Global Storage

Hi everyone, I've just watched a couple of webinars but I still have some doubts about the main features of the product. Firsly I don't understand where the ransom detection happens... does Defender analyse the vmdk (at storage level) or the vm writes (hypervisor level), and hoe can detect ransom? Does it use an encryption detection algorithm? Thank you everyone! 

Hi everyone, I've just watched a couple of webinars but I still have some doubts about the main features of the product. Firsly I don't understand where the ransom detection happens... does Defender analyse the vmdk (at storage level) or the vm writes (hypervisor level), and hoe can detect ransom? Does it use an encryption detection algorithm? Thank you everyone! 

Hello,

IBM Storage Defender is designed to leverage sensors across primary and 
secondary workloads to detect threats and anomalies from backup metadata, 
array snapshots and other relevant threat indicators. Signals from all available 
sensors are aggregated by IBM Storage Defender, whether signals originate 
from hardware (FCM) or software (file system or backup based detection). 
This proactive capability helps you detect and address an array of threats before 
they can impact your data. It now also includes an AI powered Trust Index that 
provides you with a score to indicate the relative trustworthiness of your copies 
by combining signals from existing solutions and new detection methodologies 
developed by IBM Research unique to Storage Defender.
Consider one way this could improve your operational resilience. IBM Storage 
Defender can detect anomalies in an SAP HANA database as data is written 
to primary or secondary storage, then leverage that knowledge when creating 
copies of the data to ensure that the data being copied is not compromised

Hi everyone, I've just watched a couple of webinars but I still have some doubts about the main features of the product. Firsly I don't understand where the ransom detection happens... does Defender analyse the vmdk (at storage level) or the vm writes (hypervisor level), and hoe can detect ransom? Does it use an encryption detection algorithm? Thank you everyone! 

Hi everyone, I've just watched a couple of webinars but I still have some doubts about the main features of the product. Firsly I don't understand where the ransom detection happens... does Defender analyse the vmdk (at storage level) or the vm writes (hypervisor level), and hoe can detect ransom? Does it use an encryption detection algorithm? Thank you everyone! 

Hi Luca! There are two components that are targetting ransomware in the Defender ecosystem. First is the FlashCore Module, which is specific to the hardware in place. It has a basic capability as it is processing data as it is written to the storage. This monitors for specific markers such as entropy and encryption in real time, mainly looking at the metadata of the files being written. Going deeper, within Defender, there is the Copy Data Manager software that can manage the snapshot process of your data, create SafeGuarded Copys, and then using it's built in "Security Scan", will mount up the snapshot and perform a complete scan of the content itself, not just the metadata, looking for signs of corruption due to ransomware. This method offers 99.99% accuracy almost completely eliminating fales positives and negatives. Once a scan is complete, the SafeGuarded Copy is stamped as clean and is usable to recover in the event of a ransomware attack. 

Hi everyone, I've just watched a couple of webinars but I still have some doubts about the main features of the product. Firsly I don't understand where the ransom detection happens... does Defender analyse the vmdk (at storage level) or the vm writes (hypervisor level), and hoe can detect ransom? Does it use an encryption detection algorithm? Thank you everyone!