Protect workloads against ransomware attacks
You can protect workloads against ransomware attacks by completing the following actions using BlueXP ransomware protection.
-
View existing workload protection.
-
Assign a policy to a workload.
-
Increase application protection to prevent future RW attacks.
-
Change the protection for a workload that was previously protected in the RW service.
-
-
Manage policies (only the ones that you created).
BlueXP ransomware protection assigns a priority to each workload during discovery. The workload priority is determined by the following Snapshot frequencies:
-
Critical: Snapshot copies taken less than 1 per hour (highly aggressive protection schedule)
-
Important: Snapshot copies taken less than 1 per day but greater than 1 per hour
-
Standard: Snapshot copies taken more than 1 per day
Protection status: A workload can show one of the following protection statuses to indicate whether a policy is applied or not:
-
Protected: A policy is applied.
-
At risk: No policy is applied.
-
In progress: A policy is being applied but not completed yet.
-
Failed: A policy is applied but is not working.
Protection health: A workload can have one of the following protection health statuses:
-
Healthy: The workload has protection enabled and backups and Snapshot copies have been completed.
-
In progress: Backups or Snapshot copies are in progress.
-
Failed: Backups or Snapshot copies have not completed successfully.
-
N/A: Protection is not enabled or sufficient on the workload.
View workload ransomware protection
One of the first steps in protecting workloads is viewing your current workloads and their protection status. You can see the following types of workloads:
-
VM workloads
-
File share workloads
-
From the BlueXP left navigation, select Protection > Ransomware protection.
-
Do one of the following:
-
From the Dashboard Data Protection pane, select View all.
-
From the menu, select Protection.
-
-
From this page, you can assign a policy to a workload.
Assign a predefined protection policy to workloads
To help protect your data, you can assign an existing ransomware protection policy to one or more workloads. You can also assign a different policy to a workload that already has a policy.
BlueXP ransomware protection includes the following predefined policies that are aligned with workload priority:
Policy level | Snapshot | Frequency | Retention (Days) | # of Snapshot copies | Total Max # of Snapshot copies |
---|---|---|---|---|---|
Critical workload policy |
Quarter hourly |
Every 15 min |
3 |
288 |
309 |
Daily |
Every 1 day |
14 |
14 |
309 |
|
Weekly |
Every 1 week |
35 |
5 |
309 |
|
Monthly |
Every 30 days |
60 |
2 |
309 |
|
Important workload policy |
Quarter hourly |
Every 30 mins |
3 |
144 |
165 |
Daily |
Every 1 day |
14 |
14 |
165 |
|
Weekly |
Every 1 week |
35 |
5 |
165 |
|
Monthly |
Every 30 days |
60 |
2 |
165 |
|
Standard workload policy |
Quarter hourly |
Every 60 min |
3 |
72 |
93 |
Daily |
Every 1 day |
14 |
14 |
93 |
|
Weekly |
Every 1 week |
35 |
5 |
93 |
|
Monthly |
Every 30 days |
60 |
2 |
93 |
-
From BlueXP ransomware protection, do one of the following:
-
From the Dashboard Data Protection pane, select View all.
-
From the Dashboard Recommendation pane, select a recommendation about assigning a policy and select Review and fix.
-
From the menu, select Protection.
-
-
From the Protection page, review the workloads and select Protect next to the workload.
A list of policies appears.
-
To see details, click on the down arrow on a policy.
-
Select a policy to assign to the workload.
-
Select Protect.
-
Review the Dashboard Recommended actions pane, which shows the action as “Completed."
Create a protection policy
If the existing policies do not meet your business needs, you can create a new protection policy. You can create your own from scratch or use an existing policy and modify its settings.
You can create policies that govern primary and secondary storage and treat primary and secondary storage the same or differently.
You can create a policy when you are managing them or during the process of assigning a policy to a workload.
-
From the BlueXP ransomware protection menu, select Protection.
-
From the Protection page, select Manage policies.
-
From the Manage policies page, select Add.
-
Enter a new policy name, or enter an existing policy name to copy it. If you enter an existing policy name, choose which policy to copy.
If you choose to copy and modify an existing policy, you must change at least one setting to make it unique. -
For each item, select the Down arrow.
-
Primary storage:
-
Snapshot copy schedules: Choose schedule options, the number of Snapshot copies to keep, and select to enable the schedule.
-
Primary detection: Enable the service to detect ransomware incidents on primary storage.
-
Block file extensions: Enable this to have the service block known suspicious file extensions. The service takes automated Snapshot copies when Primary detection is enabled.
-
-
Secondary storage:
-
Backup schedules: Choose schedule options for secondary storage and enable the schedule.
-
Secondary detection: Enable the service to detect ransomware incidents on secondary storage.
-
Lock backups: Choose this to prevent backups on secondary storage from being modified or deleted for a certain period of time. This is also called immutable storage.
This option uses NetApp DataLock technology, which locks backups on secondary storage. The period of time that the backup file is locked (and retained) is called the DataLock Retention Period. It is based on the backup policy schedule and retention setting that you defined, plus a 14-day buffer. Any DataLock retention policy that is less than 30 days is rounded up to 30 days minimum.
-
-
-
Select Add.
-
From the BlueXP ransomware protection menu, select Protection.
-
From the Protection page, select Protect.
-
From the Protect page, select Add.
-
Complete the process, which is the same as creating a policy from the Manage policies page.
Assign a different protection policy
You can choose a different protection policy for a workload.
You might want to increase the protection to prevent future ransomware attacks by changing the protection policy.
-
From the BlueXP ransomware protection menu, select Protection.
-
From the Protect page, select a workload, and select Protect.
-
In the Protect page, select a different policy for the workload.
-
To change any details for the policy, select the down arrow on the right and change the details.
-
Select Save to finish the change.
Edit an existing policy
You can change the details of a policy only when the policy is not associated with a workload.
-
From the BlueXP ransomware protection menu, select Protection.
-
From the Protection page, select Manage policies.
-
In the Manage policies page, select the Actions option for the policy you want to change.
-
From the Actions menu, select Edit policy.
-
Change the details.
-
Select Save to finish the change.
Delete a policy
You can delete a protection policy that is not currently associated with any workloads.
-
From the BlueXP ransomware protection menu, select Protection.
-
From the Protection page, select Manage policies.
-
In the Manage policies page, select the Actions option for the policy you want to delete.
-
From the Actions menu, select Delete policy.