Skip to main content

Enable autonomous ransomware protection with AI on your ASA r2 storage systems

Contributors netapp-aherbin
PDFs

Beginning with ONTAP 9.17.1, you can use Autonomous Ransomware Protection with Artificial Intelligence (ARP/AI) to protect the data on your ASA r2 system. ARP/AI quickly detects potential ransomware threats, automatically creates an ARP snapshot to protect your data, and displays a warning message in System Manager to alert you of suspicious activity.

Beginning with ONTAP 9.17.1, ARP improves cyber resiliency by adopting a machine-learning model for anti-ransomware analytics that detects constantly evolving forms of ransomware with 98% accuracy for SAN environments. ARP's machine-learning model is pre-trained on a large dataset of files both before and after a simulated ransomware attack. This resource-intensive training is done outside ONTAP, and the pre-trained model that results from this training is included on-box with ONTAP. This model is not accessible or modifiable through the CLI or API. Consequently, ARP/AI is active immediately after enablement; there is no learning period.

Note No ransomware detection or prevention system can completely guarantee safety from a ransomware attack. Although it's possible an attack might go undetected, ARP/AI acts as an important additional layer of defense if anti-virus software fails to detect an intrusion.
About this task

ARP/AI support is included with the ONTAP One license.

After you have enabled ARP/AI, you should enable automatic updates for your security files to automatically receive new security updates.

Enable ARP/AI on all storage units in an SVM

You can enable ARP/AI on all storage units created in a storage virtual machine (SVM) by default. This means that any new storage units created in the SVM will have ARP/AI enabled automatically. You can also apply ARP/AI to existing storage units in the SVM.

Steps

  1. In System Manager, select Cluster > Storage VMs.

  2. Select the storage VM on which you want to enable ARP/AI.

  3. In the Security section, next to Anti-ransomware, select three vertical blue dots; then select Edit anti-ransomware settings.

  4. Select Enable anti-ransomware.

    This enables ARP/AI on all future storage units created on the selected storage VM by default.

  5. To apply ARP to existing storage units on the selected storage VM, select Apply this change to all applicable existing storage units on this storage VM.

  6. Select Save.

Result

All new storage units you create on the SVM are protected against ransomware attacks by default, and suspicious activity is reported to you in System Manager.

Enable ARP/AI on specific storage units in an SVM

If you do not want ARP/AI enabled on all the storage units in an SVM, you can select the specific units you want enabled.

Steps

  1. In System Manager, select Storage.

  2. Select the storage units for which you want to enable ARP/AI.

  3. Select three vertical blue dots; then select Enable anti-ransomware.

  4. Select Enable.

Result

The storage units you selected are protected against ransomware attacks, and suspicious activity is reported to you in System Manager.