Ransomware Unveiled: Understanding, Preventing, and RecoveringMaryJWilliams2
Delve into the world of ransomware with our comprehensive PDF submission. Gain a deep understanding of ransomware threats, their impact on businesses, and effective strategies for prevention and recovery. Explore real-world case studies and best practices to mitigate ransomware risks and ensure business continuity. Equip yourself with the knowledge needed to defend against ransomware attacks. To Know more: https://stonefly.com/white-papers/ransomware-faqs/
When data collects in one place, it is called data at rest. Data at rest can be archival or reference files that are changed rarely or never; data at rest can also be data that is subject to regular but not constant change.
When data collects in one place, it is called data at rest. Data at rest can be archival or reference files that are changed rarely or never; data at rest can also be data that is subject to regular but not constant change.
Ransomware Unveiled: Understanding, Preventing, and RecoveringMaryJWilliams2
Delve into the world of ransomware with our comprehensive PDF submission. Gain a deep understanding of ransomware threats, their impact on businesses, and effective strategies for prevention and recovery. Explore real-world case studies and best practices to mitigate ransomware risks and ensure business continuity. Equip yourself with the knowledge needed to defend against ransomware attacks. To Know more: https://stonefly.com/white-papers/ransomware-faqs/
When data collects in one place, it is called data at rest. Data at rest can be archival or reference files that are changed rarely or never; data at rest can also be data that is subject to regular but not constant change.
When data collects in one place, it is called data at rest. Data at rest can be archival or reference files that are changed rarely or never; data at rest can also be data that is subject to regular but not constant change.
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom.
In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.
Nowadays Organisations rely on data heavily to increase the efficiency and effectiveness of their business activities. It is necessary for organisations to secure their database from external attack in other to ensure confidentiality, integrity and availability. Different approaches to protect sensitive database are needed in an enterprise environment and can be combined together to strengthen an organization's security posture, while minimizing the cost and effort of data protection. Some of which are explained below. 1
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Trend Micro: This talk examines an overarching security strategy for your deployment, pulled from the real-world experiences of top companies around the world. Paired with services like AWS Lambda, this strategy can result in a unified view of your deployment and automatically respond to incidents – regardless of scale.
In this on demand webinar experts from Storage Switzerland and Commvault discuss the top 10 reasons that backup breaks and how to fix it. Attendees will learn how they can make backup a reliable and cost-effective IT process, that their organization can count on when they need it most.
Data Governance Trends and Best Practices To Implement TodayDATAVERSITY
Would you share your bank account information on social media? How about shouting your social security number on the New York City subway? We didn’t think so either – that’s why data governance is consistently top of mind.
In this webinar, we’ll discuss the common Cloud data governance best practices – and how to apply them today. Join us to uncover Google Cloud’s investment in data governance and learn practical and doable methods around key management and confidential computing. Hear real customer experiences and leave with insights that you can share with your team. Let’s get solving.
Topics that you will hear addressed in this webinar:
- Understanding the basics of Cloud Incident Response (IR) and anticipated data governance trends
- Best practices for key management and apply data governance to your day-to-day
- The next wave of Confidential Computing and how to get started, including a demo
As the threat landscape continues to accelerate and evolve, the security industry continues to respond with a variety of disparate new detection technologies. Unfortunately, this approach results in customers struggling to manage a patchwork of uncoordinated security tools, leaving a gap between detection and enforcement at the firewall. So why not consider a open based Next Generation Firewall that not only support proprietary reputation feeds, but highly diverse third party and custom feeds available on the market, within industry groups, or sourced directly by your customer?
MT50 Data is the new currency: Protect it!Dell EMC World
Data is meant to roam, and contrary to popular opinion, better security is better business. But endpoints and users remain the key vulnerability to even the most robust security programs. In fact, 95% of all breaches occur at the endpoint, and organizations can still be susceptible to the latest viruses and malware. In this session you will learn how to protect your data on digital and physical workstations throughout the organization, wherever employees use it – at home, on the road, collaborating with partners, and more.
Learn more at Dell.com/datasecurity
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
More data outside of the data center is staying on endpoints and in the cloud than ever before. That means the risks to that data are also at an all time high. Plus regulations encompassing end-user data are also increasing, challenging IT to manage data when they have less control than ever. IT needs more than an endpoint protection plan, it needs an end-user data strategy.
In this webinar, learn how to evolve from an endpoint data protection plan to a comprehensive end-user data strategy.
Information Security Management. Security solutions copyyuliana_mar
Information Security Management. Introduction.
By Yuliana Martirosyan,
Based on Bell G. Reggard, Information Security Management. Concepts and Practices.
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom.
In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.
Nowadays Organisations rely on data heavily to increase the efficiency and effectiveness of their business activities. It is necessary for organisations to secure their database from external attack in other to ensure confidentiality, integrity and availability. Different approaches to protect sensitive database are needed in an enterprise environment and can be combined together to strengthen an organization's security posture, while minimizing the cost and effort of data protection. Some of which are explained below. 1
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Trend Micro: This talk examines an overarching security strategy for your deployment, pulled from the real-world experiences of top companies around the world. Paired with services like AWS Lambda, this strategy can result in a unified view of your deployment and automatically respond to incidents – regardless of scale.
In this on demand webinar experts from Storage Switzerland and Commvault discuss the top 10 reasons that backup breaks and how to fix it. Attendees will learn how they can make backup a reliable and cost-effective IT process, that their organization can count on when they need it most.
Data Governance Trends and Best Practices To Implement TodayDATAVERSITY
Would you share your bank account information on social media? How about shouting your social security number on the New York City subway? We didn’t think so either – that’s why data governance is consistently top of mind.
In this webinar, we’ll discuss the common Cloud data governance best practices – and how to apply them today. Join us to uncover Google Cloud’s investment in data governance and learn practical and doable methods around key management and confidential computing. Hear real customer experiences and leave with insights that you can share with your team. Let’s get solving.
Topics that you will hear addressed in this webinar:
- Understanding the basics of Cloud Incident Response (IR) and anticipated data governance trends
- Best practices for key management and apply data governance to your day-to-day
- The next wave of Confidential Computing and how to get started, including a demo
As the threat landscape continues to accelerate and evolve, the security industry continues to respond with a variety of disparate new detection technologies. Unfortunately, this approach results in customers struggling to manage a patchwork of uncoordinated security tools, leaving a gap between detection and enforcement at the firewall. So why not consider a open based Next Generation Firewall that not only support proprietary reputation feeds, but highly diverse third party and custom feeds available on the market, within industry groups, or sourced directly by your customer?
MT50 Data is the new currency: Protect it!Dell EMC World
Data is meant to roam, and contrary to popular opinion, better security is better business. But endpoints and users remain the key vulnerability to even the most robust security programs. In fact, 95% of all breaches occur at the endpoint, and organizations can still be susceptible to the latest viruses and malware. In this session you will learn how to protect your data on digital and physical workstations throughout the organization, wherever employees use it – at home, on the road, collaborating with partners, and more.
Learn more at Dell.com/datasecurity
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
More data outside of the data center is staying on endpoints and in the cloud than ever before. That means the risks to that data are also at an all time high. Plus regulations encompassing end-user data are also increasing, challenging IT to manage data when they have less control than ever. IT needs more than an endpoint protection plan, it needs an end-user data strategy.
In this webinar, learn how to evolve from an endpoint data protection plan to a comprehensive end-user data strategy.
Information Security Management. Security solutions copyyuliana_mar
Information Security Management. Introduction.
By Yuliana Martirosyan,
Based on Bell G. Reggard, Information Security Management. Concepts and Practices.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
2. Huawei Confidential
2
Ransomware Has Become a Major Threat to the Digital World
Average ransom demanded in 2022
Source: IDC 2022
US$150,000
43% of enterprises paid ransom.
Source: IDC 2022
43%
Ransomware attacks result in
system shutdown for an average
of
5 working days.
Source: IDC 2022
5 days
In 2021, every 11 seconds, an
organization somewhere in the
world suffered a ransomware attack.
By 2031, it is predicted that this will
increase to every 2 seconds.
Source: Cybersecurity Ventures
Every 11
seconds
US$70 million
The largest ransom demanded
to-date
Of enterprises attacked again after
paying a ransom
Source: Cybereason
80%
IDC report: In 2022, 35% of organizations around the world experienced three to four ransomware incidents.
3. Huawei Confidential
3
Challenges Brought by Ransomware Attacks to Enterprises
Difficult recovery
Difficult protection
Difficult detection
45 mins
Fastest penetration time
46%
Paid ransom to resume business
5 days
Average interruption time
2021H2 2022H1
5400 10666
↑98%
Number of ransomware variants
Undetectable
Ransomware attacks can hide in
disguise to bypass detection.
Spam Web ads System
vulnerabilities
USB flash
drives
Expanded attack paths
In 2022, malware attacks on the Internet
of Things (IoT) increased by 77%.
PC & server
Server
Storage
Virtualization
IoT
Individual
devices
Enterprise
devices
Individuals
Groups Visible
Hidden
Semi-professional
Professional Limited protection methods
Unlimited attack modes
Source: FortiGuard Source: Microsoft Source: IDC
Source: Cybereason
4. Huawei Confidential
4
Traditional Ransomware Protection Features Cannot Adapt to
Increasingly Complex Ransomware Attacks
Phase 1:
Intrusion
Client & server
primary storage
Storage
Gains device
credentials to
lock it
Hidden channel
1. Self-destructs
ransomware and releases
the ransomware module to
provide ransom information
2. The ransomware with the
secondary infiltration function
is implanted into a backdoor
channel for the secondary
attack or expanding the attack
scope.
Snapshot and online backup
Attacker
User
File Database …
Storage
Storage
Network Perimeter Network
Sends a phishing
mail
Hacker
Internet
1
Brute-force cracking
and remote
connection
2
Searches for the target
host to implement
lateral diffusion
3 File
4
Phase 2:
Diffusion
Phase 3:
Encryption
Phase 4: Self-
destruction
Signature database-based
protection
File restoration, deception, traffic
collection, and partitioned isolation
Backup system
The protection can be bypassed by zero-day vulnerability exploits, attacks
that are not recorded in the signature database, and attacks using a different
path than the protection path.
Traditional
Protection
Attack Path
Major Issues The backup system is difficult to recover or cannot be recovered, as
it is a main target of the ransomware.
Attack Phase
IDC: Ransomware resilience is a team effort. It requires organizations to break down barriers between network, storage, and data protection processes
to ensure that end-to-end risks are addressed holistically. Deeper collaboration between storage and networks, along with the use of AI capabilities, also
ensures that there is effective and speedy detection, isolation, remediation, and prevention strategies.
5. Huawei Confidential
5
Many Countries/Regions Have Issued Laws and Regulations for Data Protection
Sheltered Harbor
NIST Cybersecurity
Framework
General Data
Protection Regulation
(GDPR)
Secure Tertiary
Data
Backup (STDB)
Guideline
Ransomware
Defense Guide
• Immutable
• Survivable
• Air-gapped
• Secure
• Controlled
• Verifiable
• Assurance
• Heterogeneous
• High performance
• Sort and manage assets by level and category.
• Back up important data and systems.
• Set up complex passwords and keep them confidential.
• Regularly perform security risk assessment.
• Frequently perform virus scanning and disable ports.
Security isolation
Data detection
Data tampering
prevention
Data encryption
• Financial member organizations must extract key customer accounts in a
standardized format and encrypt data.
• Data is transferred to a 'vault' or isolation area. Data in the vault is unchangeable,
isolated, recoverable, and subject to decentralized management.
• An emergency recovery process is formulated.
• Identification: asset management, business environment, governance, risk assessment, risk management strategy,
and supply chain risk management
• Protection: identity identification and access control, personnel awareness training, data security, data protection,
and maintenance and protection technologies
• Detection: anomaly and event alarms, continuous security monitoring, and process compliance detection
• Response: security incident response capability (planning, communication, analysis, mitigation, and improvement)
• Recovery: recovery plan and improvement measures
• Personal data must be pseudonymized or anonymized for storage, and the highest privacy
settings must be used by default.
• All personal data must be collected and processed in accordance with relevant laws and
regulations.
• The data owner has the right to revoke data permissions at any time.
• Properly perform identity authentication and
permission management.
• Formulate and employ strict access control
strategies.
• Improve personnel's security awareness.
• Develop an emergency response plan.
6. Huawei Confidential
6
Defense Detection + Response
Data
A Multi-Layer Protection System Is the Most Effective Defense Against
Ransomware Attacks
Northrop Grumman's Defense in Depth (DiD) model
Building data-centric storage security capabilities
In the face of ransomware attacks,
secure storage enables attacks to be
preventable and identifiable and data
to be recoverable.
7. Huawei Confidential
7
Storage Ransomware Prevention Solution Panorama: Unified Security
Policy Management for Multiple Types of Storage and Proactive Defense
OceanStor Pacific
OceanProtect
OceanStor Dorado
OceanStor Dorado
Production center
Isolated zone for
production
OceanCyber
Data Security Appliance
Isolated zone
for backup
OceanProtect
Isolated storage for
production
Isolated storage for
backup
Security
policy
Detection &
analysis
Proactive
defense
Security O&M
Air Gap
Air Gap
Data tampering prevention
8. Huawei Confidential
8
Security Policy: Industry's Only Unified Security Management for Multiple
Types of Storage
OceanStor Pacific
OceanProtect
OceanStor Dorado
Production center
OceanCyber
Data Security Appliance
Security policy Detection &
analysis
Proactive
defense
1 2 3
1
Security situation display
2
Recovery management of secure copies
3
Industry's only security management that
supports access by multiple types of storage
Access management
for multiple types of
storage
Security
situation
display
Recovery
management of
secure copies
9. Huawei Confidential
9
Data Tampering Prevention: WORM & Secure Snapshot
Application backup copy data
1
WORM file system Secure snapshot
2
Production/Backup data
Backup
Backup resource pool
You can set a protection period for the production
or backup data to prevent data modification or
deletion during this period.
WORM file system
Read-only snapshots do not allow deletion or
modification during a configured protection period.
Secure snapshots of backup copies
OceanStor Dorado
/OceanProtect
10. Huawei Confidential
10
Data Tampering Prevention: Secure Snapshot
Manual/scheduled
creation of secure
snapshots
Protection period
setting
(1 day to 20 years)
Automatic deletion of
snapshots upon
expiration of the
protection period
(optional)
Quick snapshot rollback
in the event of
ransomware
OR
A snapshot cannot be deleted before the protection period
expires. The protection period can be extended but cannot be
reduced.
Secure snapshot
1 day to 20 years, and the snapshot can be automatically
deleted once the retention period expires.
Retention period
When configuring the HyperCDP Schedule, activate Secure
Snapshot feature directly to automatically create snapshots.
Scheduled creation
Manually create a secure snapshot or convert a created
snapshot to a secure snapshot.
Manual creation
Local: Short retention period (7 to 14 days)
Remote: Long retention period (14 to 30 days)
Compliance: Use secure snapshots to meet retention period
requirements.
Configuration recommendations
11. Huawei Confidential
11
Data Tampering Prevention: WORM
Commvault
Storage Policy
WORM Storage
WORM file system
Commvault delivers the locking
policy to OceanProtect.
OceanProtect checks whether the
locking time falls within the
minimum and maximum protection
periods. If so, OceanProtect
performs locking.
NetBackup
Policy
Advanced Disk
WORM file system
NetBackup backs up data to
OceanProtect.
After the backup is complete, if
OceanProtect does not detect any write
behavior within the locking wait
duration, OceanProtect performs
locking. The locking duration is the
default protection period of
OceanProtect (automatic locking needs
to be enabled).
NetBackup
NetBackup integrates with WORM of OceanProtect by
using Advanced Disk. (WORM Automatic Lock must be
enabled and default lock time must be configured.)
Commvault
Commvault integrates with WORM of OceanProtect by
using WORM Storage.
Other backup software
Integrates with OceanProtect secure snapshot to prevent
tampering.
Backup
copy
Backup
copy
Backup
copy
Backup
copy
Backup
copy
Backup
copy
12. Huawei Confidential
12
Detection and Analysis: Fast Detection, Accurate Identification,
and Zero Impact
Production center
"99.9%" detection and analysis accuracy
Zero impact on production
Up to 50 TB/hour detection and analysis performance
OceanStor Pacific
OceanProtect
OceanStor Dorado
Huawei OceanCyber
Data Security Appliance
Security
policy
Detection &
analysis
Proactive
defense
File
system
detection
Snapshot T1
Snapshot T2
Snapshot T3
File trend
Capacity trend
(GA in 2023 H2)
File entropy trend
Detecting
suspicious
copies
13. Huawei Confidential
13
Encrypted
data
• Partially or fully
encrypting data
• Fast encryption
• Generating special
name extensions
Quantity trend
File entropy changes
File type changes
File change rate
File name extension
change rate
File metadata
changes
Trend analysis of new files
Type trend
Name trend Size trend
Entropy trend
Quantity trend
Trend analysis of modified files
Type trend
Name trend Size trend
Entropy trend
Quantity trend
Trend analysis of deleted files
Type trend
Detection and Analysis: Ransomware Attack Detection Process
Detecting
suspicious
copies
14. Huawei Confidential
14
Item Detection and Analysis Virus Detection
Target
Checking the integrity of data backup
copies
Detecting malware and hidden malware
Result Secure recovery Deleting malware
Checking contents Service data and backup data Terminals and networks
Identifying
malicious attack mode
Recoverability, damage, and encryption Signature, behavior, and unique attributes
Frequency Near real-time and scheduled Real-time
Detection and Analysis of Ransomware vs. Antivirus Software Virus
Detection
15. Huawei Confidential
15
Air Gap: Secure Physical Isolation
You can use OceanStor BCManager to manage Air Gap
replication policies (replication window period, replication group,
detection after replication, and secure snapshot creation) only
within the isolation scope.
Policy orchestration
OceanProtect
OceanStor
Dorado
Production zone Isolation zone
Recovery
verification host
OceanStor
Dorado
Switch
OceanStor
Pacific
Switch
OceanProtect
Switch
OceanStor
BCManager
Management
console
Production center
1. Configure an Air Gap
replication policy on
OceanStor BCManager
3. Start
asynchronous
replication of
underlying
storage data
2. Enable
replication ports
within the
replication time
window
4. Disable replication ports
after the replication is complete
5. Periodically restore
and verify data in the
isolation zone
6. Routine O&M
management
Networking mode
Configuration requirements
• Replication from OceanStor Dorado to OceanStor hybrid flash
storage
• Independent physical network required for Air Gap replication
(configuration of independent switches required)
• Air Gap replication of the primary storage not supported in the
DR Star scenario
• Configuration of BCManager eReplication software (which can
be deployed on physical and virtual servers) required for the
isolation zone
• Management console (must satisfy minimum resource
requirements)
• Recovery verification host (must satisfy service verification
resource requirements)
16. Huawei Confidential
16
Proactive Defense: Replacing Passive Response with Proactive
Defense (GA in 2023 H2)
OceanStor Pacific
OceanProtect
OceanStor Dorado
Production center
OceanCyber
Data Security Appliance
Security
policies
Detection &
analysis
Proactive
defense
1 3 Data recovery
Isolation zone
OceanStor BCManager
Replication SLA
OceanStor Dorado/OceanProtect
Risk discovery and
proactive defense
OceanCyber proactively
disconnects the Air Gap replication
link to reduce the risk of attacks in
the isolation zone.
Air Gap link disconnection
If a ransomware attack is detected,
the secure snapshot creation policy is
triggered immediately to prevent
further damage from being incurred.
Proactive secure snapshot creation
Provides a recommended "clean"
copy for secure recovery.
Data recovery
Air Gap link
disconnection
2
Proactive
snapshot creation
17. Huawei Confidential
17
Data center-level secure O&M
• Unified management of primary storage,
backup, compute, and network
resources
• Full-stack ransomware protection
configuration and alarm
• One-click data recovery and security
configuration
Health evaluation
• Security risk identification
• Alarm situation analysis
• Security and health scoring
Security O&M: Easily Configure and Maintain Storage Ransomware
Protection in Conjunction with DME
Ransomware alarm
Ransomware
protection
policy
configuration
Security
configuration
check
Ransomware
alarm
management
Ransomware
protection
response
orchestration
Detection
model
management
OceanCyber
Data Security Appliance
OceanStor Pacific
OceanProtect
OceanStor Dorado
18. Huawei Confidential
18
OceanCyber Hardware Specifications
Huawei OceanCyber 300
Huawei OceanCyber 300
Overall architecture TaiShan 200 2280 (Kunpeng 920, 2 x 32-core 2.6 GHz), 128 GB cache, 2 U rack server
Max. number of nodes Single node, single server instance
System disk 960 GB SAS SSD x 2, RAID 1
Data disk 10 TB SATA HDD x 2, RAID 1, disk expansion not involved
Management network port 2, GE, used for service management of the OceanCyber Appliance
Maintenance network port 1, GE, management network port, used for TaiShan 200 2280 server management
Data network port
2 x 25GE optical ports (used for data-plane communication of ransomware detection)
2 x 100GE optical ports (optional, used for data-plane communication of ransomware detection)
19. Huawei Confidential
19
OceanCyber Networking
NIC Module Port
Cable
Connection
IP Address Planning Description
SmartIO interface
module 1
P0 Mandatory
This port and P1 of the SmartIO interface module 1 must be bonded and
share the same management network IP address. Two GE electrical ports are used for service management of the OceanCyber Appliance
and communication with the management plane of the storage system. The ports need
to be connected to the management network switch of the data center.
P1 Mandatory
This port and P0 of the SmartIO interface module 1 must be bonded and
share the same management network IP address.
P2 Idle Not used. No network cable is connected. This network port is not used in the current version.
P3 Idle Not used. No network cable is connected. This network port is not used in the current version.
SmartIO interface
module 2
P0 Mandatory
This port and P1 of the SmartIO interface module 2 must be bonded and
share the same service network IP address.
Two 10GE/25GE optical ports are used to connect to the protected storage device
(NFSv3) and perform ransomware detection and analysis on the NAS file system of the
storage device.
Switches on the data center service network need to be connected.
P1 Mandatory
This port and P0 of the SmartIO interface module 2 must be bonded and
share the same service network IP address.
P2 Idle Not used. No network cable is connected. This network port is not used in the current version.
P3 Idle Not used. No network cable is connected. This network port is not used in the current version.
(Optional) 100GE
NIC
P0 Optional
This port and P1 of the 100GE NIC must be bonded and share the same
service network IP address.
Two 100GE optical ports are used to connect to the protected storage device (NFSv3)
and perform ransomware detection and analysis on the NAS file system of the storage
device.
Switches on the data center service network need to be connected.
P1 Optional
This port and P0 of the 100GE NIC must be bonded and share the same
service network IP address.
Management
network port
P0 Mandatory One BMC network IP address is configured. One GE electrical port is used to provide hardware device management.
20. Huawei Confidential
20
Primary storage: OceanStor
Dorado/OceanStor Pacific
Total disk space of an array: 76.8 TB (physical capacity)
Capacity for
inspection: 10 TB
OceanCyber300
1. Primary storage/Scale-out scenario 2. Backup storage scenario
OceanCyber License Quotation Mode: Front-end Capacity
License + Service SnS
Capacity for
inspection: 500 TB
OceanCyber300
Backup storage: OceanProtect
Total disk space for backup storage: 76.8 TB
(physical capacity)
Full backup
performed 50 times
OceanStor Dorado or
third-party primary
storage
2
3
1
2
3
4 4
1
500 TB
(Backup back-end logical
capacity)
Front-end production
system capacity (before
deduplication): 10 TB
Actual storage
capacity occupied after
deduplication: 5 TB
50 TB (Used capacity of backup
copies after deduplication – Used
physical capacity of the back-end)
Writing data with a 10:1
data reduction ratio
Writing data with a 2:1
data reduction ratio
Front-end
production system
capacity: 10 TB
21. Huawei Confidential
21
Industry's First Ransomware Protection Solution with Network-Storage
Collaboration (GA in 2023 H2)
• Storage protection actions in advance
and service recovery in seconds
• Fastest recovery speed in the industry:
172 TB/h
Faster recovery
• Two lines of defense and six layers
of protection, making it harder to
attack IT systems
Harder to attack
• Multi-layer collaborative detection,
with an accuracy rate of 99.9%
• Automatic threat handling,
simplifying O&M
More accurate identification
*Available in September
MRP* architecture
Storage resources
Storage security protection
1
Storage
detection
2 Secure snapshot 3 Backup protection 4
Isolation zone
protection
Network security protection
1 Network intrusion
prevention
2 Spread
prevention
Isolation zone
All-flash storage
OceanStor Dorado
backup storage
OceanProtect
Enterprise intranet Production zone
Detection/Disposal/Recovery
Network-storage
collaboration
Security situation
awareness
HiSec Insight
Sandbox
FireHunter
2
Firewall
HiSecEngine
1
… ...
Data management
engine
OceanCyber
Data Security Appliance
Abnormal event report Response policy delivery
backup storage
OceanProtect
scale-out storage
OceanStor Pacific
all-flash storage
OceanStor Dorado
1 2 3
Air Gap 4
Detection & analysis | Tampering prevention | Encryption | ...
22. Huawei Confidential
22
Summary: Building a Three-dimensional Protection Network to
Ensure User Data Continuity
Enterprise data center
Production storage
OceanStor Dorado/…
Isolation zone
Isolation zone
storage
Air Gap
Scenario 1: Single service system
1
1
1
ERP HIS Core Bank CRM ...
Finance
Government
Energy Manufacturing ...
• Layer 1: The production storage detects and intercepts ransomware,
preventing viruses from infecting systems.
• Layer 2: Secure snapshots of production storage are restored in
seconds, making data modification impossible.
• Layer 3: Quick recovery is performed using the local backup, preventing
data loss.
• Layer 4: Offline data protection is performed in the Air Gap isolation
zone, preventing viruses and attackers from gaining access.
Comprehensive protection: four-layer three-
dimensional protection solution, the most
comprehensive in the industry
Accurate identification: 99.9% identification
rate, the highest in the industry
Comprehensive pre-event, in-event, and post-event ransomware detection
capabilities, enabling fast and accurate identification of ransomware
attacks and proactive data protection
• Recovery of local secure snapshots in seconds
• Recovery speed of backup storage up to 172 TB/hour, five times
that of the industry average
Fast recovery: fastest data recovery in the industry
Sandbox
Firewall
Network domain
Centralized security
management
3
Scenario 3: Data center ransomware protection
Situation
awareness
3
OceanCyber
Data Security Appliance
OceanStor
Dorado/OceanProtect
entry-level storage
2
Scenario 2: Multi-service system (including reuse)
Built-in ransomware
protection solution
Detection and analysis | Tampering
prevention | Leakage prevention |...
23. Huawei Confidential
25
* Internal use only
South Africa's Eskom Enhances Data Security with Huawei Ransomware
Protection Storage Solution
30% lower TCO, unified management of
ransomware protection, and easy O&M
The data reduction ratio increases from 2:1 to 4:1, reducing the backup
time. Incremental backups are performed every day, and copies are
retained for 15 days. The production and backup data center uses the
same ransomware protection architecture for centralized management of
all production storage, reducing system complexity.
Eskom is the largest electric power company in Africa and supplies around 95% of South Africa's power and 60%
of Africa's power. It has 3 data centers, 9 sub-centers, and 300+ branch sites.
3X higher recovery performance and 99.999%
SLA for electric power
Recovery of secure snapshots in seconds; LUN replication enables 56
TB/hour recovery speed of primary storage and 22 TB/hour recovery
speed of backup data.
Zero data tampering and deletion, ensuring
electricity production security
Secure snapshots ensure that data backup cannot be modified or
deleted, while the physical Air-Gap provides an isolation zone. These
provide dual protection to ensure data copy security and reliability.
Ransomware Protection Storage Solution for Eskom
Multi-center ransomware protection: built-in ransomware
protection in the production data center + Air Gap isolation zone
OceanStor Dorado
production storage
FC switch
OceanStor Dorado
OceanStor BCManager
Firewall
Air Gap
Megawatt park data center/DR data center
(production/DR data center)
OceanProtect
backup storage
Other vendors'
production storage
OceanProtect
backup storage
Production server cluster Dedicated backup server
10GE encrypted
replication link
Secure snapshot
Storage encryption
24. Huawei Confidential
26
China's Wanhua Chemical Safeguards Production Data with Huawei
Ransomware Protection Storage Solution
50% TCO reduction
Commvault + OceanProtect WORM supports file-level anti-tamper and
increases the data reduction ratio from 3:1 to 20:1 to improve cost
efficiency.
Zero data tampering and leakage
Secure snapshots are anti-tampering, preventing backup copies
from loss in the event of ransomware attacks. The array encryption
technology using a dedicated CPU-based encryption/decryption
module ensures lossless production service performance and zero
data leakage.
E2E recovery of core production
services within 4 hours
Security snapshots are created for production storage every 4 hours,
and for production isolation storage every 24 hours, and retained for 15
days to ensure production service continuity.
Wanhua Chemical is an industry-leading new chemical materials company that ranked 17th in C&EN's Global Top 50 Chemical Industry in 2021.
Wanhua Chemical has 24 branches worldwide, 6 production bases, and 12 national labs.
…
Media server
Backup server
Backup agent
Backup software: Commvault
ESXi
FC switch
production storage
OceanStor Dorado OceanStor Dorado
Security
isolation
zone
Physical
isolation
OceanStor BCManager
isolated production storage
Production server cluster
Backup agent Backup agent
OceanProtect
OceanProtect
backup storage
Multi-center ransomware protection: built-in ransomware protection in the
production data center + Air Gap isolation zone
Data tampering
prevention
Secure
snapshot
Data leakage
prevention
Array
encryption
Data tampering
prevention
Secure snapshot
Data leakage
prevention
Array encryption
Data tampering
prevention
WORM