00:00
Hi I'm Roger boss. I am the Solutions Marketing Manager for data protection and security solutions here at pure storage. And joining me today is David Huskins. Seuin the Director of our solutions organization and team Data protection solutions. So we're here to talk ransomware. So ransomware remains the scourge of business and organizations today.
00:31
In fact 80 what is our number? 87%, of organizations are really worried that their backups can be corrupted by ransomware attacks and not only, that but 86% of those. 86% of those customers during a ransomware attack have failed to recover all of their data.
00:57
That is a very big number. Those are not numbers we made up those came from E S G. Okay, so but pure can help you, you know with these issues because we can help you number one by securing your data. We can help you mitigate the damages that are caused from ransomware and we can help you rapidly recover your data in the event that you are attacked.
01:21
How do we do that, David. So Roger we have a feature called safe mode that's available across our flash array product and our flash blade product started life flash blade so much success customers wanted it so much on F. A. That's what we did. So let me try and keep it simple. There's a lot of things to read but let me try
01:41
and keep it simple. Safe mode really delivers two things. The first thing it does is it stops the pure storage administrator from deleting snapshots and I'll come back to why that's important. The other thing it does is it also prevents the pure storage administrator from manipulating the eradication timer. Now you're all sitting there thinking what's
02:06
the eradication timer? Well simply when you delete a snapshot on a pure device, it doesn't get deleted immediately, it goes into to the eradication into a eradication state for a set period of time, that's defined by the time. If you change that state that to zero, it will instantly be removed. So you can see that having, you know, having some safeguards around the snapshots and around
02:32
the eradication time are really important. And if a lot of ransomware attacks occur literally because of pure credential hygiene, you know, you have a terrible password, you keep the default password for administrator, the attacker comes in, they can delete snapshots, they can make it. So you can't keep any snapshots after you've deleted them gets to be a complete mess.
02:55
So by turning safe mode on, what we do is we introduce a level of security that says if you're the administrator and you want to delete the snapshot or change the eradication timer, you've got to go through a security process and identity challenge and some other things. So that's that's At a high level how safe mode works. So so that's nice how it works, but you know, this, 86%?
03:20
That's a big number that's related to backups. So how does all this relate to backups. So if you think about it, if we try and draw this, if you think about it, let's that's that's how pure device let's say that's a flash blade but again equally applies to flash array. I'm I'm using this as a target for my backup. So my backups are sitting on my flash blade. Okay, it's not great.
03:42
Now if I'm using safe mode I should be taking copies of those. So let's just say these are my snapshots. I'll be taking copies of those over time. Now when it comes to remediation let's say I noticed my primary has been encrypted, the data has been deleted. So I go to my backup product and if that
04:07
happens you are really sad. Yes, very good point. So let's say I now have to go to my backup product and start recovering and I start recovering and I instantly noticed these are vanished. They've been encrypted. So they've been attacked as well. What I will then do is recover my backup product.
04:26
Now this backup product can be you know a VM Akane volt a veritas but it can also be native sequel, backups, sequel or Arman etcetera. Okay, so I can copy my data back um you know the snapshot data back and then I can start the recovery. So just to your point there, you know I can then start using rapid recovery and get my business back and running you know
04:54
in in matters of minutes at those terabyte per hour speeds of recovery. Very good. So are there any other use cases for safe mode? So the one other use case that we see is really think about and I'll just draw this simply think about where the data is born or where your critical data resides before you back. So in our universe that would be on a flash
05:19
array. So now think about how you protect sequel and oracle and VM where we recommend that customers take snapshots. Flash array snapshots, low impact, low storage consumption. So, you know, I've got my sequel on there, I've got my VM on there. I can take flash array snapshots as many as I need.
05:40
And if I've turned safe mode on those snapshots automatically get protected by safe mode. So I've got that level of protection there. So again, if the attacker comes in, deletes my sequel stuff, encrypts it. I can just quickly and this is we're talking about milliseconds recovery, I can just quickly roll back a snapshot and I'm back in business.
06:00
Very good. So it's it's it's obvious we cannot prevent ransomware from happening. But if you are hit by ransomware we can pure can help you secure your data right? We can help mitigate the damages from a ransomware attack. And we can also help you rapidly rapidly recover your data. Excellent, very good.
06:20
If you want to learn more about how pure helps with ransomware please visit us here at pure storage dot com slash ransomware. And uh give us a call. Thank you.