NetApp : Prevent ransomware spread with ONTAP automatic ransomware protection

It's important for ransomware detection to occur as early as possible so that you can prevent its spread and avoid costly downtime. However, an effective ransomware detection strategy should include more than a single layer of protection. A good analogy is the safety features of a vehicle for protection in a crash. You wouldn't want to rely on a single feature, such as a seatbelt, to protect you in an accident. Air bags, antilock brakes, and even forward-collision warning are additional safety features that can result in a much better outcome. Ransomware protection should be viewed in the same way.

For example, NetApp FPolicy in combination with NetApp Cloud Insights, or similar capabilities from our partners, do an excellent job of detecting ransomware via user behavioral analytics (UBA). They look for potential ransomware attacks from the aspect of an individual user's behavior. Hijacking a single user account is just one avenue a hacker might take when launching a ransomware attack; malicious actors are constantly evolving their attack techniques.

NetApp Active IQ^® and Active IQ Unified Manager also provide additional layers of detection for ransomware. Active IQ checks ONTAP systems for adherence to NetApp configuration best practices like enabling FPolicy. Active IQ Unified Manager generates alerts for abnormal growth of NetApp Snapshot™ copies or storage efficiency loss, which can indicate potential ransomware attacks.

This is where the new anti-ransomware feature in the latest release of ONTAP comes into play. It leverages built-in on-box machine learning (ML) that looks at volume workload activity plus data entropy to automatically detect ransomware. It keeps an eye out for activity that is different from UBA, so it may detect attacks that UBA does not.