Learn about BlueXP ransomware protection
Ransomware attacks can block access to your data and attackers can ask for ransom in exchange for the release of data or decryption. According to the IDC, it is not uncommon for victims of ransomware to experience multiple ransomware attacks. The attack can disrupt access to your data between one day and several weeks.
BlueXP ransomware protection is a service to protect your data from ransomware. The service protects application-based workloads of Oracle, MySQL, VM datastores, and file shares on on-premises NAS storage (using the NFS and CIFS protocols) as well as Cloud Volumes ONTAP for Amazon Web Services, Cloud Volumes ONTAP for Google Cloud, and Cloud Volumes ONTAP for Microsoft Azure across BlueXP organizations. The service backs up data to Amazon Web Services, Google Cloud, Microsoft Azure cloud storage, and NetApp StorageGRID.
Ransomware protection at the data layer
Your security posture typically encompasses multiple layers of defense to protect against a range of cyber threats.
-
Outermost layer: This is your first line of defense using firewalls, intrusion detection systems, and virtual private networks to safeguard network boundaries.
-
Network security: This layer builds upon the foundation with network segmentation, traffic monitoring, and encryption.
-
Identity security: Uses authentication methods, access controls, and identity management to ensure only authorized users can access sensitive resources.
-
Application security: Protects software applications using secure coding practices, security testing, and runtime application self-protection.
-
Data security: Safeguards your data with data protection, backups, and recovery strategies. BlueXP ransomware protection operates on this layer.
What you can do with BlueXP ransomware protection
The BlueXP ransomware protection service provides full use of several NetApp technologies so that your storage administrator, data security administrator, or security operations engineer can accomplish the following goals:
-
Identify all application-based, file-share, or VMware-managed workloads in NetApp on-premises NAS with NFS or CIFS working environments in BlueXP, across BlueXP organizations, projects, and BlueXP Connectors. The service then categorizes the data priority and provides recommendations to you for ransomware protection improvements.
-
Protect your workloads by enabling backups, Snapshot copies, and ransomware protection strategies on your data.
-
Detect anomalies that might be ransomware attacks.[1]
-
Respond to potential ransomware attacks by automatically initiating a tamper-proof NetApp ONTAP Snapshot that is locked so that the copy cannot be deleted accidentally or maliciously. Your backup data will stay immutable and protected end to end from ransomware attacks at the source and in the destination.
-
Recover your workloads that help accelerate workload uptime by orchestrating several NetApp technologies. You can choose to recover specific volumes. The service provides recommendations on the best options.
-
Govern: Implement your ransomware protection strategy and monitor the outcomes.
Benefits of using BlueXP ransomware protection
BlueXP ransomware protection offers the following benefits:
-
Discovers workloads and their existing snapshot and backup schedules, and ranks their relative importance.
-
Evaluates your ransomware protection posture and displays it in an easy-to-understand dashboard.
-
Provides recommendations on next steps based on discovery and protection posture analysis.
-
Applies AI/ML-driven data protection recommendations with one-click access.
-
Protects data in top application-based workloads, such as MySQL, Oracle, VMware datastores and file-shares.
-
Detects ransomware attacks on data in real time on primary storage using AI technology.
-
Initiates automated actions in response to detected potential attacks by creating Snapshot copies and initiating alerts about abnormal activity.
-
Applies curated recovery to meet RPO policies. BlueXP ransomware protection orchestrates recovery from ransomware incidents by using several NetApp recovery services, including BlueXP backup and recovery (formerly Cloud Backup) and SnapCenter.
-
Uses role-based access control (RBAC) to govern access to features and operations in the service, which enhances security.
Cost
NetApp doesn’t charge you for using the trial version of BlueXP ransomware protection.
With the October 2024 release, new deployments of BlueXP ransomware protection have 30 days for a free trial. Previously, BlueXP ransomware protection provided 90 days as a free trial. If you are already in the 90-day free trial, that offer continues for the 90 days. |
If you have both BlueXP backup and recovery and BlueXP ransomware protection, any common data protected by both products will be billed by BlueXP ransomware protection only.
After you purchase a license or PayGo subscription, any workload that has a ransomware detection policy (Autonomous Ransomware Protection) enabled (discovered or set by BlueXP ransomware protection), and at least one snapshot or backup policy, BlueXP ransomware protection classifies it “Protected” and it counts against purchased capacity or the PayGo subscription. If a workload is discovered without a detection policy (ARP) even if it has backup or snapshot policies, it is classified “At risk” and it does not count against purchased capacity.
Protected workloads count against purchased capacity or the subscription after the 90-day trial period ends. BlueXP ransomware protection is charged on a per GB basis for the data associated with protected workloads before efficiencies.
Licensing
With BlueXP ransomware protection, you can use different licensing plans including a free trial, a pay-as-you-go subscription soon, or bring your own license.
The BlueXP ransomware protection service requires a NetApp ONTAP One license.
The BlueXP ransomware protection license does not include additional NetApp products. BlueXP ransomware protection can use BlueXP backup and recovery even if you don't have a license for it.
To detect anomalous user behavior, BlueXP ransomware protection uses NetApp Autonomous Ransomware Protection, a machine learning (ML) model within ONTAP that detects malicious file activity. This model is included in the BlueXP ransomware protection license. You can additionally use Data Infrastructure Insights (formerly Cloud Insights) Workload Security (license required) to investigate user behavior and block specific users from further activity.
For details, see Set up licensing.
How BlueXP ransomware protection works
At a high-level, BlueXP ransomware protection works like this.
BlueXP ransomware protection uses BlueXP backup and recovery to discover and set snapshot and backup policies for file share workloads, and SnapCenter or SnapCenter for VMware to discover and set snapshot and backup policies for application and VM workloads. In addition, BlueXP ransomware protection uses BlueXP backup and recovery and SnapCenter / SnapCenter for VMware to perform file- and workload-consistent recovery.
Feature | Description |
---|---|
IDENTIFY |
|
PROTECT |
|
DETECT |
|
RESPOND |
|
RECOVER |
|
GOVERN |
|
Supported backup targets, working environments, and workload data sources
Use BlueXP ransomware protection to see how resilient your data is to a cyber attack on the following types of backup targets, working environments, and workload data sources:
Backup targets supported
-
Amazon Web Services (AWS) S3
-
Google Cloud Platform
-
Microsoft Azure Blob
-
NetApp StorageGRID
Working environments supported
-
On-premises ONTAP NAS (using NFS and CIFS protocols) with ONTAP version 9.11.1 and greater
-
Cloud Volumes ONTAP 9.11.1 or greater for AWS (using NFS and CIFS protocols)
-
Cloud Volumes ONTAP 9.11.1 or greater for Google Cloud Platform (using NFS and CIFS protocols)
-
Cloud Volumes ONTAP 9.12.1 or greater for Microsoft Azure (using NFS and CIFS protocols)
The following are not supported: FlexGroup volumes, ONTAP versions older than 9.11.1, iSCSI volumes, mount point volumes, mount path volumes, offline volumes, and Data protection (DP) volumes. |
Workload data sources supported
The service protects the following application-based workloads on primary data volumes:
-
NetApp file shares
-
VMware datastores
-
Databases (MySQL and Oracle)
-
More coming soon
In addition, if you are using SnapCenter or SnapCenter for VMware, all workloads supported by those products are also identified in BlueXP ransomware protection. BlueXP ransomware protection can protect and recover these in a workload-consistent manner.
Terms that might help you with ransomware protection
You might benefit by understanding some terminology related to ransomware protection.
-
Protection: Protection in BlueXP ransomware protection means ensuring that snapshots and immutable backups occur on a regular basis to a different security domain using protection policies.
-
Workload: A workload in BlueXP ransomware protection can include MySQL or Oracle databases, VMware datastores, or file shares.