Cloud Insights Storage Workload Security (CISWS)
Storage Workload Security (SWS) is a feature of NetApp Cloud Insights that greatly enhances the security posture, recoverability, and accountability of an ONTAP environment. SWS takes a user-centric approach, tracking all file activity from every authenticated user in the environment. It uses advanced analytics to establish normal and seasonal access patterns for every user. These patterns are used to quickly identify suspicious behavior without the need for ransomware signatures.
When SWS detects a potential ransomware, data deletion, or exfiltration attack, it can take automatic actions such as:
-
Take a snapshot of the affected volume.
-
Block the user account and IP address that is suspected of malicious activity.
-
Send an alert to admins.
Because it can take automated action to quickly stop an insider threat as well as track every file activity, SWS makes recovery from a ransomware event much simpler and faster. With advanced auditing and forensics tools built in, users can immediately see what volumes and files were affected by an attack, which user account the attack came from, and what malicious action was performed. Automatic snapshots mitigate the damage and accelerate file restoration.
Alerts from ONTAP's Autonomous Ransomware Protection (ARP) are also visible in SWS, providing a single interface for customers using both ARP and SWS to protect from ransomware attacks.