Summary
Cyber threats are very real and getting even more frightening. Updating your FlashArray, FlashBlade, and Portworx software and implementing other protective measures can help you ward off whatever evil entities come your way.
It’s that time of year when goblins lurk in emails, phantoms haunt VPNs, and ransomware ghouls prowl the night. The scariest thing in your data center isn’t a giant spider lurking around the corner—it’s running old software with known vulnerabilities. Here’s why you should update your Purity//FA, Purity//FB, and Portworx® software now—and the not-so-urban legends to back it up.
The Monsters Are Real (and Busy)
- Ransomware volume in 2025 is massive. According to Check Point, companies faced an average of 1,900 cyberattacks per organization per week. And AI-powered attacks, the new boogeyman, are making the situation even more frightening.
- What does a single bite cost? In Q2 2025, the average ransom payment hit $1.13M (median $400k), according to Coveware. Even when you don’t pay, the average data breach cost in 2025 is $4.4M globally.
Your Silver Bullets (No Wolfsbane Required)
So, what can you do to protect your organization from threats? Here are a few weapons to have in your arsenal:
- Pure1® Security Assessment Center and Pure1 Anomaly Detection: Help you spot risky configurations and anomalies across FlashArray™ and FlashBlade®—things like default passwords, end-of-life versions, and unusual admin activity. Use it as your always-on warding circle. Learn more about data and infrastructure security with Pure1.
- FlashArray and FlashBlade data resilience: Deliver built-in resilience against things that go bump in the night. Immutable snapshots, encryption, replication, and rapid recovery help withstand any attack. SafeMode™ Snapshots lock critical restore points against tampering—ensuring clean, recoverable data no matter what haunts your environment.
- Pure Storage Product Security and Incident Response Team (PSIRT) resources: Give you the canonical view of vulnerabilities and fixes:
- PSIRT Storage Vulnerability and Disclosure Policy: How Pure Storage handles vulnerability reporting and disclosure
- Security bulletins: Product-specific advisories
- CVE Database: Centralized Common Vulnerabilities and Exposures (CVEs) for Pure Storage products. For background on how Pure Storage packages actionable CVE info, see the blog: “Security, Simplified: How Pure Storage Delivers Actionable CVE Information.”
- Portworx: Keep clusters current, review Portworx security and trust guidance, and read release notes addressing vulnerabilities. Visit the Portworx Security and Trust Center.
What to Do before Midnight
- Check your exposure in minutes
- Review the Security Assessment in Pure1 for FlashArray and FlashBlade configurations. Check recommended remediations and anomaly alerts.
- Patch with purpose
- Prioritize critical/high bulletins first, then mediums. Track fixes via security bulletins and the CVE Database.
- Upgrade Purity and Portworx
- Stay on supported releases. Pure Storage disclosure pages and release artifacts specify fixed versions. Portworx operator notes call out security fixes.
- Lock it down with SafeMode
- Enable SafeMode snapshots on all arrays to keep recovery points untouchable—no hacker or creature of the night can delete them.
- Harden the lair
- Enforce least privilege for array admins, rotate credentials, disable unused services, and review network exposure regularly (Pure Storage security briefs and Pure1 enhancements help here). See Pure Fusion™ security recommendations (Pure1 login required).
- Enforce least privilege for array admins, rotate credentials, disable unused services, and review network exposure regularly (Pure Storage security briefs and Pure1 enhancements help here). See Pure Fusion™ security recommendations (Pure1 login required).
- Make CVE hygiene a habit
- Bookmark PSIRT Home, security bulletins, CVE Database, and the PSIRT blog for ongoing updates. Visit the Pure Storage Product Security page.
Why This Matters Now
The threat landscape isn’t waiting for your change window. Even with occasional dips, we’re still seeing thousands of victims posted by ransomware groups in 2025—and the economic bite per incident keeps growing. Updating FlashArray, FlashBlade, and Portworx closes doors those creatures love to slip through, while the Pure1 Security Assessment and PSIRT give you a lantern to spot what’s lurking before it strikes.
Trick: “We’ll patch after the holidays.”
Treat: Patch now, verify with Pure1 Security Assessment, and sleep like the dead.
Stay safe out there—and happy “ghostbusting.”
The State of Cyber Resilience
Learn how 620 US-based IT security practitioners are approaching their data storage and keeping it safe.
The State of Cyber Resilience
Learn the security strategies of 620 US-based IT security practitioners.
