It seems no matter how many network or endpoint security solutions you implement there is still a significant risk that your organisation will get infected by ransomware.
NetApp provides the leading platform for storing and protecting file data at any scale, from tens of TBs to tens of PBs, it’s simple to use and is designed to address modern security threats. You can easily create zero performance overhead snapshots, up to 1,023, that can be restored in seconds no matter the size of the file system – it’s therefore going to get you up and running much quicker than a traditional Windows Server should you experience a ransomware attack.
But what if you want to be able to detect and stop the attack in its tracks? This is where ProLion CryptoSpike comes in, as it can automatically detect a ransomware attack, lock-out the user and recover the infected files just prior to the infection to minimise the impact.
How does it work?
- Every transaction in the NetApp storage is monitored in real time using three techniques to detect attacks:
- White list includes all the file endings that are permitted in your organisation (automatically generated during installation)
- Black list currently holds 1,000s of known ransomware file endings or file names which are updated every day
- Learner analyses patterns of user behaviour (e.g. for read/write/open/close file operations)
- Fast attack detection prevents continued encryption and further data loss
- If an attack occurs the files that have been encrypted are identified
- These files can be rapidly restored from an ONTAP snapshot
- There is no need to restore an entire file system back to a point-in-time
The net result is that CryptoSpike minimises data loss and down-time should your organisation experience a ransomware attack.
As an added bonus CryptoSpike also provides an advanced file auditing solution so you can easily find out who created, changed, copied and deleted specific files.