This past weekend, I got to experience with another customer an unexpected intrusion, one of the worst I’ve honestly experienced in my years. Once I was onsite and got to see the level of sophistication on this attack, I realized that we had our work cutout for us.
- Backup solution, gone…
- User Files, hijacked…
- VMFS datastores, encrypted…
- Pure Storage Primary Array snapshots, deleted + eradicated…
The first 2 in that list are ones that yeah, we see quite often during these scenarios. But those last 2, ESPECIALLY the last one really made me realize how intrusive this was. This mean that somebody physically got access to the array to issue the commands to delete the snapshots.
So we had a situation where the volumes were encrypted and snapshots deleted. And no backups. Insert sad face here…
But thankfully, the primary Pure array had been configured to replicate the snapshots over to the DR array. After researching the access to data there, we were confident that the attack did not touch the snapshots that were replicated to the DR array.
We were able to start the process to restore the snapshots back to volumes on the DR to the timeframe prior to the known event timeline, and then replicate those volumes back to the Primary array and begin to restore services.
So based on Pure’s ability for snapshots on volumes and amazinly ease of use to replicate those snapshots between arrays, we were able to start to bring services back sooner than many of us expected. Good news there.
So why did I write this post?
Well first off, was to talk about the awesome capabilites that Pure Storage has built into their arrays, and the ease of use for this specific DR scenario to provide customers a very resilient platform.
Secondly, while reading the latest Pure Flash Array release blog today found here, I noticed a very timely and awesome feature set that we’ve come to expect from our Next-Gen backup solutions from Cohesity and Rubrik – immutable data!
With Pure bringing immutable snapshots to the Flash Array – a feature available with FlashBlade, customers can now benefit from the simplicity of the Pure array with much improved security.
Your Data. Secured Simply from Ransomware
Ransomware attacks are on the rise and top of mind from the data center to the boardroom. The most expensive aspect of a ransomware attack is often the downtime experienced in the efforts to bring data back online. While the actual attacks can have the most immediate financial impact, the reputational risks can’t be ignored. With Purity//FA 6.1, FlashArray with SafeMode™ snapshots helps reduce attack-related downtime with:
- Immutable snapshots
- Retention-based policies that can secure data for up to 30 days (even given compromised admin credentials
- Granular administrative control over expired data that can be restored in seconds.
Great job Pure Storage for continuing to release features that continue to elevate the platform for what customers need!