This release includes support for SAN workloads in BlueXP ransomware protection. You can now protect SAN workloads in addition to NFS and CIFS workloads.

For more information, refer to BlueXP ransomware protection prerequisites.

This release improves the configuration process for workloads with snapshot and backup policies from other NetApp tools such as SnapCenter or BlueXP backup and recovery. In previous releases, BlueXP ransomware protection discovered the policies from other tools, only allowing you to change the detection policy. With this release, you can now replace snapshot and backup policies with BlueXP ransomware protection policies or continue to use the policies from other tools.

For details, refer to Protect workloads.

If BlueXP ransomware protection detects a possible attack, a notification appears in the BlueXP Notifications, and an email is sent to the email address that you configured.

The email includes information about the severity, the impacted workload, and a link to the alert in the BlueXP ransomware protection Alerts tab.

If you configured a security and event management (SIEM) system in BlueXP ransomware protection, the service sends alert details to your SIEM system.

For details, refer to Handle detected ransomware alerts.

This release includes updates to the landing page for BlueXP ransomware protection that makes starting the free trial and discovery easier.

Previously, you could run a ransomware readiness drill by simulating an attack on a new sample workload. With this feature, you can investigate the simulated attack and recover the workload. Use this feature to test alert notifications, response, and recovery. Run and schedule these drills as often as needed.

With this release, you can use a new button on the BlueXP ransomware protection Dashboard to run a ransomware readiness drill on a test workload, making it easier for you to simulate ransomware attacks, investigate their impact, and recover workloads efficiently, all within a controlled environment.

You can now run readiness drills on CIFS (SMB) workloads in addition to NFS workloads.

For details, refer to Conduct a ransomware attack readiness drill.

Before you use BlueXP classification within the BlueXP ransomware protection service, you need to enable BlueXP classification to scan your data. Classifying data helps you find personally identifiable information (PII), which can increase security risks.

You can deploy BlueXP classification on a file share workload from within BlueXP ransomware protection. In the Privacy exposure column, select the Identify exposure option. If you've enabled the classification service, this action identifies the exposure. Otherwise, with this release, a dialog box presents the option to deploy BlueXP classification. Select Deploy to go to the BlueXP classification service landing page, where you can deploy that service. W

For details, refer to Deploy BlueXP classification in the cloud and to use the service within BlueXP ransomware protection, refer to Scan for personally identifiable information with BlueXP classification.

During the discovery workflow, BlueXP ransomware protection reports more details when you hover over Supported or Unsupported Workloads. This will help you understand why some of your workloads are not discovered by the BlueXP ransomware protection service.

There are many reasons why the service doesn't support a working environment, for example, the ONTAP version on your working environment could be below the required version. When you hover over an unsupported working environment, a tooltip displays the reason.

You can view the unsupported working environments during initial discovery, where you can also download the results. You can also view the results of discovery from the Workload discovery option in the Settings page.

For details, refer to Discover workloads in BlueXP ransomware protection.

This release supports Amazon FSx for NetApp ONTAP. This feature helps you protect your FSx for ONTAP workloads with BlueXP ransomware protection.

FSx for ONTAP is a fully managed service that provides the power of NetApp ONTAP storage in the cloud. It provides the same features, performance, and administrative capabilities that you use on-premises with the agility and scalability of a native AWS service.

The following changes were made to the BlueXP ransomware protection workflow:

For details, refer to Learn about BlueXP ransomware protection and working environments.

For information about the supported options, refer to the BlueXP ransomware protection limitations.

You now need one of the following access roles to view, discover, or manage BlueXP ransomware protection: Organization admin, Folder or project admin, Ransomware protection admin, or Ransomware protection viewer.

Learn about BlueXP access roles for all services.

With this release, you can review ransomware attack readiness drill reports. A readiness drill enables you to simulate a ransomware attack on a newly created, sample workload. Then, investigate the simulated attack and recover the sample workload. This feature helps you know that you are prepared in the event of an actual ransomware attack by testing alert notification, response, and recovery processes.

For details, refer to Conduct a ransomware attack readiness drill.

Previously, you could assign roles and permissions to users based on their responsibilities, which helps you manage user access to BlueXP ransomware protection. With this release, there are two new roles specific to BlueXP ransomware protection with updated permissions. The new roles are:

For details about permissions, refer to BlueXP ransomware protection role-based access to features.

This release includes several improvements to the payment process.

For details, refer to Set up licensing and payment options.

With this release, simulate a ransomware attack to test your response to a ransomware alert. This feature helps you know that you are prepared in the event of an actual ransomware attack by testing alert notification, response, and recovery processes.

For details, refer to Conduct a ransomware attack readiness drill.

This release includes enhancements to the selective discovery and rediscovery processes:

For details, refer to Discover newly created workloads for previously selected working environments and Configure features with the Settings option.

With this release, you can view alerts when high encryption is detected on your workloads even without high file extension changes. This feature, which uses ONTAP Autonomous Ransomware Protection (ARP) AI, helps you identify workloads that are at risk of ransomware attacks. Use this feature and download the entire list of impacted files with or without extension changes.

For details, refer to Respond to a detected ransomware alert.

With this release, you can use Data Infrastructure Insights Storage Workload Security to detect anomalous user behavior in your storage workloads. This feature helps you identify potential security threats and block potentially malicious users to protect your data.

For details, refer to Respond to a detected ransomware alert.

Before you use Data Infrastructure Insights Storage Workload Security to detect anomalous user behavior, you need to configure the option by using the BlueXP ransomware protection Settings option.

Refer to Configure BlueXP ransomware protection settings.

With this release, you can now do the following:

Refer to Discover workloads.

With this release, you can enable BlueXP classification, a core component of the BlueXP family, to scan and classify data in your file share workloads. Classifying data helps you identify whether your data includes personal or private information, which can increase security risks. This process also impacts workload importance and helps you ensure that you are protecting workloads with the right level of protection.

Scanning for PII data in BlueXP ransomware protection is generally available to customers who deployed BlueXP classification. BlueXP classification is available as part of the BlueXP platform at no extra charge and can be deployed on-premises or in the customer cloud.

Refer to Configure BlueXP ransomware protection settings.

To initiate scanning, on the Protection page, click Identify exposure in the Privacy exposure column.

Scan for personally identifiable sensitive data with BlueXP classification.

You can now send data to your security and event management system (SIEM) for threat analysis and detection using Microsoft Sentinel. Previously, you could select the AWS Security Hub or Splunk Cloud as your SIEM.

Learn more about configuring BlueXP ransomware protection settings.

With this release, new deployments of BlueXP ransomware protection now have 30 days for a free trial. Previously, BlueXP ransomware protection provided 90 days as a free trial. If you are already in the 90-day free trial, that offer continues for the 90 days.

Before you restore an application workload at the file level, you can now view a list of files that might have been impacted by an attack and identify those you want to restore. Previously, if the BlueXP Connectors in an organization (previously an account) were using Podman, this feature was disabled. It is now enabled for Podman. You can let BlueXP ransomware protection choose the files to restore, you can upload a CSV file that lists all the files impacted by an alert, or you can manually identify which files you want to restore.

Learn more about recovering from a ransomware attack.

With this release, you can now group file shares into groups to make it easier for you to protect your data estate. The service can protect all volumes in a group at the same time. Previously, you needed to protect each volume separately.

Learn more about grouping file share workloads in ransomware protection strategies.

BlueXP ransomware protection now gathers information about high and critical security risks related to a cluster from NetApp Digital Advisor. If any risk is found, BlueXP ransomware protection provides a recommendation in the Dashboard's Recommended actions pane: "Fix a known security vulnerability on the cluster <name>." From the recommendation on the Dashboard, clicking Review and fix suggests to review Digital Advisor and a Common Vulnerability & Exposure (CVE) article to resolve the security risk. If there are multiple security risks, review information in Digital Advisor.

Refer to Digital Advisor documentation.

With this release, you can set a backup destination to a Google Cloud Platform bucket. Previously, you could add backup destinations only to NetApp StorageGRID, Amazon Web Services, and Microsoft Azure.

Learn more about configuring BlueXP ransomware protection settings.

The service now supports Cloud Volumes ONTAP for Google Cloud Platform for storage protection. Previously, the service supported only Cloud Volumes ONTAP for Amazon Web Services and Microsoft Azure along with on-premises NAS.

Learn about BlueXP ransomware protection and supported data sources, backup destinations, and working environments.

You can now limit access to specific activities with role-based access control (RBAC). BlueXP ransomware protection uses two roles from BlueXP: BlueXP Account Admin and Non-Account Admin (Viewer).

For details about the actions that each role can perform, see Role-based access control privileges.

You can automatically send data to your security and event management system (SIEM) for threat analysis and detection. With previous releases, you could select only the AWS Security Hub as your SIEM. With this release, you can select the AWS Security Hub or Splunk Cloud as your SIEM.

Learn more about configuring BlueXP ransomware protection settings.

With this release, you can use a BYOL license, which is a NetApp License File (NLF) that you obtain from your NetApp Sales Rep.

Learn more about setting up licensing.

Before you restore an application workload at the file level, you can now view a list of files that might have been impacted by an attack and identify those you want to restore. You can let BlueXP ransomware protection choose the files to restore, you can upload a CSV file that lists all the files impacted by an alert, or you can manually identify which files you want to restore.

Learn more about recovering from a ransomware attack.

Before restoring an application workload at the file level, you can now access the Alerts page to download a list of impacted files in a CSV file and then use the Recovery page to upload the CSV file.

Learn more about downloading impacted files before restoring an application.

With this release, you can now delete a ransomware protection strategy.

Learn more about protecting workloads and managing ransomware protection strategies.

Enable this to lock the snapshot copies on primary storage so that they cannot be modified or deleted for a certain period of time even if a ransomware attack manages its way to the backup storage destination.

Learn more about protecting workloads and enabling backup locking in a ransomware protection strategy.

This release supports Cloud Volumes ONTAP for Microsoft Azure as a working environment in addition to Cloud Volumes ONTAP for AWS and on-premises ONTAP NAS.

Quick start for Cloud Volumes ONTAP in Azure

Learn about BlueXP ransomware protection.

You can now add Microsoft Azure as a backup destination along with AWS and NetApp StorageGRID.

Learn more about how to Configure protection settings.

You can sign up for a 90-day free trial. Soon you be will be able to purchase a pay-as-you-go subscription with Amazon Web Services Marketplace or bring your own NetApp license.

Learn more about setting up licensing.

The service now supports on-premises ONTAP and Cloud Volumes ONTAP in AWS working environments using both NFS and CIFS protocols. The previous release supported only the NFS protocol.

This release now provides more details in the workload information from the Protection and other pages for improved workload protection assessment. From the workload details, you can review the currently assigned policy and review the configured backup destinations.

Learn more about viewing workload details in the Protection pages.

You can now perform application-consistent protection with NetApp SnapCenter Software and VM-consistent protection with SnapCenter Plug-in for VMware vSphere, achieving a quiescent and consistent state to avoid potential data loss later if recovery is needed. If recovery is required, you can restore the application or VM back to any of the previously available states.

Learn more about protecting workloads.

If snapshot or backup policies do not exist on the workload, you can create a ransomware protection strategy, which can include the following policies that you create in this service:

Learn more about protecting workloads.

Enable threat detection is now available using a third-party security and event management (SIEM) system. The Dashboard now shows a new recommendation to "Enable threat detection" which can be configured on the Settings page.

Learn more about configuring Settings options.

From the Alerts tab, you can now dismiss false positives or decide to recover your data immediately.

Learn more about responding to a ransomware alert.

New detection statuses appear on the Protection page showing the status of the ransomware detection applied to the workload.

Learn more about protecting workloads and viewing protection statuses.

You can download CSV files* from the Protection, Alerts, and Recovery pages.

Learn more about downloading CSV files from the Dashboard and other pages.

View documentation link is now included in the UI. You can access this documentation from the Dashboard vertical Actions option. Select What's new to view details in the Release Notes or Documentation to view the BlueXP ransomware protection documentation Home page.

The BlueXP backup and recovery service no longer needs to be already enabled on the working environment. See prerequisites. The BlueXP ransomware protection service helps configure a backup destination through the Settings option. See Configure settings.

You can now set up backup destinations in BlueXP ransomware protection Settings.

Learn more about configuring Settings options.

In addition to using predefined policies, you can now create policies. Learn more about managing policies.

You can now make the backup immutable in secondary storage using NetApp DataLock technology in the object store. Learn more about creating protection policies.

In addition to using AWS, you can now choose StorageGRID as your backup destination. Learn more about configuring backup destinations.

You can now view more forensic details to investigate the detected potential attack. Learn more about responding to a detected ransomware alert.

The recovery process was enhanced. Now, you can recover volume by volume or all volumes for a workload. Learn more about recovering from a ransomware attack (after incidents have been neutralized).

Learn about BlueXP ransomware protection.