Skip to main content
BlueXP ransomware protection

Learn about BlueXP ransomware protection preview

Contributors amgrissino netapp-tonacki netapp-bcammett
PDFs

Ransomware attacks can block access to your systems and data and attackers can ask for ransom in exchange for the release of data or decryption. According to the IDC, it is not uncommon for victims of ransomware to experience multiple ransomware attacks. The attack can disrupt access to your data between one day and several weeks.

BlueXP ransomware protection is an orchestration service for ransomware protection, detection, and recovery. For the preview version, the service protects application-based workloads of Oracle, MySQL, VM datastores, and file shares on on-premises NAS storage as well as Cloud Volumes ONTAP in Amazon Web Services (using the NFS protocol) across BlueXP accounts and backs up data to Amazon Web Services cloud storage or NetApp StorageGRID.

Note THIS DOCUMENTATION IS PROVIDED AS A TECHNOLOGY PREVIEW. With this preview offering, NetApp reserves the right to modify offering details, contents, and timeline before General Availability.

What you can do with BlueXP ransomware protection

The BlueXP ransomware protection service provides full use of several NetApp technologies so that your storage administrator, data security administrator, or security operations engineer can accomplish the following goals:

  • Identify all application-based, file-share, or VMware-managed workloads in NetApp on-premises NAS with NFS working environments in BlueXP, across BlueXP accounts, workspaces, and BlueXP Connectors. The service then categorizes the data priority and provides recommendations to you for ransomware protection improvements.

  • Protect your workloads by enabling backups and Snapshot copies on your data.

  • Detect anomalies that might be ransomware attacks.

  • Respond to potential ransomware attacks by automatically initiating a NetApp ONTAP Snapshot copy.

  • Recover your workloads that help accelerate workload uptime by orchestrating several NetApp technologies. You can choose to recover volumes, folders, or specific files. The service provides recommendations on the best options.

Diagram showing BlueXP ransomware protection strategies of identify

Benefits of using BlueXP ransomware protection

BlueXP ransomware protection offers the following benefits:

  • Discovers workloads and datasets, analyzes the priority based on usage index, and ranks their relative importance.

  • Evaluates your ransomware protection posture and displays it in an easy-to-understand dashboard.

  • Provides recommendations on next steps based on discovery and protection posture analysis.

  • Applies AI/ML-driven data protection recommendations with one-click access.

  • Protects data in top application-based workloads, such as MySQL, Oracle, VMware datastores and file-shares.

  • Detects ransomware attacks on data in real time on primary storage using AI technology.

  • Initiates automated actions in response to detected potential attacks by creating Snapshot copies and initiating alerts about abnormal activity.

  • Applies curated recovery to meet RPO policies. BlueXP ransomware protection orchestrates recovery from ransomware incidents by using several NetApp recovery services, including BlueXP backup and recovery (formerly Cloud Backup).

Cost

NetApp doesn’t charge you for using the preview version of BlueXP ransomware protection.

Licensing

The BlueXP ransomware protection preview itself does not require any special licensing. All preview licenses are Evaluation licenses.

Tip For the preview version, NetApp helps to set up the evaluation and any required licenses.

The BlueXP ransomware protection preview requires the following licenses:

How BlueXP ransomware protection works

At a high-level, BlueXP ransomware protection works like this.

Diagram showing BlueXP ransomware protection architecture

Feature Description

IDENTIFY

  • Finds all customer on-premises NAS (NFS mounts) data connected to BlueXP.

  • Identifies customer data from ONTAP service APIs and associates it with workloads. Learn more about ONTAP and SnapCenter Software.

  • Discovers each volume's current protection level of NetApp Snapshot copies and backup policies as well as any on-box detection capabilities. The service then associates this protection posture with the workloads by using BlueXP backup and recovery, BlueXP digital advisor, and ONTAP services and NetApp technologies such as Autonomous Ransomware Protection, FPolicy, Backup policies, and Snapshot policies.
    Learn more about Autonomous Ransomware Protection and BlueXP backup and recovery, BlueXP Digital Advisor, and ONTAP FPolicy.

  • Assigns a business priority to each workload based on automatically discovered protection levels and recommends protection policies for workloads based on their business priority.

  • Ransomware protection also learns the policy associations and recommends your custom policies to similar workloads.

PROTECT

  • Actively monitors workloads and orchestrates the use of BlueXP backup and recovery and ONTAP APIs by applying policies to each of the identified workloads.

DETECT

  • Detects potential attacks with an integrated machine learning (ML) model that detects potentially anomalous encryption and activity.

  • Provides dual-layer detection that starts with detecting potential ransomware attacks in the primary storage and responding to abnormal activities by taking additional automated Snapshot copies to create the nearest data restore points. The service provides the ability to dig deeper to identify potential attacks with greater precision without impacting the performance of the primary workloads.

  • Determines the specific suspect files and maps that attack to the associated workloads, using ONTAP, Autonomous Ransomware Protection and FPolicy technologies.

RESPOND

  • Shows relevant data, such as file activity, user activity, and entropy, to help you complete forensic reviews about the attack.

  • Initiates quick Snapshot copies by using NetApp technologies and products such as ONTAP, Autonomous Ransomware Protection and FPolicy.

RECOVER

  • Determines the best Snapshot or backup and recommends the best recovery point actual (RPA) by using BlueXP backup and recovery, ONTAP, Autonomous Ransomware Protection and FPolicy technologies and services.

  • Orchestrates the recovery of workloads including VMs, file shares, and databases with application consistency.

Supported backup targets, working environments, and data sources

Use BlueXP ransomware protection preview to see how resilient your data is to a cyber attack on the following types of backup targets, working environments, and data sources:

Backup targets supported

  • Amazon Web Services (AWS) S3

  • NetApp StorageGRID

Supported working environments

  • On-premises ONTAP NAS (using NFS protocol)

  • ONTAP Select

  • Cloud Volumes ONTAP in AWS (using NFS protocol)

Data sources

For the preview version, the service protects the following application-based workloads:

  • NetApp file shares

  • VMware datastores

  • Databases (For the preview version, Oracle and MySQL)

Terms that might help you with ransomware protection

You might benefit by understanding some terminology related to ransomware protection.

  • Protection: Protection in BlueXP ransomware protection means ensuring that Snapshots and immutable backups occur on a regular basis to a different security domain using protection policies.

  • Workload: A workload in BlueXP ransomware protection preview can include MySQL or Oracle databases, VMware datastores, or file shares.