In response to growing customer concerns about the impact of ransomware, cloud storage giant NetApp has announced AI detection capabilities for its autonomous ransomware protection within the ONTAP data architecture.
Unveiled at the company’s NetApp Insight conference in Las Vegas, the AI-powered autonomous ransomware protection (ARP/AI) system monitors workload activity and, if it detects anomalous behavior that could be malicious, automatically takes data snapshots at the point of attack.
NetApp executive vice president and chief product officer Harv Bhela said customer testimony from a variety of industries revealed that ransomware drove the company’s decision to enhance its defensive capabilities using AI.
“When you talk to our customers and they tell you that ransomware has become a top priority for every single one of them, this is what they care about the most,” Bhela said. “So we’ve spent a tremendous amount of effort and time over the last two years building ransomware protection into our storage.”
Bhela added that in many cases, the reputational damage a ransomware attack creates is often more of a concern to board members than the business downtime it causes, and as ransomware threats continue to grow, these concerns are heightened.
In a report detailing how organizations should prepare to protect against ransomware attacks, Paul Furtardo, vice president analyst at Gartner, told businesses to be “prepared for ransomware attacks,” emphasizing that it’s not a question of if they affect your organization, but when.
This growing sense of inevitability around ransomware threats is why Gagan Gulanti, vice president and general manager of data services, stressed that it was critical to continue improving solutions that can bolster organizations’ cyber resilience and ability to quickly recover from potential breaches.
“Having the best storage on the planet doesn’t matter if the data stored on that storage is threatened, and you all know that cyber threats, especially ransomware attacks, are on our minds,” he said.
“The reality is that ransomware affects two-thirds of organizations, it takes an average of 200 days to identify the attack, and it costs up to $4 million to fix, with recovery taking months.”
ML-based models offer a new level of protection against ransomware
ARP/AI is the next generation of NetApp’s legacy ransomware protection capabilities within its flagship ONTAP platform.
NetApp introduced real-time ransomware detection capabilities for ONTAP in 2021, which used workload monitoring analytics including entropy, file extensions, and file IOPS to detect data exfiltration attempts.
Presenting the new tool onstage at the company's annual Insight conference, Gulanti said the initial version of NetApp ARP has been deployed to tens of thousands of controllers across thousands of its customers.
Now enhanced with AI and ML, the solution has improved detection capabilities, and Gulanti said the system achieved a AAA rating when tested by DSC Labs, who found that NetApp’s ARP system could detect 99% of attacks in real time with zero false positives.
Talking with IT Professional, Gulanti revealed that NetApp has been working on the ARP/AI model for more than two years, constantly refining the model’s precision and recall during this period.
These two terms refer to the model's ability to detect genuine threats and not generate false alerts that waste security teams' time, while ensuring that no real attacks escape.
NetApp security researchers use daily feeds detailing the latest ransomware attacks targeting organizations around the world and add this information to the model training data.
The model is then retrained on this new dataset that includes the latest ransomware variants, which is then pushed to the ONTAP boxes used by enterprises without the customer having to manually update their system.
ARP/AI is available within the NetApp ONTAP license at no additional cost, and BlueXP, the control plane for ONTAP, integrates with Splunk SIEM to keep security teams informed and accelerate threat response.