Bacula Leads The Data Backup Industry in Security Standards

• Not enough node kinds (no roles)
• One node compromised could potentially compromise everything
• Bi-directional connections
• Client knows too much (storage port, host, kind…)
• Excessive daemons (proxy, collector, monitor)
• No Multi-Factor Authentication (MFA)
• Poor Immutability in NAS

Bacula is unparalleled in the backup and recovery industry in providing for extremely high security levels. Of course, all backup vendors claim the same; however Bacula has demonstrable differences to its architecture and architectural flexibility that set it far apart from other vendors. This is the reason that the largest military organizations int he West choose Bacula over other solutions. Bacula’s ability spans specific elements regarding its architecture, features, usage approaches and customizability. Yet another important factor is that, unlike many other backup vendor solutions, Bacula’s critical components run on Linux.

Organizations rely on the trustworthiness of your backup vendor. With closed source software and services, all the trust is focused on a single entity, and most vendors do not provide any insight into the building blocks used that are not under their own full control. Back doors often exist to secretly harvest information from backup solution users without their knowledge or consent. With complex software programs, any user has to trust a great number of people involved in providing the software. Software users typically do not want to – or cannot – follow the long and convoluted chains of trust down to their origins. Bacula, among a world of software providing companies, can demonstrate that it is exceptionally trustworthy. This is because open source software, as is used by Bacula, allows users a better insight, has traceable trust chains, and encourages a culture of greater openness and explicit trust relationships.

Bacula is an especially powerful tool to identify any hostile modifications and report them, because modifications by intrusions will require changing some files, and traces of those changes will be left. This is when Bacula, when doing a backup, is able to notice such an incursion. Compared to other tools to detect file system changes, Bacula can do extensive checks that can also be adapted to the target platform for greater insight.

Besides Bacula being a very powerful intrusion detection system, reporting or alerting can also be done independently of the backups and restores. As Bacula stores the original file system information off of the protected system, it is much harder for an attacker to modify the known-good records used to compare against. One advantage that Bacula has over many other intrusion detection systems is that it not only gathers data from a single system or a single family of systems, but rather from a wide range of systems throughout the organization.

With Bacula’s architecture, an attacker will have significant problems in trying to prevent Bacula software from doing its job because the important part of the work does not happen on the protected host, and any attack that changes the way it works will be noticed. Furthermore, Bacula allows system wide analysis and trending that can detect events carefully cloaked and / or slowly extending system compromises.

Bacula security capabilities go much further than other vendors. Contact us now to find out more about Bacula storage protection – such as WORM Tapes, Filesystem write protection, Cloud immutability, etc., permissions and access control, antivirus, Forensics, advanced encryption configuration, MFA, file integrity verification, extensive monitoring resources, disaster recovery, and much more.