Cybercriminals are increasing in sophistication – gaining knowledge through experience, developing stealthy attacks targeting existing and new vulnerabilities, and increasingly leveraging the supply chain to maximize exploitation and infiltration. And with enhanced sophistication comes greater success: in 2020, 86% of organizations were compromised by successful cyberattacks, up 5.5% from 2019.
According to ESG research, 66% of all organizations use Active Directory (AD) to manage access to on-premises storage systems. The ransomware problem is even worse for these kinds of organizations. AD is the backbone of an organization’s IT infrastructure, acting as the single source of truth for identities and permissions for systems, services and people. When AD is compromised by malware, or by human error, machine failure or natural disasters, the organization’s entire IT environment comes to a grinding halt.
For the 66% of organizations that do use AD to manage access to on-premises systems, AD is a mission-critical application. That’s why Quest designed and introduced Recovery Manager for Active Directory Disaster Recovery Edition (RMAD DRE) to help organizations backup and rapidly recover their AD infrastructure after a ransomware attack or disaster that cripples AD services. Because AD is the single source of truth for identity and access within an organization, it needs to be one of the first services recovered following a cyber disaster.
Recently, Quest teamed up with ESG to further validate Quest RMAD DRE’s efficacy in the face of ransomware using a remote virtual test bed. The validation was designed to demonstrate how Quest RMAD DRE automates, accelerates, and simplifies the onerous, error-prone, and time-consuming task of manually backing up and recovering an AD forest.
Here’s how the validation process went and what key findings uncovered:
The ESG Validation Process
The ESG test bed for Recovery Manager for Active Directory DRE was implemented in a virtual environment, and all domain controllers (DC) were instantiated on virtual machines (VM). The forest included three domains: the root domain acme.lab with two child domains, aussie.acme.lab and poodle.acme.lab. Two DCs were instantiated for each domain. The root domain was essentially empty, containing approximately five users and 50 groups. Each child domain had approximately 10,000 users and 11,500 groups. In total, there were 20,302 users and 23,408 groups in the forest.
Following the Microsoft AD Forest Recovery Guide, ESG took the following steps for both manual backup and recovery, and Recovery Manager automated backup and recovery:
- Back up each DC in the forest
- Simulate a disaster by destroying all VMs in the forest
- Simulate a recovery by creating new VMs
- Recover three DCs, one for each domain, from backup to bare metal VMs
- For Quest RMAD DRE, recover three DCs, one for each domain, from backup to clean OS VMs
- For Quest RMAD DRE, perform a second phase of recovery, installing AD from media to new Windows Servers VMs
Among the key Recovery Manager for Active Directory DRE benefits ESG uncovered at the conclusion of the validation process were:
- Performance: Recovering AD with Quest RMAD DRE was at least 5x faster than the manual process. Large environments with hundreds of DCs may require days to manually recover AD versus just a few hours – far more than 5x recovery speed – when using Quest RMAD DRE
- Automation: Automating the process drastically reduced the amount of keyboard interaction and concomitant risk of human error
- Reduced Risk: By avoiding backing up non-critical files and directories, and scanning for malware during backup and recovery, Quest RMAD DRE reduces the possibility of reintroducing malware during recovery operations
- Flexibility: Recovering to a clean OS install and implementing a two-phase recovery process provides flexibility while simultaneously accelerating time to recovery
The Quest RMAD DRE Difference
Regardless of whether ransomware, hardware, human error or a natural disaster is the proximate cause of failure, recovering AD as quickly as possible is the prime directive for IT. Because when AD fails, the entire organization fails.
ESG validated that Recovery Manger for Active Directory DRE automated, accelerated and simplified the AD recovery process in an unparalleled capacity. Using Quest, configuring and recovering an AD forest to bare metal servers required just five minutes of keyboard time at the beginning of the process, and was overall completed in just 1.25 hours.
Overall, using Quest eliminated most of the 5.5 hours of manual interactive keyboard time scattered across the seven hours of recovery time. In total, using Quest RMAD DRE proved more than 5x faster than manually recovering AD – what’s more, organizations can further accelerate the process by using Quest’s ability to recover to a clean OS install. And this was just a small sample size. Understanding that introducing more DCs requires more time, more people and more coordination, it would be fair to extrapolate that the automation Quest RMAD DRE provides would help larger environments recover at even faster than 5x speed.
For more information on the ESG validation test bed, the Quest RMAD DRE automated AD recovery process, and Quest RMAD DRE in action, check out the full whitepaper.