Ask a security team what they need most in the wake of a cyber attack, and you likely won’t hear things like manuals, compliance reports, insurance, or PR teams. This is when security teams’ nerves and best laid plans are put to the test. What they really need is to get back online—fast.
When Pure Storage announced the first-of-its-kind ransomware recovery SLA for Evergreen//One™, our storage-as-a-service (STaaS) offering, we were able to finally guarantee organizations a clean storage environment following an attack. This includes a full recovery plan, a data transfer rate, and bundled professional services to help during worst case scenarios.
What has this meant for organizations? Peace of mind, a clean environment to recover to, and augmented staff when you need it most.
The Evergreen//One Ransomware Recovery SLA: A Guaranteed Clean Storage Environment
Many organizations overlook a critical fact of ransomware attacks: Your existing arrays will be off-limits. That means that any affected array flagged for forensic investigation by insurance or law enforcement cannot be used and needs to be left alone. Without the data storage infrastructure to get systems back up and running, you’re stuck.
“By utilizing Pure’s consumption model, we are able to guide clients through uncertain times while also simplifying renewals and ensuring consistent value for their investment. With the current emphasis on sustainability, security, and scalability, Pure’s Evergreen//One solution, which now includes a ransomware SLA guarantee, is able to meet the needs of our clients.” –Juan Orlandini, CTO, North America, Insight
Evergreen//One, an enterprise-grade storage-as-a-service subscription, offers a unique add-on service to mitigate risk with a ransomware recovery SLA that guarantees:
- Next business day shipping of clean recovery array(s)*
- 48 hours to finalize a recovery plan
- 8 TiB/hour data transfer rate
- Bundled services, including technical services engineering to finalize the recovery plan and an onsite professional services engineer from time of array arrival through replacement of infected array(s)
*If shipping to North America, Europe, or the UK. For Asia-Pacific, it will be 48 hours.
Covering Your Before, During, and After an Attack
The Ransomware SLA covers your after an event—but Pure also has your back before and during. That means offering protection, detection, response, and recovery.
No vendor could cover all of this—until now.
This SLA coupled with our latest AIOps innovations is part of our broader strategy to deliver our customers a full, modern resiliency architecture—data storage and services that account for security from every angle. Prevention only goes so far, and backups aren’t always enough, or fast enough.
“Pure’s Evergreen//One offers true Storage as-a-Service that scales alongside us to meet the demands of modern, data-driven healthcare systems. With the new ransomware recovery SLA, our ability to enable the advancement of end-to-end care management, improve patient outcomes and decrease administrative costs will be bolstered by a powerful ransomware recovery strategy.” – Kendra McCormick, Senior Manager of Infrastructure Engineering, HealthEdge
Resilience isn’t just about adding an “air gap” and hoping for the best. It’s what you’re doing to detect and protect, but also how you’ve mapped actions against every scenario and the technologies you have in place to get up and running and restore business operations. And if the worst occurs? You should have all the support you need to get back online to normal operational level as fast as possible, not just a temporary fix.
But that’s not all. We’ve also reinforced every stage of the resilience design lifecycle with our AIOps capabilities and additional service level agreements (SLAs)—meaning you’ve got an even better chance at detecting anomalous behavior before it becomes a threat. If an attack does happen, you can restore business operations as quickly as possible.
Pure1® AIOps: A Smarter Protection Plan for the “Before”
Perhaps the biggest challenge in preventing and detecting ransomware attacks is the “before.” It takes immense power and enormous log data sets to find that needle in the haystack—the anomaly that says “Someone is lurking on your network.” That time pocket is critical.
To help reduce the chances an attacker on your network can escalate from lurking to acting, we’ve added new AIOps features to Pure1. These next-generation capabilities fortify existing protections geared toward the “before” of attack, empowering you to fortify your multilayered strategy.
The Pure1 AIOps platform’s new capabilities include:
1. Data Protection Assessment
Want to know how secure your Pure Storage array is? Our Data Protection Assessment helps you implement Pure’s best practices for local and DR data protection in your own environment to:
- Ensure SafeMode™ is enabled on the array
- Maintain at least one snapshot per day with a seven-day retention
- Check that data is replicated to another array protected by SafeMode
- Verify at least 80% of the objects such as volumes on the array are protected
2. Anomaly detection
Anomaly detection is key to being able to recover quickly after an attack. Pure1 Meta’s AIOps leverages machine learning to identify anomalous drops in data reduction ratios which could indicate that an attack occurred. This detection helps customers understand what volumes were impacted by an attack as well as identifying when the attack took place to quickly identify the ideal recovery time point for backups or snapshots. See it in action on Digital Bytes.
3. Self-service administration and configuration of SafeMode in Pure1
SafeMode is a customer’s last line of defense providing a safety net that prevents the manual eradication of critical snapshots. Pure Storage has implemented stringent security measures to validate requested SafeMode changes in order to prevent social engineering. Traditionally this involves multiple parties to be on the same call to authorize these changes. Pure1 will offer customers a new approach to this method allowing asynchronous and secure authorization, which reduces the need to coordinate schedules and enables them to implement changes much faster.
What Other SLAs Does Evergreen//One Offer?
With Evergreen//One, Pure owns and is responsible for all of a customer’s hardware and maintenance. The same product portfolio that customers get in traditional Pure Storage deployments also supports storage-as-a-service and is backed by concurrently guaranteed SLAs.
Evergreen//One is committed to providing:
- Zero planned downtime for upgrades or maintenance
- 99.9999% uptime guarantee
- 25% storage capacity buffer relative to usage
- Unrivaled storage performance aligned with service tier
- Energy efficiency measured by maximum number of watts per TiB with the Energy Efficiency SLA
- Ransomware recovery guarantee to ship clean array
Read the Evergreen//One Product Guide for more information on service level agreements.
