Many organizations focus on ransomware prevention. But as attacks grow increasingly sophisticated and widespread, they’re also becoming more inevitable. And there’s no guarantee that bad actors can’t thwart even the strongest prevention security in the ransomware arms race. Pure Storage® takes a different approach by focusing on ransomware mitigation and rapid recovery. We look at the whole attack process: before, during, and after an event. To help you prepare, Pure Professional Services offers a short SafeMode Advisory workshop.

The workshop walks you through the configurations, authorizations, and decisions your organization will need to be fully protected. This remote workshop provides a health check and assessment of up to three arrays, with extensions possible. It configures the necessary parameters and ensures that your team connects with Pure Support to establish proper authorizations and contacts.

Our SafeMode™ feature provides the ultimate in ensuring continued access to your precious data in the event of an attack. And it also may eliminate the need to pay a ransom. The feature is included in an Evergreen Storage™ subscription, and you can enable it by contacting our Support team.

A Plan of Attack against Ransomware 

Ransomware mitigation requires planning, preparation, and an action plan at all stages of the attack. Pure Professional Services can help you with up-front planning and preparation. And our Support team is always ready to help SafeMode users during and after an attack.

Part of being prepared is knowing who the attackers are and what they’re after. It’s also important to be aware of—and ready for—the typical stages of a ransomware attack. At each stage, SafeMode provides a powerful way for your organization to prepare, respond, and recover:

  • Before: SafeMode creates immutable snapshots of your data at defined intervals. No single person or process can delete, alter, or encrypt them, even if admin credentials have been compromised.
  • During: SafeMode protects immutable snapshots from the attacking software and encryption. Changing or using snapshots requires action from authorized people at both the organization being targeted and Pure Support.
  • After: Pure and the affected organization work in pre-defined and authorized ways to rapidly recover the data from the stored immutable snapshots. There’s no need to pay the ransom to recover.

To ensure SafeMode is ready, you’ll need to configure a few settings first. These include:

  • Arrays: Configure snapshot intervals and length of storage to balance capacity requirements and risk tolerance.
  • Authorizations: Define the people authorized to work with Pure Support to utilize the snapshots. Connect them with Pure Support.
  • Restoration: Understand and be prepared to implement the recovery process in different disaster and attack scenarios.

Like all software features from Pure, SafeMode comes included with an Evergreen Storage subscription. SafeMode is simple and easy to use and built into both FlashBlade® and FlashArray™.

Many IT teams have activated and set up SafeMode snapshots with minimal help from Pure. But some IT teams may prefer Pure’s help to ensure that everything is ready when they need it.

In any SafeMode implementation, you’ll need to establish several parameters and processes. For example, storing snapshots can lead to additional storage capacity costs. You need to balance capacity costs with risk. You must also make decisions about who is authorized to participate in the recovery process. These decisions, authorizations, and preparations require engagement and participation from several teams in your organization and Pure Support.

The result: Both your IT organization and Pure can be confident that SafeMode is ready to help you recover your critical data in the event of an attack.