An Accidental Use Case
When I first talked with Quorum about their onQ solution, it was firmly in the vein of a disaster recover product. As far as DR goes, onQ is a really interesting solution in its own right. It provides a ton of IOPS to let you quickly get back to production performance in the event of a DR scenario. But there was one application that really interested me back then.
You see, Quorum found that onQ wasn’t just valuable for overall DR, it was specifically very capable as a way to recover from a ransomware attack. Over the past two years, they found that customers were already using it for that purpose. Their high performance but isolated backup provided an easy ways for organizations to not lose data or much uptime in the event of a maliciously encrypted server. But Quorum admitted that this was a happy accident.
onQ RE
With the just announced onQ Ransomeware Edition, Quorum is now specifically designing a solution just for that use case. Instead of a ground up rebuild of their solution, Quorum is leveraging what was already working with their DR solution, and creating a skinny bundle to target just that problem. Essentially, this is a box designed to deliver the high availability of onQ exclusively, as opposed to the other general DR features, like second site recovery support.
The onQ RE box is what you need to protect up to fifteen servers. Organizations with more than that can simply add another RE box into the mix. The appliance itself comes with 22TB of storage, an 8-core Intel Xeon, and 64GB or RAM, with 10GbE internal networking. Thanks to an NVMe cache, Quorum is consistently seeing 25,000 IOPS on the machine, which they see as production performance ready. The idea is that once an infection is detected and taken offline, the onQ box can spin up the VMware clone and be ready in about 10-15 minutes, depending on the sophistication of the clone.
No Bait-and-Switch
Quorum wisely made this a fully targeted ransomware solution, instead of designing this strictly as a stripped down version of a full fledged solution to bait-and-switch people into buying their full DR package. To that effect, onQ RE is designed for organizations that either lack a large IT staff with security specialists or ones that have existing backup resources, but that aren’t effective for dealing with ransomeware.
To the first point, Quorum emphasized that onQ RE is designed for simplicity, from deployment to the actual recovery process. At the time of deployment, new users are walked through the exact steps needed to isolate infected servers and get their onQ box online, with instructions pulled directly from real world use cases that inspired the product. onQ RE also boots clones of all new snapshots, to further check for any issues. For organizations with a lot of edge sites, with perhaps not a high volume of data but the need for high availability, this is a crucial use case.
And I really like that Quorum isn’t playing hardball to force organizations to buy into their more full feature DR portfolio. They realize it’s a losing game to force organizations to abandon backup solutions they’ve already spend CapEx on just to gain ransomware protection. They see onQ RE being perfect for organizations that have backups that would take hours to fully recover, providing them a dramatically shorter mean time to recovery for the peculiar, if disturbingly more frequent, circumstances of ransomware. In fact, keeping onQ RE as a distinct product from the DR products has another advantage, they’re probably hoping to get it rolling into a security budget rather than strictly operations.
Other Considerations
There are only a few limits to their solution. Ultimately, if your organization doesn’t have the bandwidth for frequent snapshots, you may face some data loss after recovering from ransomware. That’s not a limitation of the solution, so much as it can only recover what it’s been provided, but definitely something to keep in mind.
The other item is that this isn’t strictly a ransomware prevention or decryption solution, although I believe Quorum may be trying to find some partners for the latter. I don’t think this is really that much of a limitation, just their focus for the product. If anything, they’re saving themselves a lot of headaches by trying to stay a step ahead of malicious actors.
Quorum’s onQ Ransomware Edition is the kind of iteration you like to see from a company. It takes a well designed product, looks at how customers are using it versus how they envisioned it would be used, and refined their offering to better match. Disaster recovery might not be the new hotness. But innovating on a solution to address the new big, bad IT bogeyman shows that even DR companies can be agile.