Skip to main content

Enable autonomous ransomware protection with AI on your ASA r2 storage systems

Contributors netapp-aherbin
PDFs

Beginning with ONTAP 9.17.1, you can use Autonomous Ransomware Protection with Artificial Intelligence (ARP/AI) to protect the data on your ASA r2 system. ARP/AI quickly detects potential ransomware threats, automatically creates an ARP snapshot to protect your data, and displays a warning message in System Manager to alert you of suspicious activity.

ARP improves cyber resiliency by adopting a machine-learning model for anti-ransomware analytics that detects constantly evolving forms of ransomware with 98% accuracy for SAN environments. ARP's machine-learning model is pre-trained on a large dataset of files both before and after a simulated ransomware attack. This resource-intensive training is done outside ONTAP, and the pre-trained model that results from this training is included on-box with ONTAP. This model is not accessible or modifiable. ARP/AI is active immediately after enablement; there is no learning period.

Note No ransomware detection or prevention system can completely guarantee safety from a ransomware attack. Although an attack might go undetected, ARP/AI acts as an important additional layer of defense if anti-virus software fails to detect an intrusion.
About this task

  • ARP/AI support is included with the ONTAP One license.

  • ARP/AI is not supported on storage units protected by SnapMirror active sync, SnapMirror synchronous or SnapLock.

  • Beginning with ONTAP 9.18.1, ARP/AI is enabled by default on all newly created storage units 12 hours after upgrading to ONTAP 9.18.1 or initializing a new ONTAP 9.18.1 ASA r2 cluster.

  • After you have enabled ARP/AI, you should enable automatic updates for your security files to automatically receive new security updates.

Enable ARP/AI on all storage units in the cluster

If you are running ONTAP 9.17.1, you can enable ARP/AI on all storage units created in the cluster by default.

In ONTAP 9.18.1 and later, ARP/AI is enabled by default on all new storage units. If you have storage units created in ONTAP 9.17.1 for which ARP/AI is not enabled, you can enable it manually.

Steps

  1. In System Manager, select Cluster > Settings.

  2. Next to Anti-ransomware, select Edit anti-ransomware settings and then select Enable on all existing storage units.

  3. Select Enable.

Enable ARP/AI on all storage units in a storage VM

If you are running ONTAP 9.17.1, you can enable ARP/AI on all storage units created in a storage virtual machine (VM) by default. This means that any new storage units created in the storage VM will have ARP/AI enabled automatically. You can also apply ARP/AI to existing storage units in the storage VM.

In ONTAP 9.18.1 and later, ARP/AI is enabled by default on all new storage units. If you have storage units created in ONTAP 9.17.1 for which ARP/AI is not enabled, you can enable it manually.

Steps

  1. In System Manager, select Cluster > Storage VMs.

  2. Select the storage VM on which you want to enable ARP/AI.

  3. In the Security section, next to Anti-ransomware, select three vertical blue dots; then select Edit anti-ransomware settings.

  4. Select Enable anti-ransomware.

    This enables ARP/AI on all future storage units created on the selected storage VM by default.

  5. To apply ARP to existing storage units on the selected storage VM, select Apply this change to all applicable existing storage units on this storage VM.

  6. Select Save.

Result

All new storage units you create on the storage VM are protected against ransomware attacks by default, and suspicious activity is reported to you in System Manager.

Enable ARP/AI on specific storage units in a storage VM

If you are running ONTAP 9.17.1, and you do not want ARP/AI enabled on all the storage units in an storage VM, you can select the specific units you want enabled.

In ONTAP 9.18.1 and later, ARP/AI is enabled by default on all new storage units. If you have storage units created in ONTAP 9.17.1 for which ARP/AI is not enabled, you can enable it manually.

Steps

  1. In System Manager, select Storage.

  2. Select the storage units for which you want to enable ARP/AI.

  3. Select three vertical blue dots; then select Enable anti-ransomware.

  4. Select Enable.

Result

The storage units you selected are protected against ransomware attacks, and suspicious activity is reported to you in System Manager.