@scottalanmiller said in Incorporating Ransomware Protection into Backup Plan:
A solid D2D2T stock "by the book" solution
This is exactly the method I've used to provide a solid backup solution for a similar situation. A total of ~45 TB of data with multiple SQL database and VMs. The DBs were backed up via built-in methods, but were also backed up "as a whole" as part of the VM backup (but that's besides the point).
This gave quick and efficient local on-prem backup and restores, and also allowed for off-site rotation.
Daily incrementals were done on-prem, whcih was quick using veeam with it's block change tracking.
I did NOT use their synthetic fulls because those took ridiculously long and and on top of that it just seemed like a very volatile process at those sizes, because the daily incrementals could be TB+ sizes. So daily incerementals to on-prem backup repo, weekly fulls to on-prem backup repo, monthly backup repo to tape to off-site. There were 3 or 4 tape sets, so that allowed nearly 6 months of retention of daily backups. Some of the DBs were backed up via built-in methods so because of that we also had hourly DB backups for some DBs for ~6 months (rougly speaking).
And yes, do pay the fee to bring in a tape from off-site to test restore a production system and some data in a test environment. I did this a couple times with success, but you never know.