In response to growing customer concern around the impact of ransomware, cloud storage giant NetApp has announced AI detection capabilities for its autonomous ransomware protection within ONTAP data architecture.
Unveiled at the firm's NetApp Insight conference in Las Vegas, the autonomous ransomware protection with AI (ARP/AI) system monitors workload activity, and if it detects anomalous behavior that could be malicious, automatically snapshots data at the point of attack.
Harv Bhela, EVP and chief product officer at NetApp, explained that testimony from customers across various industries revealed ransomware drove the company’s decision to improve their defensive capabilities using AI.
“When you talk to our customers and they tell you that ransomware has now become a board level priority for every customer, this is the thing they worry about the most.,” Bhela said. “So we have spent an enormous amount of effort and time in the last two years building anti-ransomware protection right inside of our storage.”
Bhela added that in many cases, the reputational damage incurred by a ransomware attack is often more concerning to board members than the business downtime it incurs, and as ransomware threats continue to grow these concerns are rising.
In a report detailing how organizations should prepare to protect themselves against ransomware attacks, Paul Furtardo, VP Analyst at Gartner, told businesses to be “ready for ransomware attacks”, stressing it's not a question of whether they hit your organization but when.
This growing sense of inevitability around ransomware threats is why Gagan Gulanti, VP and GM of data services, stressed it was so important to continue to improve solutions that can bolster organizational cyber resilience, and their ability to quickly recover from potential breaches.
“Having the best storage on the planet doesn’t matter if the data on that storage is threatened, and you all know that cyber threats, especially ransomware attacks are on our minds,” he said.
“The reality is that ransomware affects two thirds of organizations, it takes an average of 200 days to identify the attack, and costs up to $4 million to remediate, potentially taking months to recover.”
ML-based models offer new level of ransomware protection
ARP/AI is the next generation of NetApps pre-existing ransomware protection features within its flagship ONTAP platform.
NetApp introduced real-time ransomware detection features for ONTAP in 2021, which used workload monitoring analytics including entropy, file extensions, and file IOPS to detect data exfiltration attempts.
Presenting the new tool on stage at the company’s annual Insight conference, Gulanti said NetApp’s initial version of ARP has been deployed across tens of thousands of controllers amongst thousands of its customers.
Now augmented with AI and ML, the solution has improved detection capabilities, and Gulanti said the system achieved a AAA rating when tested by DSC Labs, who found NetApp’s ARP system was able to detect 99% of the attacks in real time with zero false positives.
Speaking to ITPro, Gulanti revealed that NetApp has been working on the ARP/AI model for over two years, consistently honing the model’s precision and recall during this period.
These two terms refer to the model’s ability to detect genuine threats and not generate false alerts that waste security teams’ time, while also ensuring it doesn’t let any real attacks slip through the cracks.
NetApp’s security researchers use daily feeds detailing the latest ransomware attacks targeting organizations around the world and add this information to the model’s training data.
The model is then retrained with using this new dataset featuring the latest ransomware variants, which is then pushed to ONTAP boxes being used by businesses without the customer having to manually update their system.
ARP/AI is available inside NetApp’s ONTAP license at no extra cost, and BlueXP, the control plane for ONTAP, integrates with Splunk’s SIEM to keep security teams in the loop and accelerate threat response.
