gaining a foothold. Patching the OS can help limit the extent of an incident.

Challenges? Exploits and development of new exploits have become commoditized in the past few years, and many enterprises still struggle to push updates quickly.

Ivanti’s approach Patch often, patch everything, patch everywhere, automatically.

Level 3 Maturity Vulnerabilities for the OS and firmware marked as extreme risk patched within 48 hrs. An automated system used to enforce and ensure patches are applied. OS’s no longer supported are removed from use.

Ivanti’s solution See the full patch product list below. There’s a solution tailored to your needs.

Why do this? As we discussed above when talking about patch management for applications, adversaries will use known security vulnerabilities to target Mobiles and Desktops. Most vulnerabilities found on an endpoint are going to be in the software running on the system, and new vulnerabilities are identified regularly.

Challenges: Exploits and development of new exploits have become commoditised in the past few years. Off-the-shelf frameworks allow a less skilled adversary to take more sophisticated exploits and use them more quickly. Also, with greater activity of state-funded cyber groups, and with samples of more sophisticated exploits being leaked to the public – as we saw with the Eternal family of SMB exploits in early 2017 – threat actors can take advantage of well-funded, highly skilled developers’ efforts to become even more effective.

Add this to the fact that many enterprises still struggle to push updates quickly. WannaCry used EternalBlue, an SMB exploit disclosed more than 90 days prior to the attack launching. The same exploit made later variants, including the NotPetya attack, very effective as well, and NotPetya hit the ground running more than 120 days after the SMB exploit disclosure.

The biggest difference between a typical OS vulnerability and a software vulnerability is, more often than not, an OS vulnerability will be exploitable without involving a user. The Eternal SMB exploits – remotely exploitable across the network without need for authentication – are a good example of this. If we look at Mobile endpoints, the situation is even more dire. Generally, mobiles have the same level of access to corporate data but live in the wild and off network - without any visibility, security or protection from corproate perimeter defences. We can also pair this with the ever-growing list of threats seen in recent times, such as BlueBorne, Pegasus, CheckM8 and other Zero-Click or remote-code execution attacks.

These are the kinds of vulnerabilities attackers use to move laterally through the network after gaining an initial foothold— which is why the ACSC considers this control a means to limit the extent of an incident.

Ivanti’s approach: Patch often, patch everything, patch everywhere. This is the Ivanti mantra. Our content teams release content twice a week, every week, and release zero-day updates out of band as quickly as possible when they drop. Wherever the system goes (on or off network), we can patch it. And we offer flexible scheduling and a flexible reboot experience, agentless patch management for the data center, the ability to patch on and offline VMware virtual machines (VMs) and templates or snapshot a critical VM before patching, cross-platform support, etc. We have customers who need to patch tens of thousands of systems in less than two weeks, and some who need to ensure the right patches are applied to different systems – in healthcare, for example, where each system may be connected to a device that has a specific list of approved updates to safeguard FDA certification.

Level 3 Maturity: Customers set up automatic patch schedules for their extreme risk platforms such as endpoints and servers. To ensure they are always updated within the 48 hr window using dashboards to show compliance.

Ivanti’s solution: ▪ For SCCM environments, Ivanti Patch for SCCM is the solution of choice.

ivanti.com.au 9 The ACSC Essential 8 and Ivanti

▪ For Ivanti Endpoint Manager customers, Ivanti Patch for Endpoint Manager is the solution of choice. ▪ For standalone environments, Ivanti Patch for Windows and Ivanti Patch for Endpoint Manager are the solutions of choice. ▪ For the data center, Ivanti Patch for Windows is the solution of choice.

▪ For all Mobile, macOS and Modern Management W10 devices use Ivanti UEM for Mobile.

Multi-factor authentication

This is traditionally when a user is only granted access after successfully presenting multiple, distinct pieces of identification: typically, something you know, like a password; something you have, like a physical token; and/or something you are, like biometric data.

Multi-Factor Authentication – Summary

Why do this? Each level of additional authentication makes it exponentially harder for adversaries to access your organisations information and infrastructure.

Challenges? Many organisations have a level of Single Sign-On and/or basic MFA to validate their users, but the method of setup and validation is typically reliant on passwords and the human end user.

Level 3 Maturity Multi-factor authentication is used to authenticate everyone using remote access solutions, users in a position of trust and when accessing important data repositories.

Multi-factor authentication uses at least two of the following authentication factors: passwords, Universal 2nd Factor security keys, physical one-time password tokens, biometrics or smartcards.

Ivanti’s recommendation Ivanti Zero Sign-On (ZSO), Ivanti UEM for Mobile.

Why do this? More than half of all malicious cyber incidents reported in Australia involved compromised or stolen credentials. One of the best way to start building a strategy against credential and access-based threats is by leveraging a modern MFA solution.

Challenges: The challenge of secure authentication for many environments was arguably solved over 20 years ago, with technologies such as Kerberos Authentication; Hard Tokens from vendors like RSA; and complex systematically generated passwords. Despite these security advances and technologies being widely available, there still has not been complete market saturation for a number of reasons. One reason for Kerberos was admin complexity. On the other hand, hard tokens and very complex passwords had too much of an impact on end user experience. Overall, all of these examples had a similar challenge – they only focused on solving security, at the expense of the user or admin.

Ivanti’s recommendation: A passwordless, context-based MFA solution that does not compromise on either security or user experience. Organisations can leverage Ivanti Zero Sign-On (ZSO) to replace passwords with multiple levels of device, user, application and network validation that is transparent to the end user – which means better security without the pain.

Using ZSO, passwords are replaced from all user workflows with systematically generated certificates and tokens, that can only be unlocked by a user’s biometrics. These can further only be seamlessly provisioned on devices that are allowed and validated, by users that get a one-time-pin (OTP) when they first start at an organisation. Once validated, their device is now their identity to access resources like Office365, Salesforce, OneDrive – as well as other devices and services as a managed FIDO2 Authenticator device.

ZSO can also automatically be activated part of the Ivanti UEM for Mobile (Previously MobileIron) device client, requiring no setup or client download to rollout MFA to your organisation. Additionally, ZSO can be deployed as a standalone solution with your existing UEM and Identity stack – such as Microsoft EndPoint Manager, VMWare Workspace ONE, Ivanti EPM or any other solution.

ivanti.com.au 10 The ACSC Essential 8 and Ivanti

Daily backup of important data

Regularly back up all data and store it securely offline.

Daily Backup of Important Data – Summary

Why do this? Your organisation can access data again if it suffers a cyber security incident. Cleaning and using a compromised system is risky.

Challenges? Reimaging and restoring a system to a known good state and then restoring the data is usually recommended.

Ivanti’s recommendation The fastest way to recover from a malware incident, especially ransomware, is to re-provision the system and restore access to user data.

Why do this? That way, your organisation can access data again if it suffers a cyber security incident. In the case of a compromised system, it is risky trying to take an approach of cleaning and using the system.

Challenges: Reimaging and restoring a system to a known good state and then restoring the data is usually recommended. In the case of ransomware, it’s critical for remediation, as paying the ransom is not recommended and not guaranteed to recover the system.

Ivanti’s recommendation: The fastest way to recover from a malware incident, especially ransomware, is to re-provision the system and restore access to user data. Ensuring user data is consistently backed up and can be restored quickly and efficiently is critical, especially in the case of verticals highly targeted by ransomware, such as healthcare.

ivanti.com.au 11