NetApp embeds data breach detection into enterprise data storage

New capabilities reinforce NetApp as the most secure storage on the planet

With businesses continuing to have concerns in their data security, NetApp has unveiled new industry-leading cyber resilience capabilities into enterprise data storage. The newly enhanced and renamed NetApp Ransomware Resilience service enables customers to make their data infrastructure a leading part of their comprehensive security strategy with integrated AI-powered ransomware detection and capabilities to detect data breaches, which is a first in the industry and also isolate recovery environments to enable safe and clean recovery of mission-critical data.

According to Gagan Gulati, Senior Vice President and General Manager, Data Services at NetApp, to effectively protect data from a cyberattack, organizations need to know it happened as early as possible to take action.

“With new AI-powered capabilities to detect early indicators of data exfiltration attempts on top of our existing leading capabilities to detect ransomware attacks on both structured and unstructured data, we’re making enterprise data even safer. Storage is the last line of defense to protect our customers’ most valuable assets—data—and we are constantly innovating on top of the most secure storage on the planet,” said Gulati.

Gulati pointed out that cyberattacks have become bigger and more sophisticated; cybercriminals are focused on double extortion attacks, whereby they’re making a copy of data and asking for extra money to return the data to you. But organizations can never be sure of how many copies of data were actually made and such.

This is where NetApp has released key cyber-resilience updates to enhance data protection. First, there is NetApp Ransomware Resilience which makes protecting and recovering ONTAP workloads from ransomware attacks easier, faster, and more effective without requiring deep security expertise or training, all on a single pane of glass.

Second is Data Breach Detection in NetApp Ransomware Resilience. The AI-driven capability identifies anomalous user and file system behaviors that are early indicators of potential data exfiltration and thus a breach of attempt. Upon identification, Ransomware Resilience automatically alerts the customer via their security information and event management (SIEM) solution, arming them with forensics to enable decisive and swift action. By proactively identifying breaches, NetApp customers can block further unauthorized transfer of sensitive data, stopping cyber threats before they can cause extensive unauthorized data exposure.

Finally, there is Isolated Recovery Environments; an isolated recovery environment utilizes deep and proprietary AI-powered scanning to precisely identify maliciously impacted data and the point at which it was modified. Ransomware Resilience then guides the customer through the workload restoration process for a fast and easy malware-free recovery of the most recent safe data, preventing reinfection.

“So the idea is that when you're ready to recover using our ransomware resilience service, we will basically create an environment where we're going to upload the snapshot or your backup copy. And then we will, with high precision, go and look at this snapshot and backup. And we will make sure it is clean from malware, that there's no viruses left in it. And we will, with high precision, come and tell you how much data we can recover, and we'll give you choices for that. And then we'll help you recover that in a very safe environment. And this basically is to give our customers the ability and the confidence that they're recovering from this attack, and that after that, they're not going to get reattacked, at least on the same data, essentially, for the same workload,” explained Gulati.

These enhancements extend NetApp’s existing leadership in cyber resilience, complementing existing capabilities such as AI-powered detection built directly into ONTAP. The award-winning NetApp ONTAP Autonomous Ransomware Protection with Artificial Intelligence (ARP/AI)—which now fully supports data stored in both file and block protocols—has demonstrated 99 percent detection of tested, advanced full-file encryption ransomware attacks with zero false positives in external testing and validation, indicating a strong ability to operate in a business context without contributing to alert fatigue.