Gardner is working in partnership with Catalogic Software to provide a suite of solutions to help our NetApp customers deliver better security and data management for their data.
First up is CryptoSpike
Protects the NetApp files system (CIFS & NFS data) from ransomware attacks, and provides clear visibility of user access.
Ransomware is a hot topic and hits all manner of business’s both public and private causing financial and reputational damage. File systems on NetApp are a target and are vulnerable to such attacks. CryptoSpike provides blocking and detection of Ransomware across the NetApp file systems, ensuring that an attack is identified and quickly remedied. As part of its AI capabilities, CryptoSpike also enables you to track all user activity on your file system (reads, writes, deletes etc), providing full visibility of your users activity.
CryptoSpike uses a multi-pronged approach to detect, stop the spread and recover from ransomware.
It begins with a Black List that includes thousands of ransomware file endings or names. Updates are made every day and downloaded to the CryptoSpike server.
The White List is a set of allowed file extensions, such as .doc or .pdf. If a new, unknown file ending is detected, it is blocked. The initial white list is generated via a scan of your current files.
The most important component is the Learner module. The Learner tracks user behaviour and determines allowable file transactions (e.g. read, write, open, etc.). If any anomalous behaviour is detected, the user is blocked. For example, if user A suddenly writes to dozens of files in a few seconds, this behaviour is recognized as outside of normal patterns, and the user’s write access is blocked.
Different strategies can be applied at different levels in the file hierarchy. One policy can be applied across the NetApp cluster, or different policies can be applied at the level of Storage Virtual Machine or even file share. For instance, you may white list different file types for a developer share than for a marketing share. This multi-technology approach helps you tighten your NetApp security, decreasing vulnerability.
CryptoSpike works together with the NetApp FPolicy server, which is required. The FPolicy server will enforce the blocking decisions made by CryptoSpike. For example, if ransomware is detected by the Learner module, the relevant user will be changed to having read-only access, which stops them from further spreading the ransomware. CryptoSpike lets you know which files have been affected, allowing you to do targeted recoveries, rather than having to roll-back an entire folder or more. IT security can then be alerted about the infected user and suitable steps taken to disinfect their system. Meanwhile, CryptoSpike provides a list of infected files, allowing you to perform targeted recovery from NetApp snapshots.
Another key aspect of overall data security is data access transparency: understanding which users accessed what data, when and how often. Because CryptoSpike is monitoring all user file access, it is ideally suited to track and deliver this information.
With CryptoSpike, you can easily examine user behaviour down to the level of files and folders. Reports will show you user activity in terms of file opens, closes, deletes, writes and so on. This will provide you with definitive information that a volume, folder, file, etc. was accessed by a given user.
To download a data sheet - https://preview.tinyurl.com/quexswc
Video at - https://preview.tinyurl.com/wq3jjlm
call for a chat or to arrange a webinar or visit