The News: NetApp announced updates to its Autonomous Ransomware Protection (ARP), general availability of BlueXP Disaster Recovery, availability of its Ransomware Recovery Guarantee for Keystone, and the addition of application-aware ransomware protection for SnapCenter. Additional detail is available in NetApp’s press release.
NetApp Bolsters Cybersecurity Posture with Enhanced Solutions
Analyst Take: NetApp continues putting the pieces in place to enable customers to prevent cyberattacks from occurring, to detect attacks that will inevitably permeate the environment, and to recover in a swift manner. From a portfolio perspective, the company’s approach to cyber-resiliency is grounded in its roots in production storage. In a key example, NetApp‘s ARP feature is built-in to its ONTAP operating system as an embedded function. ARP helps customers to proactively detect and respond to ransomware attacks occurring in their NetApp (NAS) environments by using machine learning to analyze typical data access patterns on storage volumes, detect anomalies such as sudden surges in file deletions or encryptions that could indicate a cyberattack, and then take action such as creating new snapshots or alerting administrators.
NetApp notes that adoption of ARP is growing rapidly among its customer base. In response, NetApp is adding additional vectors and logic for attack detection. Examples include header and content manipulation, metadata manipulation, and partial file encryption – all of which are important as attackers adopt more sophisticated attacks beyond full file encryption. According to NetAapp, ARP has more than 99% precision (that is, accurate detection of an attack as opposed to false positives) and recall (that is, the number of attacks that are detected). This helps to avoid alert fatigue for IT operations and security teams, and to make sure that attacks in-progress do not slip by. Additionally, customers will no longer need to wait for an ONTAP update or a system reboot in order for their model to be updated per the most recently uncovered threat vectors.
Complementing the ARP capability from a recovery standpoint is NetApp’s workload-centric BlueXP ransomware protection service, which is now available via public preview. BlueXP is NetApp’s unified data management platform for hybrid cloud environments. On a policy-driven basis, the new ransomware protection service evaluates data stores to uncover workloads that are at risk, and their level of risk. From there, it recommends and can apply protection policies. It also ties in machine learning attack detection and automated response (including validating the integrity of snapshots to be recovered from and executing recovery operations). The idea is to be able to analyze the environment and threats and execute the appropriate response. I note the value in this capability, as this is a difficult job that is nearly impossible for IT operations to get right due to the complexities of workload dependencies and multi-hybrid cloud environments.
Another new capability is BlueXP Disaster Recovery, which is built to support failover of on-premises VMware vSphere workloads to a cloud environment or to another on premises environment. The on-premises to cloud failover is currently available. It is also notable that NetApp is offering BlueXP for deployment in private data centers, for those customers requiring a dark site.
Continuing with this theme, NetApp is adding a number of capabilities into Version 5.0 of SnapCenter, its platform for centralized control and oversight of snapshot creation, recovery, and cloning operations across disparate applications, databases, and file systems. The new capabilities center on application-aware protection from cyberattacks. The addition of support for NetApp SnapLock is notable in adding write once read many (WORM) snapshot copy locking – a table stakes capability for cyber-resiliency to avoid tampering by attackers. NetApp has also added support for SnapMirror data replication for business continuity for applications and virtual machines (VMs). This is especially important, for example, for critical databases that are being updated as frequently as multiple times per second, and that require the tightest RPOs and RTOs to minimize business downtime and data loss. The ability to apply tag-based protection to streamline backup management is especially valuable in complex environments that encompass a web of VMs and dependencies.
Also part of the announcement is support for customer-managed encryption keys and availability zone placement for Microsoft Azure NetApp Files. The former is an important requirement especially in industries that are highly regulated and that deal with sensitive data for control and auditability purposes. The latter provides a more granular approach to managing storage volumes, which in turn can help to reduce costs, complexities and latency when looking to achieve redundancy for storage availability.
Finally, NetApp is also making available its Ransomware Recovery Guarantee for Keystone storage-as-a-service customers, given that, according to NetApp, Keystone is gaining traction.
In summary, the announcements reflect another step forward for NetApp in its objective of providing storage cyber and disaster recovery as well as compliance across hybrid multi-cloud environments. Having ARP built-in to the production storage offerings via the core ONTAP software is an increasingly important value-add, and innovation in complementary areas like SnapCenter are helping to round out the ability to detect, respond, and recover to optimize RPO and RTO following a cyberattack. BlueXP’s important role in this picture is reflected in helping customers to streamline the highly complex task of orchestrating recovery of large and critical applications and infrastructures, as well.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
NetApp Gets Insightful on Generative AI, Cyber Recovery
At the Intersection of Data Protection and Security with NetApp – Infrastructure Matters Insider
NetApp Analyst Summit: Building a Moat Around Data Services
Author Information
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
