In our continuous efforts to enhance data resilience and security, Pure Storage is committed to providing robust protection, detection, and response capabilities against ransomware attacks. While we cannot prevent an attack from occurring, we can assist you in mitigating the impact and swiftly restoring your operations. As part of our comprehensive strategy, we’ve recently introduced several features and services.
One of our key offerings is Pure1®, our AIOps platform, which now includes advanced capabilities for ransomware protection. Through Pure1, we can help you detect and respond to ransomware incidents more effectively:
- We’ve integrated rich Data Protection Assessment capabilities into Pure1. This feature ensures that your FlashArray™ and FlashBlade® configurations adhere to Pure Storage’s leading practices, enhancing the security of your data storage infrastructure.
- We’ve recently launched an anomaly detection feature, which monitors volume Data Reduction Ratio (DRR) drops on your appliances. This enables the identification of unusual operations or potential attacks on the array, allowing for prompt investigation and response.
- We’ve introduced a new ransomware recovery SLA for our Evergreen//One™ storage-as-a-service (STaaS) offering. This SLA ensures that in the event of a ransomware attack, we prioritize your recovery and minimize downtime.
Now, we’re focusing on streamlining the multi-party authorization process for our SafeMode™ ransomware capabilities to make it more convenient to use without sacrificing its security.
Hacker’s Guide to Ransomware Mitigation and Recovery
What Is SafeMode?
Available for both FlashArray and FlashBlade systems, SafeMode helps protect the data you need to recover quickly from a ransomware attack. In most attacks, cybercriminals encrypt your production data, then destroy your snapshots so that you can’t use them to recover your data and restore operations. When SafeMode is turned on for a volume, no single person—not even someone with admin privileges—can eradicate the snapshots from your systems before the preset time has passed. Instead, SafeMode requires a multi-party approval process that includes Pure Support.
How Enhanced SafeMode Management Works
Changes to SafeMode can only be made when at least two authorized contacts from your organization work with the Pure Storage support team simultaneously. While this process is secure, it requires a coordinated phone call with both authorizers and Pure Support at the same time. That’s not as convenient as it could be.
Now, we’re rolling out a new security strategy called Enhanced SafeMode Management that’s just as secure as it’s always been, but more convenient. We’re starting with customers who haven’t begun using SafeMode yet. So if you’re using SafeMode today and thus have already set up your two-party authorization, you don’t need to change anything you’re doing now. In the coming months, we’ll let you know when it’s time for you to shift over to this new process and we’ll guide you through it.
New SafeMode Authentication Process
We’re taking steps to further augment the SafeMode feature by implementing a more streamlined multi-party approval process.
The multi-party approval process works by involving multiple individuals with designated roles and permissions in the approval process. When a user attempts to make changes or access sensitive functions within SafeMode using Pure1, the system prompts for approval from multiple authorized parties.
Get Started
The embedded nature of the enhanced SafeMode feature ensures a seamless experience within the Pure1 platform, eliminating the need for additional tools or interfaces. Customers can conveniently manage their SafeMode settings alongside other storage management tasks. To get started, log in to your Pure1 account using your administrator credentials and assign the “SafeMode Approver” role to at least two administrator roles. These users will have to be enrolled in step-up authentication by providing their mobile device number in their Pure1 user profile. SafeMode changes can be initiated in the Appliances view by clicking on the SafeMode shield icon in the desired array’s card.
With the enhanced SafeMode feature in Pure1, you’ll have greater control when you need to make SafeMode configuration changes. By moving away from requiring two authorizing parties on the same call with Pure Support, you’ll get a more convenient and efficient method that will save you time and increase your operational efficiency.
To learn more about how the enhanced SafeMode feature works in Pure1, check out our Digital Bytes episode:
Get Protected
Learn how you can minimize the impact of a cyberattack with a little help from Commvault and Pure Storage!