All Pure Storage Sponsored Tech Note

New Releases to Optimize Ransomware Resiliency at Pure//Accelerate 2023

As ransomware attacks continue to be prevail, posing risks to organizations irrespective of size, the stakes are mounting even higher for targeted enterprises. In response, Pure Storage is adding new layers of protection that provides Evergreen//One customers the ability to bounce back at minimum damage after an attack. 

At Pure//Accelerate in Las Vegas last week, Pure Storage announced several new exciting features aimed at helping customers to have better resiliency around ransomware detection and response, and an enhanced support SLA for the Evergreen//One customers. The tools include AI-driven anomaly detection to help recover readily from attacks. 

The Challenges of Ransomware Recovery

One of the challenges companies face when trying to recover from a ransomware attack is isolating their existing storage for forensic analysis. Whether it is for insurance, police, or root cause purposes, having known a clean storage is a concern. 

The ransomware recovery service introduced this week aims to solve this by shipping clean storage arrays to customers soon after an attack. Pure will also provide a professional services engineer on-site to help bring it up. 

Additionally, the service includes support from Pure’s Data Protection Alliance partners, such as Veeam and Rubrik, to help customers with the software components to restore their data cleanly.

Early Detection

One of the features that Pure introduced is the Data Protection Assessment tool set which helps compare the current configuration against Pure Storage’s best practices for local and remote data protection. It enables protecting data on the array from attack or even administrators’ mistakes. 

The other aspect is anomaly detection, which looks at the compression ratio of the data over time and looks for a reduction in the ratio. The array cannot effectively compress encrypted data, and a sudden decrease can indicate an attack (or a DBA encrypting databases without telling anyone). Because this monitoring looks at the entire compression ratio for an array and not just individual pages, it can effectively make some very early detections.

The other protection aspect is Pure1 Enhanced SafeMode™ which helps customers take advantage of SafeMode. SafeMode is a data protection solution built into Pure arrays. SafeMode allows customers to protect their snapshots from attack with multiple layers of technical and logical protections. For example, changes to SafeMode are only possible when two authorized users of the organization (who must authenticate with a PIN) conference with Pure support. 

SafeMode ensures that snapshots are immutable (unable to be updated) and ineradicable (cannot be removed from the array). It allows administrators to define a non-zero snapshot deletion period. 

SafeMode increases storage requirements, and to help customers find those requirements, Pure provides a capacity planner to help customers understand the storage impact of their SafeMode policies.

This capacity planner allows customers to plan for their storage needs, balancing data protection and storage volume.

Leveraging AI

Pure has expanded the recommendation function in the Pure1 management portal to supply curated recommendations to help users avoid capacity and performance shortfalls. Pure Storage built these recommendations using the best practices and data science seen across all their customer workloads. Users can bring this guidance into the Pure1 planner for further analysis and tuning, and it lets them request quotes for new storage configurations directly from the portal. 


With these features, Pure Storage has used data science and its best-in-class customer support to help users quickly identify and recover from ransomware attacks. Building this intelligence into the Pure ecosystem helps them plan data protection and capacity without complexity. 

Find out more about what happened at Pure Accelerate or get more information about Pure Storage and their products on their website.

About the author

Joey D'Antoni

Thought leader with 15 years of IT experience, working with a wide variety of data platforms including Microsoft SQL Server, Oracle, Hadoop and other data platforms. Extensive experience in cloud design and architecture, specifically focused on hybrid cloud models. Strong experience in clustering and storage. Frequent speaker at major IT conferences such as TechEd, PASS Summit, NoSQL Now, PASS Business Analytics Conference. SQL Server MVP, Dun and Bradstreet MVP.

Leave a Comment