NetApp is expanding its ransomware protection with AI-driven data breach detection and recovery in isolated environments.
NetApp is adding new data protection features to its ONTAP storage platform. Its ransomware protection gets an upgrade and a new name, and NetApp is also introducing new functionality to prevent data breaches.
Breach Detection
That’s the most significant update. The so-called Data Breach Detection is an AI-driven feature that analyzes user and file system behavior for signs of data theft. When a potential breach is detected, the system automatically alerts via the customer’s existing SIEM solution. The alert includes forensic data to enable rapid action and prevent further exfiltration.
According to NetApp, this is the first time such data breach detection is built directly into enterprise storage. The feature is designed to detect ransomware or data exfiltration attempts faster, thereby limiting damage. Detection is highly relevant, as data theft is increasingly part of attacks. Sometimes data isn’t encrypted at all, and criminals simply demand ransom to keep the stolen data from being made public.
Isolated Environment
Data Breach Detection is part of NetApp Ransomware Resilience. That’s the new name for the NetApp Ransomware Protection engine, which still has the same task: protecting ONTAP workloads from ransomware.
NetApp further extends Ransomware Resilience with a mechanism to safely restore workloads in an isolated environment. That environment uses AI scans to identify infected data and determine when it was tampered with. The system then guides users through the recovery process so they can restore recently stored, uncompromised data without risking reinfection.
NetApp positions these features as a complement to existing detection capabilities in ONTAP, such as Autonomous Ransomware Protection. That solution has been externally tested and is said to detect 99 percent of advanced ransomware attacks without false positives.