NetApp Logo

Quick Take: NetApp’s Real-Time Ransomware Detection For ONTAP

A version of this content previously appeared on Forbes.

NetApp announced new cyber-resiliency capabilities to help customers better protect against and recover from ransomware attacks. Integrating AI and ML into its enterprise primary storage solutions, NetApp offers real-time ransomware protection for primary and secondary data, regardless of whether it’s stored on-premises or in the cloud.

New Autonomous Ransomware Protection

NetApp’s innovative Autonomous Ransomware Protection, or ARP, sees NetApp implementing a cutting-edge fusion of AI and ML technologies directly into the data path of its storage systems to provide real-time detection of ransomware and other malware.

The new ransomware protection detects and mitigates ransomware threats in real-time by continuously monitoring file-level operations and interactions within the storage system. The system then utilizes advanced AI and ML algorithms, trained on a vast array of ransomware and attack signatures, to analyze the data it monitors.

Once the system identifies a potential threat, it can take pre-defined actions to mitigate the risk. Mitigation includes quarantining affected files, alerting administrators, or initiating other security protocols to prevent the ransomware from spreading or causing damage.

A key differentiator is that ARP’s AI/ML models are not static; they continuously learn from new data and attack patterns. This means the system becomes more adept at identifying and responding to new and evolving ransomware threats.

ARP is designed to integrate seamlessly with NetApp’s storage solutions, providing an effective and unobtrusive layer of protection. This integration ensures that the user experience remains unaffected while significantly enhancing the storage environment’s security posture.

The system is designed for ease of use, requiring minimal manual intervention. Administrators can configure policies and actions according to their organization’s security needs, but the system handles the day-to-day operations of detection and response autonomously.

Analysis

Storage systems are engineered to move data efficiently and consistently, all while performing a range of computationally expensive real-time operations like compression and encryption. Introducing sophisticated inspection of in-flight data without disrupting the system’s performance is a complex engineering challenge.

NetApp’s announcement was preempted by IBM just a week earlier, with NetApp’s competitor announcing real-time malware detection with goals similar to NetApp’s new solution. IBM solved the challenge of real-time malware detection by moving much of the compute into its custom flash drives, essentially offloading the problem from the system’s controllers. NetApp’s architecture doesn’t allow that flexibility, so it had to get clever.

NetApp’s ARP solution implements the detection using its existing controllers with minimal disruption to the system’s overall performance. NetApp has been shy in sharing the underlying technical details, so we don’t know exactly how it’s implemented. However, we know that layering in-line real-time malware detection into the data path while not adding additional compute capacity to the controllers is a notable engineering feat.

Embedding malware detection into the data path allows organizations to intercept threats before manifesting into full-blown attacks. This is an approach that makes sense. It’s also a complex problem to solve, which will doubtless vex NetApp’s competitors as customers increasingly ask for this level of data protection. Its Autonoous Ransomware Detection is a significant differentiator for NetApp.

NetApp’s new ransomware protection is more than just a product update; it’s a strategic pivot that acknowledges the shifting battleground of cybersecurity. The new capability extends NetApp’s reach into the forefront of a new wave of integrated, intelligent cyber defense technologies. This is a challenging role for any storage vendor, but it is one NetApp is comfortable taking on.

After all, NetApp has been pushing the boundaries of storage technology since its founding twenty-two years ago. Now, it’s doing it all over again.

Disclosure: The author is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.