Block ransomware from writing to your Windows Veeam backup server

Start listening

We’ve talked a bit on this podcast about ransomware groups targeting Windows-based backup servers, and Veeam specifically. There’s a new product on the market targeted at this problem, and it’s called Blocky for Veeam from Grau Data. Today we have the founder & CEO of Grau Data, Herbert Grau, and their head of North American operations, David Cerf. What we didn’t know until recording this episode is that these are the same people that used to make the gigantic Grau tape libraries that is used covet back in the 90s! They got out of the hardware business and have been making software ever since. Blocky for Veeam is a new application of another battle-tested product. Fascinating story, and one that will have other applications in the future.


On this episode of restore it all. We’ve got a new solution for the problem of ransomware attacking Windows-based backup servers. This one’s aimed specifically at Veeam, but it looks like there are many other applications. So hope you enjoy this episode.

[00:00:38] W. Curtis Preston: Hi, and welcome to Backup Central’s Restore it all podcast. I’m your host, w Curtis Preston, aka a Mr. Backup. And I have with me the guy that I think is gonna help me find a new recording platform. Prasanna Malaiyandi how’s it going? Prasanna

[00:00:53] Prasanna Malaiyandi: I’m good. Curtis. I, well, so I don’t think it’s all doom and gloom for the podcast recording platforms. Um, we’ll just have to wait and see.

[00:01:02] W. Curtis Preston: Let me introduce today’s guests . This is a unique one. I’ve known and known of our two guests today. And by the way, it’s unique. We don’t, we rarely have two guests. I’m gonna have to figure out how to fit you on the, on the, uh, Brady Bunch screen.

I’ve known of one guest for almost as long as I’ve been in backups, and I was an admirer of his early work, and we’ll talk about that a little bit.

And then our other guest, I’ve known him for quite a while as well. And, uh, we’ve, we’ve gotten in trouble a little bit here and there, uh, together.

So first I wanna welcome the c e O of Grau Data, Herbert Grau Thanks for coming on the podcast

[00:01:46] Herbert Grau: Thank you gentlemen for inviting.

[00:01:50] W. Curtis Preston: and, uh, And welcome of course to David Cerf. How’s it going,

[00:01:56] David Cerf: Very good, Curtis. Good. See you.

[00:02:00] W. Curtis Preston: So I, so by the way, the fact, you know, I knew, I knew that we were talking to GR data today and I knew that, or at least I believed at the time that you were, uh, the same company or a follow on company from the company that I knew way back in the day, what I did not expect.

Is to have a guest whose name matched the name of the company. So that was a big surprise to me. So let’s go, Herbert, let’s go back in the day. The first time I remember seeing you or seeing, you know, hearing of your, your, your company were these gigantic tape libraries. And I remember back in the day looking at them going, that looks amazing.

Like, it was like , they were just these ginormous tape libraries that here I was, I was an early Spectra Logic customer, and they had these little, you know, these little carousel things. So I was dealing with like 30 tapes and you were dealing with thousands of tapes. And I remember going, holy cow.

And one, one thing I remember was that the libraries were so big and they were so cost effective that it actually, and, and you can correct me if I’m wrong, what I remember was, That it actually cost more to fill it up with tape than it did to buy the library itself. Right? The, the library was so large and so cost effective that that was the case.

Um, you wanna talk a little bit about those old days,

[00:03:31] Herbert Grau: Yep. Well, I started already very early in the 1980 eighties. Uh, our background was machine building, so I took the company from my father and we were, uh, automotive suppliers and machine builders. So we were not a, not an IT company, and IBM brought this, uh, tape to the market and had no automation. And StorageTek was already there and IBM had nothing.

So we filled that gap and built a tape library in the first days. Weird enough, without any software connected to the host. This came over time through the customers, but we have been building these really cooltape libraries and they were called mixed media libraries because we could automate anybody’s, uh, tape drives from Hitachi, from other vendors as well, even in the mixed mode.

And so we were the exact counterpart of StorageTek or from us, and we had kind of more an open approach. And, and the second generation, we introduced the Quatro Tower. This was a cool patent we had. On one Cerface, the cartridges were moving inside small towers, so we could have 5,000 IBM cartridges on a small footprint, and we were shipping tape libraries around the world.

When eMASS joined my company and a very large library would have 30,000 IBM tapes. So six of these towers in a row, and a tape robot, a traveling, moving robot on one side and if necessary on the second side. So we had a double robot system and 30,000 tapes in a row, and what we call also could do. We had a special, uh, tape format implemented, called D two, which only the US government had.

If you want, I still have on my, on my drawer here an a d two tape from these days. And we converted our tape libraries to this special technology and then we ship through eMass to the famous unknown customers, to the famous government agency under us, the NSA board in 1995, a tape library with a capacity of 400 terabyte.

At that time, my biggest customer of the Deutsche Bank had.

[00:06:12] W. Curtis Preston: Wow.

[00:06:13] Herbert Grau: said, holy cow, who in the world needs 400 terabyte? And what for? But then somebody from eMass explained me what these guys were doing, all these satellites in the Iraq and they had eight supercomputers from Cray and this was awfully expensive. So all this data I came from satellite in, Longley or whatever down to earth in this, uh, data center underground and eight super commuters and then an HS m of the early days called file serve. I think, I think Quantum is still selling this today. and files serve moving data. Yeah. Files serve and moving data to tape out.

And this was of course a breakthrough from a small company because then we sold big time, uh, machines to the D O D. And in, in the US of course, unfortunately. Then, uh, eMAss, uh, actually the mother company of eMAss is Systems got bought by Raytheon. So the missile biased, the satellite, and then the whole thing got difficult and they wanted to sell this off, and I couldn’t buy my company back.

So I sold my remaining shares then to ADIC bought then eMass and I had restarted Crau data in Germany, again, sold my shares, and two weeks later I was on the market again with a new company, Crau Data, which is the company today because they name was not so important anymore because eMASS wanted to have eMAss data storage, and I was Crau data storage. Uh, well, Eddie wanted to get me back, but then I said, no, I, I do it on my own. And then we entered the market first, again, with atape library called Infini Store. But this was already an appliance software, server, disk, and tape in one device. And we sold this nicely in Germany until, uh, one point in time.

It was not possible anymore for a small company to sell hardware. And then we had extremely nice products, hardware, products,tape libraries, new generations, smaller, uh, easy, lean, cost effective, but we had to sell this. And then I met David, this was about 2 0 7, and then I restarted the company again, the same company, but they restarted as a software company.

[00:08:51] W. Curtis Preston: Mm-hmm.

[00:08:52] Herbert Grau: So, and then of course, tape, H S M was our background. So we had a product, which in ib, um, H P E O, emd, it was on their price list as file system extender.

[00:09:06] W. Curtis Preston: Mm-hmm.

But not

[00:09:07] Herbert Grau: very successful because HPE was in the terminal, so many products, and we kind of were sitting between the chairs. And then HPE stopped the contract and we sold it under the Grau logo.

And over time we worked our portfolio. And in the last four years, we have developed a complete, almost complete new product portfolio, which now re uh, looks really good. And that’s why I’m, I’m in the mode of re-entering to the US with my friend David, and sell our nice products to the us. And I have been coming and traveling all along the last years.

Still have partners and friends and, and no customers anymore, but this will hopefully change soon.

[00:09:56] W. Curtis Preston: Yeah. You know, it’s interesting, David, you know, when, when we started talking, um, about, you know, I, I discovered this other product, this newer product, right? And I had no idea. Right, because I, I think this latest product is absolutely going after a problem that is really important, right? Um, the, the, the slight, the slight problem called ransomware, right?

Um, and, um, in fact, I just, just a week ago I came out with an article in Network World that talks the, the title was, uh, ransomware is Coming for Your Backups, right? That’s coming for your backup server specifically. And the, this latest product is, is, is aiming at solving that really new, challenging problem.

Um, but, uh, I had no idea when, when we started talking that we were gonna be talking about a person that, that I’ve , that I’ve been involved with for 30 years. David, what, what do you think? Um, Uh, what’s your goal as you, as you move this company in, you know, into the us or to expand it into the us

[00:11:13] David Cerf: Well, Curtis’ phase we’re at his awareness. First of all. Um, I think you’re, it was funny how we did reloop together, which was that Dave Russell and I were talking and he had mentioned he had heard this podcast talking about Blocky for


which is the product you were just mentioning, and he didn’t mention it was you.

And so I had to go look it up, and then I was like, well, it’s Curtis. Uh, wow. And I, so we reached out. And so, uh, so there’s, the point is that awareness issue is that, um, Grau has done exceptionally well in Europe. Uh, working with channel partners and around, uh, the, the customer base, uh, for, because as you mentioned, uh, ransomware is such a critical issue right now.

And, um, the, the way the blocky product works is a zero trust that in it really, uh, brings a level of security to the large, uh, the largest install base for Veeam or these Windows users. And, uh, this gives ’em a very simple, easy. Quick solution, and that went like wildfire through the reseller partners go.

So Europe behaves a little different, right? Channels a operate a little differently than American channels and, uh, resellers. And so they’ve done incredibly well with this traction and awareness. So we’d like to bring that awareness and that success, uh, out of Europe, uh, and not just to North America, but globally because, you know, v of course is global, uh, has a really strong footprint in South America and Asia, and you have a tr and the majority of their customers are Windows users.

So getting that message out would certainly be the, the goal. And I think the product speaks for itself because there are no real options. It’s either you, either I have Windows and I do something or I don’t. And we’re that something you can do to bring security and cyber?

[00:12:57] Herbert Grau: Currently we have four products, three of them, brand, almost brand. And we have a product which we sell since many years very successfully. It’s called File Lock. It’s a Windows based software for compliant archiving. And we have a KPMG certificate that nobody can alter data after it has been archived.

And we have sold this product about 1,500 times in Europe. And it’s based on the filter driver technology. And it’s embedded in Windows. So you can have it on the Windows server, very simple on the physical or virtual machine, just install the software. And this filter driver, make sure nobody, not even the admin, can alter data, which is supposed to be archived for 10 years or whatever. It has the same API as the Snap Lock API from NetApp.

[00:13:57] W. Curtis Preston: Oh, that’s one that Prasanna should know.

[00:13:59] Herbert Grau: And, and the snap Lock was the role model. And this API is, um, not protected. So we have the same api, single file retention, like uh, snap lock but we are independent. We run on the Windows server and we scale as much window scales from hundred gigabytes for a small company to multiple terabyte in large sites, cluster ready, everything.

And this product is pretty cool and stable because filter driver technology was not so stable 20 years ago. We produced blue screen in the very early days. All the Veeam guys asked me that. But since, uh, Microsoft introduced a mini filtered technology, so an official interface for filters more than 10 years, we have zero, zero problems with the product.

Very cool product, very lean. And one customer said, Herbert data in file lock cannot be altered by nobody, not even by ransomware. That’s cool, but I cannot buy a compliant archive for my data in my, the backup should be able to override it. So we took this idea and said, we create a new block, uh, product called Blocky.

And this is like a filter driver. This is like a sheet metal plate, a warm, a warm shield. Nobody can go through it. And then we drill a small hole. And in the small hole, one guy says nobody can pass except the Veeam application. And if the Veeam application comes, this application always has to show a passport and a fingerprint, like if I enter the us.

Okay? And that’s why we can block everybody, even the good and the bad, except the one application which we whitelist, and that was blocky. We also have for IBM TSM customer, but this was the first one. And the selling was, uh, the, when a word, uh, you call this word on mouth, customer said, wow, it’s explained. 20 minutes, it’s installed in 10 minutes. It’s so effective, costs less, and is really cool and effective. And that’s why we sold 500 customers only in German speaking countries in the last four years, among them pretty big names from small Soho customers to really, really large international corporations. And that was really, uh, really a home run for us because we could use the technology which was proven over many, many years to a different field.

[00:16:48] W. Curtis Preston: And, and so it sounds like this, this grew out of that, the, the audit proof archiving, uh, line that you had the file lock from there. Um, and then you also, you’ve also got a couple of other products. You talk about metadata mining and the tape object archive. Do you wanna talk about that a little bit?

[00:17:04] Herbert Grau: All of course tape is our background as we talked and Ta tape will never go away. So we have a product which we have on the market since, um, almost 20 years now is stable. Product was a bit aged classical tape hsm. Like other products. And we have customers, big customers like Max Plank Institute with multiple petabyte and 10 of these.

And we have a legacy installed base. And some time ago we decided that we do a new architecture because we think tape will never go away. Next, whatever is, it’s a niche market, but we are an expert in this niche, niche market. And I have customers which I want to lead to the next generation. And that’s why we developed a product called Extreme Store. And this is now an object storage product is a scalable object storage software with S3 to tape. That’s a difference. And with this object,

[00:18:14] W. Curtis Preston: I, I interface with it via the S3 protocol, and then you put it on

[00:18:19] Herbert Grau: Uh, Maybe you know the Black Pearl from Spectrum Logic, because we mentioned that

name and that’s kind of a product. Well, we not, we compete, not so much in Germany, but in the US this would be our major competitor. But this is a market where only very few companies play. In Europe, I see two and we have I think, the best architecture, architecture.

Um, we have a scalable architecture. We have, uh, no SQL database. We can scale this vertically into multi-billions and horizontally into multi-services. And important in the tape world. If we have very small files and you have billions, you have to do containers. You cannot put small files on tape and retrieve a billion files from tape without containers.

And that’s why this container technology is important. And we recently did a test in a partner data center of 1.5 billion files in one bucket. And this is endless, scalable. That’s important.

And then of of course we have a modern, modern web ui. Some guys like still the command light interface, but more and more younger guys on the web ui.

And so we have some cool things around the product, which is in this niche, a cool product. And now I have mentioned three. And the three would normally be good enough for a company Grau data with 30 people having an archival background. But. I have a new product and that’s really a cool product and that’s called the Meta Data Hub. Why do I have this product? Because my friend David Cerf came four years ago. He was just leaving his beloved company, StrongBox and said, Herbert, you have to look at metadata. And I said, why? This is old stuff. Metadata is old stuff because we use metadata like everybody else since 20 years, file size and last access, and this is HSM of old school.

[00:20:45] Prasanna Malaiyandi: Yep.

[00:20:45] Herbert Grau: But if I explain you today that we have a very unique product, people say, how can that be? Because if you, if you Google metadata, you find so many products which mention this, you have to define metadata as standard file system metadata. Which is simple

[00:21:07] Prasanna Malaiyandi: as useful.

[00:21:09] Herbert Grau: it’s, it’s useful for many virus scanners and everybody, but it’s simple.

And then you have embedded metadata, and then you take very special file formats and you go to a research lab, you go to a Max blank Institute, which partners with Harvard, and they’ve won the special file format, which comes from the NASA nifty file. Who, who is, what is that? And then you look into this nifty file, for example, and this file has 10,000 metadata tags.

Holy cow. 10,000. And we. Developed a technology, how to extract these 10,000 embedded metadata tags and write them into a huge database. And now the research guy can say, I need all files which have this whatever dimension here and this dimension there. He does a Google kind of complex search and out of his 10 million files, which are somewhere, he gets the right 2000 files and he can narrow this down from 10,000 to 10,000 to 5,000, 2000.

And then he has the right data and that’s our job. Find the right data and we deliver them the right data to a CAR E platform, to an algorithm to improve it and whatnot. Because I have, although another company which is doing only. Medical data and we have huge amount of data, but you always need the right amount, the right data, and that’s the job of the metadata hub.

And then we go to the next one. This institute has a microscope from Chase. Very special file format. Holy cow. 8,000 metadata tags. Next one, bioinformatic. I never heard these names before, but now we have a technology how to extract this. That’s why I call it deep data mining. We drilled holes very, very deep.

Same is an automotive. We have some of these here and they have a motor motor test equipment and this is spitting out files. and then we go there and they said, you know what? We would like to know which of these million files have the same parameter for minus 30 degrees, that amount of kilometer, and blah, blah, blah.

And I said, you don’t know that? No. How? How should we, nobody can do this manually and nobody can extract the data. So we build an extractor for this special file format, and that’s why we are unique.

[00:24:13] W. Curtis Preston: You know, David, you, you, it sounds like you, you sort of brought up this idea. Did I, I’m, I’m a little bit like that. That last customer where, how is this not already everywhere,

[00:24:30] Herbert Grau: David told me, David explained me his product, which was a different product. This was all about storage management. All products are metadata for storage management. Move data around, get rid of the ice, get an in, and all this is about storage. And I said, I want to get out of storage. I don’t want to sell terabytes anymore.

I want to be in the analytics business. I want a Google like for metadata. This is a different game and we will go direction to artificial intelligence in the next steps. So we will move completely away from this. How many data is here and on the is on, move this back and forth. And this is old and cold.

This is kind of.

[00:25:19] Prasanna Malaiyandi: Yeah, I, I’m just thinking about use cases other than that. I know the primary use cases you talked about, but just thinking about things like, I know Curtis, we always talk about archive, right? And how do you find what’s been archive, because you don’t know what server came from, right? You no longer have that storage perspective, right?

And or even things like e-discovery, like use cases where it’s like, Hey, tell me information related to this subject, or other things like that. It seems like what you’ve built, Herbert and David is sort of an ability to centralize all of these different file formats or unique file formats and provide that value to the customer so they can run these queries on their.

[00:25:59] Herbert Grau: absolutely. And I had a, well, actually David went to a Berlin research lab and kind of sold them the idea, but the product was not there, and I sold him the product Now. For a nice amount of money, and he was Mr. Crau. Finally, I have a product. I have been waiting three years for a product, and I said, so my guys, maybe we have a, a unique selling point here because this guy is searching the market for three years in the US and everywhere, and he didn’t find at least one product which could do the job.

[00:26:32] David Cerf: So there, so there are two separate ways to look at it. One, one, uh, at Herbert has outlined very well, which is we’re trying to understand how to drive our business intelligence, how, how do we, and that’s really in the application space, which is this ability to extract that metadata to. Have better insights and understanding and visibility, which has really nothing to do with where the file may be stored.

But what, there’s a second use case, which is almost secondary, which is if I actually can understand what I have, then I can apply that to what I do with it by number of copies. Or does it need to have sort of compliance or where do I keep it? How long do I keep it? See that that was the origin of where I had come from was more in the extract that metadata.

So the world, you could look, you know, if we, with hindsight we can say, Hey, we knew we had to have metadata to be able to drive the intelligence that we wanna drive through AI and machine learning. We, you can’t get there without it. And so the, the difference would be it’s the approach to it. And so the elegance that that’s in the metadata hub is, is really that simplicity.

Separate out the overhead that comes with the file management or trying to put a GLO, global name, space and all the other things that that. Herbert was referencing what I was trying to do, which was kind of all these various things and just focus really on the metadata and the, and so there are two really interesting things that were solved with us, um, which Herbert said, but let me just emphasize it.

One is this rapid development capability for connecting to the file type. This, this was really a showstopper because if I have these unique elements and these customers could not connect to it, then it didn’t matter what you would do, you had to solve that first. So Grau has solved that ability to a connect.

So there, that was the first part. And then the second part was on the backside, which is, okay, I’ve done the extraction. So this is almost like, think of ETL in databases, right? Extract, transform and load. And except for with the, with the metadata hub, we’re extracting, we’re transforming, and then we’re connecting.

And so either we allow through our native user interfaces a way for the, the user to just be able to directly access, but more importantly, Is that we can connect to the tools that they’re already using. And so this really creates this feed to where they can leverage that data to drive that business, accelerate what they’re trying to do.

Um, which cuz that’s really what it’s all about at the end of the day, right? They’re, they have a problem to solve and we’re helping them solve that.

[00:29:04] W. Curtis Preston: So speaking about what it’s all about, let’s get to the, let’s get to the star of the show, I think here, uh, in terms of this podcast, um, you know, we, we, we’ve talked a lot. We’ve had, you know, we’ve had Dave on, um, you know, we’ve talked a lot about Veeam. We’ve talked a lot about just windows-based backup systems.

Veeam being, you know, Veeam, and I think Veeam and CommVault would be the two biggest examples, right? Um, and the, the risk, I think that, That their customers are under, because Windows being, as we all know, the number one attack vector for ransomware, right? And so the worry is that. Uh, you know, it, it’s been a while since I’ve installed Veeam for obvious reasons, but by the way, I, I, I haven’t thrown out our usual disclaimer.

This is an independent podcast. I work for Druva, Prasanna works for Zoom, and, uh, this is not a podcast of either company and the, um, the opinions that you hear are ours and, uh, also be sure to rate us by, uh, going to the, you know, your, your favorite podcast app. Give us some startups, give us some, give us some comments

[00:30:16] Prasanna Malaiyandi: Leave some comments.

[00:30:17] W. Curtis Preston: find this podcast.

Absolutely. Feel free to tweet as long as Twitter is still

[00:30:23] David Cerf: long as it’s still around.

[00:30:24] W. Curtis Preston: Um, and if you, if you’d like to, um, if you’d like to join the conversation, you can find me, uh, at WC preston on Twitter or w Curtis Preston at gmail. And, uh, we’d love to get you on the podcast. So, you know this concern, right?

Specifically like the default installation. Is on a Windows based backup server. Right? And then, um, and, and, and even the main, even if you use Linux as another, uh, storage device, you, the, the main server’s still on Windows, and they do have this, the Linux based, uh, storage device now as, as a, yeah, as a, as a, as an answer to this.

[00:31:07] David Cerf: Veeam, um, obviously with their, with their hard Linux server does create. A very robust option. I think the real differentiation, Curtis, is the customers. When you look at how many Veeam customers are, are using Lennox, when you look at their customer, you know, demographics, it’s broken out as the majority, uh, the big majority or Windows users and a large part of those customers aren’t going to put a Linux server in.

Cause you know, the guy that’s running this, he’s a Windows guy and I’m not, you know, it’s a religion thing almost at some point. And the larger corporations, it’s outta simplicity. As Herbert mentioned, he’s, we’ve got several, uh, global international companies and they have maybe hundred plus sites and they’re not going to run this with this complex.

Uh, um, deployment and where the blocky for Veeam comes in is, it’s, as Herbert mentioned, you’re talking about from, from the moment you learn about it to installing it is less than an hour. So the simplicity makes it really easy for the Windows guys that don’t have to do anything different, and now they have a level of security to, for protecting that, that Windows backup volume and repository, right?

So I think that that’s really where the line of demarcation comes down to is if you’re, if you’re a data center and you’re running a Linux environment and you’re comfortable with that, you, you might go with the native, uh, Veeam hardened Linux, um, solution for those customers that don’t. That’s where we shine and we provide that easy, quick install that gives that level of protection against Fran. ransomware.

[00:32:42] W. Curtis Preston: And we’ve talked about that, that was one of my concerns as well. The, the one that you brought in, if you’re, if you’re an all window shop. I, I, I’m not sure even if the, if the Linux option is more secure than having another Windows box, I, I’m not sure if it is more secure because it’s your only Linux box , right?

Right. If you, if it’s the only Linux box in your data center, I don’t think that’s a good idea. If it was your only Windows box in the data center, I don’t think that’s a good idea. Right? Uh, just having a, a separate OS that you have to maintain just for a single purpose, you know, uh, I’ve never been a fan of that, but why, why don’t you, um, give a little bit more about how, so, you know, it, it sounds like the product is incredibly simple to, uh, to explain, David, uh, do you want to give, um, you know, an overview? It, it sounds like pretty easy to explain and Herbert’s already given us an overview. You want to drill down a little

[00:33:37] David Cerf: Sure, sure. So, um, you know, maybe pick up where you, you, your comment about people adding something to their environment. I, I mean, I think that that’s, that’s the real challenge. Is it the, it, uh, and, and now if you add the security layer, whether it’s the ciso, cso, whatever they’re doing, as long as we’re not talking about the hardened, uh, physical, these guys are overwhelmed.

I mean, ransomware is, is, it’s not a matter of, uh, if it will happen, it’s a matter of when it will happen. I think we’ve reached that point and, and every, everybody else is, you know, confirmed that it’s, um, it’s going to be. A risk that they have to deal with. And so when they’re looking for a solution, what we’re finding is that the, the antivirus and all these other type of tools that are out there are really not able to provide, uh, a way to protect that last, your last resort, which is your backup.

So when the virus gets in, uh, it’s sitting there and the first thing they’re gonna go after are those backup files, right? So they’re gonna go disable that, attack that, and at some point later, right, because it’s, it could be a, a Trojan horse where it’s sitting there waiting and then it comes on, um, you know, you’ve got this, this problem is that they’re, you’re, you’re at the mercy of whoever the attacker was and what their demand is.

And this is where the blocky really comes in. Um, as Herber mentioned, what we’re creating is a way to have cyber resiliency through zero. So when you enable, um, blocky, which is a simple download, so you literally, you download it and installs in, in less than 20 minutes, the first thing it’s going to do is it’s gonna say, what is the trust?

We’re gonna go right to creating the white list. And that white list is the trusted applications or process I should say, cuz it’s Veeam. In this, um, in this case, and I’ll, I’ll leave a caveat here, is that the way, the way GR built, uh, blocky as a technology, it can be applied to other applications. We’ve really focused on the use case around, uh, Veeam.

So in general, you could say I have other applications and allow other application access, but the way we’ve tuned this to the Veeam market, Veeam specific. And so the only processes that you’re really trying to identify is what’s going to happen from the, the Veeam process to access that repository. So the first thing you do is either you manually set that or we have an auto.

You can literally turn on the auto discover and we’ll, we’ll discover those processes. You, it’s within, you said a period, let’s say 24 hours. You’ve run your backup, we know the process, you turn that off. And then at that moment we’re at zero trust. And so nothing else is gonna go back in, um, from a ransomware perspective and alter modifier, delete, because we’ve now applied that worm.

Um, and, and for those, just to clarify, write once, read many, right? And, um, and that nothing’s gonna alter, it’s immutable at this point, and you’re now secure. So even if you had ransomware. It was already in the system at this point, they can’t alter or, or modify those files.

So reading the file out is simple and, uh, verifying with through the fingerprint where we actually capture all the related elements to that process, including the DLLs, and that is combined to create that unique identifying fingerprints. So every time there’s a request to modify or write, Hey, we’re checking, we’re checking that.

And if it’s not an approved, um, trusted application, we’ll alert to it. And so now you get two, two benefits here. One is you’ve got the security through, um, the protection of, of, uh, blocking. But second, now you’ve got some alerting. This is something that kind of caught me by surprise. When, when Herbert said, Hey, let’s check this out.

Was, uh, the first customer that I talked to is they’re like, wow, I’ve got a. I could see my applications that are trying to hit that, that repository, and they can now get some reporting and visibility and transparency in what’s going on in their system. And, uh, and they can take actions from that as well.

[00:37:37] W. Curtis Preston: Anything else? Anything outside of the already approved application would trigger an alert, I’m

[00:37:43] David Cerf: Correct. Tha thanks for clarity on that. That absolutely correct. So they can now see, hey, look, I, you know, we’ve had these declined items and so the admin now has some security. The second thing we did is we decoupled it so it’s not tied to the veeam’s, uh, passwords. And those admin passwords has a separate independent, so it, it has that, uh, ability to, uh, operate, uh, without a risk of uh, uh, you know, global password type settings.

And, um, and then of course, the


[00:38:11] Prasanna Malaiyandi: I like that part,

[00:38:13] David Cerf: Yeah. Yeah.

[00:38:14] Prasanna Malaiyandi: Yeah, I know, I know. We always talk about Curtis about, yeah, don’t put your backup servers on the same ad right as everything else. So I’m glad that

[00:38:22] W. Curtis Preston: Separation of powers,

[00:38:23] David Cerf: No, no. Post-it notes.

[00:38:24] Prasanna Malaiyandi: and separating it. Yeah. Well I’m glad you guys are going a step further and not even having like the normal being passwords as this authentication mechanism, cuz you really do want that more secure than everything else.

[00:38:35] David Cerf: Absolutely. All right. This is, this is your last resort. Right? And we’re, and that’s really the key is that we, why do we back up? We pack up because only when we absolutely need that data and if they take that down. So the blocky provides that additional layer of security and protection. Um, and it works, of course, uh, you know, we, we have the ability to single site, multi-site and, and, um, so it provides a, this really simple way for whoever is managing either the, the IT stack or the, you know, the security stack to add a layer into.

A product that is fantastic, right? I mean, Veeam Veeam is uh, you know, proven globally and customers love it, but now they can have that additional protection.

[00:39:17] Herbert Grau: Maybe one more comment from my side. People ask me, what’s the performance impact if I have blocking installed?

[00:39:25] W. Curtis Preston: That’s an important

[00:39:27] Herbert Grau: Yep. The answer is, while writing and readings, we don’t do nothing. It’s not like a virus can always, always holds the process and then does not recognize the bad guy. So we do nothing while writing and reading.

When it’s deleting or modifying, we hold the process and check it because that’s the purpose of blocky. And then we have, um, uh, maybe a two to 3% overhead while deleting and modifying. And that’s a cool combination.

[00:40:01] Prasanna Malaiyandi: Well, and especially because reading, or, sorry, deleting and modifying isn’t your predominant uh, uh, operation right.

[00:40:09] Herbert Grau: Of course not. And if this happens, you want somebody to check

[00:40:13] Prasanna Malaiyandi: Yeah.

[00:40:14] W. Curtis Preston: Yes. Agreed. Now, one, one question that I have, uh, this will be my, my toughest question. Is there a way to defeat this product? So if I have admin on the box, What am I able to do? I know you, if the product is installed,

[00:40:33] Herbert Grau: you, if you want an honest


I can give you the honest answer. An admin can destroy the whole Windows machine

[00:40:43] W. Curtis Preston: Right?

[00:40:44] Herbert Grau: and that’s not possible to avoid. Neither from Veeam, not from Crau, not from Microsoft today.

[00:40:53] W. Curtis Preston: Right. That’s a pretty honest answer. Um, does that mean also that they could uninstall the product

[00:41:00] Herbert Grau: No, that’s protected. The uninstall is protected.

[00:41:04] W. Curtis Preston: Okay. How, how,

[00:41:07] Herbert Grau: years ago, and that’s protected

[00:41:11] W. Curtis Preston: How, um, I don’t want to get into secret sauce, but how, in what way? Like how, how do you protect that

[00:41:18] David Cerf: You need, you need a password to go back. And so I mean the, I think the real security here is if you have, if you have the admin and they blow the box away, they blow the box away. I mean, so we’re de that’s a physical security issue potentially. Right.

[00:41:30] W. Curtis Preston: I think what I’m, what I’m concerned about is not somebody who’s, you know, so we’ve got a malware in there, we’ve got a, a bad actor in there, and they’re trying to surreptitiously access data that they’re not supposed to access. Right. So they would want to disable, um, this, this tool, and it sounds like that without the username and password from that tool, they wouldn’t be able to do

[00:41:56] David Cerf: Right. I, I mean, so.

[00:41:57] W. Curtis Preston: because blowing up the box, they would, they would obviously show their hand. Right. So they’re not likely to do that. What they’re likely to do is to try to disable anything that’s trying to block their access.

[00:42:09] Herbert Grau: Maybe, maybe one interesting point is that we have sold blocky also to one very large customer in Stuttgart. Which has 100, uh, IBM backup server from tsm. Now spectrum scale. And that’s a huge environment. And this is a corporate license we sold here. We’re very, very proud about this. Uh, you may understand that we cannot name , give names out because in, in this ransomware world, nobody wants to read his name anywhere.

Uh, but the point is that in the deep in in, in the TSM world, I still call it tsm. Um, and Curtis, you know, maybe you two

[00:42:52] W. Curtis Preston: Yeah, me too.

[00:42:53] Herbert Grau: the old guy, as we call, we still call it tsm.

[00:42:55] W. Curtis Preston: I still call, I still call a dsm, by the way.

[00:42:59] Herbert Grau: who who knows that, you know. But, uh, in the TSM world, there’s also always a DB two coming with a product.

[00:43:08] W. Curtis Preston: Mm-hmm.

[00:43:09] Herbert Grau: cool from my side is that we can also protect the DB two data.

[00:43:16] W. Curtis Preston: Hmm,

[00:43:17] Herbert Grau: Which opens potentially a market to applications that will also protect the database

[00:43:25] Prasanna Malaiyandi: Yeah.

[00:43:26] Herbert Grau: data.

[00:43:27] W. Curtis Preston: exactly.

[00:43:28] Herbert Grau: That’s our next step. Potentially

[00:43:30] David Cerf: and by the way, that customer also had Veeam, oh, I’m sorry.

[00:43:35] Herbert Grau: Hmm. Sorry.

[00:43:38] David Cerf: I, I was just gonna say that, that same customer, not just that they have tsm, but they also have Veeam. So they’re, they’re happy,

[00:43:46] Herbert Grau: customers which have, which you have tsm, have


[00:43:49] Prasanna Malaiyandi: Other things. Yep.

[00:43:51] David Cerf: So they’re, so they’re now, now that they’re secure on their

tsm, it, add, add, add, the additional protections to their Veeam is where they’re heading next, um, as well.

[00:44:00] W. Curtis Preston: Well, I, I wanna, I want to thank you for, uh, you know, this has been a good, really good discussion. I, I’ve learned more about the, you know, obviously about all of the products that you do. We’ve focused in on the end here on, on Blockie for Veeam. Uh, and I, I think you’ve got a tremendous potential market.

Veeam has a lot of customers, and every one of ’em has a window server that needs protecting. So, uh, I, I wish you, uh, the best of luck and, um, thanks so much for, for, for standing, for allowing us to stand between you and a beer, Herbert

[00:44:32] Herbert Grau: Yeah, actually it’s a bottle of wine today.

[00:44:37] Prasanna Malaiyandi: Even


[00:44:38] W. Curtis Preston: All right.

Something from the Rhine region perhaps.

[00:44:42] Herbert Grau: Uh, could be Ryan, could be Mosel. You know, we have some valleys


[00:44:48] W. Curtis Preston: Well, well, thank, thanks a lot everybody for, for being on the podcast

[00:44:54] David Cerf: Thank you for having us for, appreciate the discussion.

[00:44:56] Herbert Grau: Thanks, Curtis. Thanks.

[00:45:00] Prasanna Malaiyandi: you all. Yeah,


[00:45:03] W. Curtis Preston: absolutely. And again, as always, we’ll remember to, uh, thank our listeners and uh, be sure to subscribe so that you can restore it all.

Join the discussion

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: