SlideShare a Scribd company logo

Huawei Ransomware Protection Storage Solution Technical Overview Presentation 2023 05.pdf

L
LuisMiguelPaz5

Huawei Cloud

Data & Analytics
1 of 25
Download to read offline
Huawei Ransomware Protection Storage Solution
Huawei Confidential 2 Ransomware Has Become a Major Threat to the Digital World Average ransom demanded in 2022 Source: IDC 2022 US$150,000 43% of enterprises paid ransom. Source: IDC 2022 43% Ransomware attacks result in system shutdown for an average of 5 working days. Source: IDC 2022 5 days In 2021, every 11 seconds, an organization somewhere in the world suffered a ransomware attack. By 2031, it is predicted that this will increase to every 2 seconds. Source: Cybersecurity Ventures Every 11 seconds US$70 million The largest ransom demanded to-date Of enterprises attacked again after paying a ransom Source: Cybereason 80% IDC report: In 2022, 35% of organizations around the world experienced three to four ransomware incidents.
Huawei Confidential 3 Challenges Brought by Ransomware Attacks to Enterprises Difficult recovery Difficult protection Difficult detection 45 mins Fastest penetration time 46% Paid ransom to resume business 5 days Average interruption time 2021H2 2022H1 5400 10666 ↑98% Number of ransomware variants Undetectable Ransomware attacks can hide in disguise to bypass detection. Spam Web ads System vulnerabilities USB flash drives Expanded attack paths In 2022, malware attacks on the Internet of Things (IoT) increased by 77%. PC & server Server Storage Virtualization IoT Individual devices Enterprise devices Individuals Groups Visible Hidden Semi-professional Professional Limited protection methods Unlimited attack modes Source: FortiGuard Source: Microsoft Source: IDC Source: Cybereason
Huawei Confidential 4 Traditional Ransomware Protection Features Cannot Adapt to Increasingly Complex Ransomware Attacks Phase 1: Intrusion Client & server primary storage Storage Gains device credentials to lock it Hidden channel 1. Self-destructs ransomware and releases the ransomware module to provide ransom information 2. The ransomware with the secondary infiltration function is implanted into a backdoor channel for the secondary attack or expanding the attack scope. Snapshot and online backup Attacker User File Database … Storage Storage Network Perimeter Network Sends a phishing mail Hacker Internet 1 Brute-force cracking and remote connection 2 Searches for the target host to implement lateral diffusion 3 File 4 Phase 2: Diffusion Phase 3: Encryption Phase 4: Self- destruction Signature database-based protection File restoration, deception, traffic collection, and partitioned isolation Backup system The protection can be bypassed by zero-day vulnerability exploits, attacks that are not recorded in the signature database, and attacks using a different path than the protection path. Traditional Protection Attack Path Major Issues The backup system is difficult to recover or cannot be recovered, as it is a main target of the ransomware. Attack Phase IDC: Ransomware resilience is a team effort. It requires organizations to break down barriers between network, storage, and data protection processes to ensure that end-to-end risks are addressed holistically. Deeper collaboration between storage and networks, along with the use of AI capabilities, also ensures that there is effective and speedy detection, isolation, remediation, and prevention strategies.
Huawei Confidential 5 Many Countries/Regions Have Issued Laws and Regulations for Data Protection Sheltered Harbor NIST Cybersecurity Framework General Data Protection Regulation (GDPR) Secure Tertiary Data Backup (STDB) Guideline Ransomware Defense Guide • Immutable • Survivable • Air-gapped • Secure • Controlled • Verifiable • Assurance • Heterogeneous • High performance • Sort and manage assets by level and category. • Back up important data and systems. • Set up complex passwords and keep them confidential. • Regularly perform security risk assessment. • Frequently perform virus scanning and disable ports. Security isolation Data detection Data tampering prevention Data encryption • Financial member organizations must extract key customer accounts in a standardized format and encrypt data. • Data is transferred to a 'vault' or isolation area. Data in the vault is unchangeable, isolated, recoverable, and subject to decentralized management. • An emergency recovery process is formulated. • Identification: asset management, business environment, governance, risk assessment, risk management strategy, and supply chain risk management • Protection: identity identification and access control, personnel awareness training, data security, data protection, and maintenance and protection technologies • Detection: anomaly and event alarms, continuous security monitoring, and process compliance detection • Response: security incident response capability (planning, communication, analysis, mitigation, and improvement) • Recovery: recovery plan and improvement measures • Personal data must be pseudonymized or anonymized for storage, and the highest privacy settings must be used by default. • All personal data must be collected and processed in accordance with relevant laws and regulations. • The data owner has the right to revoke data permissions at any time. • Properly perform identity authentication and permission management. • Formulate and employ strict access control strategies. • Improve personnel's security awareness. • Develop an emergency response plan.
Huawei Confidential 6 Defense Detection + Response Data A Multi-Layer Protection System Is the Most Effective Defense Against Ransomware Attacks Northrop Grumman's Defense in Depth (DiD) model Building data-centric storage security capabilities In the face of ransomware attacks, secure storage enables attacks to be preventable and identifiable and data to be recoverable.
Huawei Confidential 7 Storage Ransomware Prevention Solution Panorama: Unified Security Policy Management for Multiple Types of Storage and Proactive Defense OceanStor Pacific OceanProtect OceanStor Dorado OceanStor Dorado Production center Isolated zone for production OceanCyber Data Security Appliance Isolated zone for backup OceanProtect Isolated storage for production Isolated storage for backup Security policy Detection & analysis Proactive defense Security O&M Air Gap Air Gap Data tampering prevention
Huawei Confidential 8 Security Policy: Industry's Only Unified Security Management for Multiple Types of Storage OceanStor Pacific OceanProtect OceanStor Dorado Production center OceanCyber Data Security Appliance Security policy Detection & analysis Proactive defense 1 2 3 1 Security situation display 2 Recovery management of secure copies 3 Industry's only security management that supports access by multiple types of storage Access management for multiple types of storage Security situation display Recovery management of secure copies
Huawei Confidential 9 Data Tampering Prevention: WORM & Secure Snapshot Application backup copy data 1 WORM file system Secure snapshot 2 Production/Backup data Backup Backup resource pool You can set a protection period for the production or backup data to prevent data modification or deletion during this period. WORM file system Read-only snapshots do not allow deletion or modification during a configured protection period. Secure snapshots of backup copies OceanStor Dorado /OceanProtect
Huawei Confidential 10 Data Tampering Prevention: Secure Snapshot Manual/scheduled creation of secure snapshots Protection period setting (1 day to 20 years) Automatic deletion of snapshots upon expiration of the protection period (optional) Quick snapshot rollback in the event of ransomware OR A snapshot cannot be deleted before the protection period expires. The protection period can be extended but cannot be reduced. Secure snapshot 1 day to 20 years, and the snapshot can be automatically deleted once the retention period expires. Retention period When configuring the HyperCDP Schedule, activate Secure Snapshot feature directly to automatically create snapshots. Scheduled creation Manually create a secure snapshot or convert a created snapshot to a secure snapshot. Manual creation Local: Short retention period (7 to 14 days) Remote: Long retention period (14 to 30 days) Compliance: Use secure snapshots to meet retention period requirements. Configuration recommendations
Huawei Confidential 11 Data Tampering Prevention: WORM Commvault Storage Policy WORM Storage WORM file system Commvault delivers the locking policy to OceanProtect. OceanProtect checks whether the locking time falls within the minimum and maximum protection periods. If so, OceanProtect performs locking. NetBackup Policy Advanced Disk WORM file system NetBackup backs up data to OceanProtect. After the backup is complete, if OceanProtect does not detect any write behavior within the locking wait duration, OceanProtect performs locking. The locking duration is the default protection period of OceanProtect (automatic locking needs to be enabled). NetBackup  NetBackup integrates with WORM of OceanProtect by using Advanced Disk. (WORM Automatic Lock must be enabled and default lock time must be configured.) Commvault  Commvault integrates with WORM of OceanProtect by using WORM Storage. Other backup software  Integrates with OceanProtect secure snapshot to prevent tampering. Backup copy Backup copy Backup copy Backup copy Backup copy Backup copy
Huawei Confidential 12 Detection and Analysis: Fast Detection, Accurate Identification, and Zero Impact Production center "99.9%" detection and analysis accuracy Zero impact on production Up to 50 TB/hour detection and analysis performance OceanStor Pacific OceanProtect OceanStor Dorado Huawei OceanCyber Data Security Appliance Security policy Detection & analysis Proactive defense File system detection Snapshot T1 Snapshot T2 Snapshot T3 File trend Capacity trend (GA in 2023 H2) File entropy trend Detecting suspicious copies
Huawei Confidential 13 Encrypted data • Partially or fully encrypting data • Fast encryption • Generating special name extensions Quantity trend File entropy changes File type changes File change rate File name extension change rate File metadata changes Trend analysis of new files Type trend Name trend Size trend Entropy trend Quantity trend Trend analysis of modified files Type trend Name trend Size trend Entropy trend Quantity trend Trend analysis of deleted files Type trend Detection and Analysis: Ransomware Attack Detection Process Detecting suspicious copies
Huawei Confidential 14 Item Detection and Analysis Virus Detection Target Checking the integrity of data backup copies Detecting malware and hidden malware Result Secure recovery Deleting malware Checking contents Service data and backup data Terminals and networks Identifying malicious attack mode Recoverability, damage, and encryption Signature, behavior, and unique attributes Frequency Near real-time and scheduled Real-time Detection and Analysis of Ransomware vs. Antivirus Software Virus Detection
Huawei Confidential 15 Air Gap: Secure Physical Isolation You can use OceanStor BCManager to manage Air Gap replication policies (replication window period, replication group, detection after replication, and secure snapshot creation) only within the isolation scope. Policy orchestration OceanProtect OceanStor Dorado Production zone Isolation zone Recovery verification host OceanStor Dorado Switch OceanStor Pacific Switch OceanProtect Switch OceanStor BCManager Management console Production center 1. Configure an Air Gap replication policy on OceanStor BCManager 3. Start asynchronous replication of underlying storage data 2. Enable replication ports within the replication time window 4. Disable replication ports after the replication is complete 5. Periodically restore and verify data in the isolation zone 6. Routine O&M management Networking mode Configuration requirements • Replication from OceanStor Dorado to OceanStor hybrid flash storage • Independent physical network required for Air Gap replication (configuration of independent switches required) • Air Gap replication of the primary storage not supported in the DR Star scenario • Configuration of BCManager eReplication software (which can be deployed on physical and virtual servers) required for the isolation zone • Management console (must satisfy minimum resource requirements) • Recovery verification host (must satisfy service verification resource requirements)
Huawei Confidential 16 Proactive Defense: Replacing Passive Response with Proactive Defense (GA in 2023 H2) OceanStor Pacific OceanProtect OceanStor Dorado Production center OceanCyber Data Security Appliance Security policies Detection & analysis Proactive defense 1 3 Data recovery Isolation zone OceanStor BCManager Replication SLA OceanStor Dorado/OceanProtect Risk discovery and proactive defense OceanCyber proactively disconnects the Air Gap replication link to reduce the risk of attacks in the isolation zone. Air Gap link disconnection If a ransomware attack is detected, the secure snapshot creation policy is triggered immediately to prevent further damage from being incurred. Proactive secure snapshot creation Provides a recommended "clean" copy for secure recovery. Data recovery Air Gap link disconnection 2 Proactive snapshot creation
Huawei Confidential 17 Data center-level secure O&M • Unified management of primary storage, backup, compute, and network resources • Full-stack ransomware protection configuration and alarm • One-click data recovery and security configuration Health evaluation • Security risk identification • Alarm situation analysis • Security and health scoring Security O&M: Easily Configure and Maintain Storage Ransomware Protection in Conjunction with DME Ransomware alarm Ransomware protection policy configuration Security configuration check Ransomware alarm management Ransomware protection response orchestration Detection model management OceanCyber Data Security Appliance OceanStor Pacific OceanProtect OceanStor Dorado
Huawei Confidential 18 OceanCyber Hardware Specifications Huawei OceanCyber 300 Huawei OceanCyber 300 Overall architecture TaiShan 200 2280 (Kunpeng 920, 2 x 32-core 2.6 GHz), 128 GB cache, 2 U rack server Max. number of nodes Single node, single server instance System disk 960 GB SAS SSD x 2, RAID 1 Data disk 10 TB SATA HDD x 2, RAID 1, disk expansion not involved Management network port 2, GE, used for service management of the OceanCyber Appliance Maintenance network port 1, GE, management network port, used for TaiShan 200 2280 server management Data network port 2 x 25GE optical ports (used for data-plane communication of ransomware detection) 2 x 100GE optical ports (optional, used for data-plane communication of ransomware detection)
Huawei Confidential 19 OceanCyber Networking NIC Module Port Cable Connection IP Address Planning Description SmartIO interface module 1 P0 Mandatory This port and P1 of the SmartIO interface module 1 must be bonded and share the same management network IP address. Two GE electrical ports are used for service management of the OceanCyber Appliance and communication with the management plane of the storage system. The ports need to be connected to the management network switch of the data center. P1 Mandatory This port and P0 of the SmartIO interface module 1 must be bonded and share the same management network IP address. P2 Idle Not used. No network cable is connected. This network port is not used in the current version. P3 Idle Not used. No network cable is connected. This network port is not used in the current version. SmartIO interface module 2 P0 Mandatory This port and P1 of the SmartIO interface module 2 must be bonded and share the same service network IP address. Two 10GE/25GE optical ports are used to connect to the protected storage device (NFSv3) and perform ransomware detection and analysis on the NAS file system of the storage device. Switches on the data center service network need to be connected. P1 Mandatory This port and P0 of the SmartIO interface module 2 must be bonded and share the same service network IP address. P2 Idle Not used. No network cable is connected. This network port is not used in the current version. P3 Idle Not used. No network cable is connected. This network port is not used in the current version. (Optional) 100GE NIC P0 Optional This port and P1 of the 100GE NIC must be bonded and share the same service network IP address. Two 100GE optical ports are used to connect to the protected storage device (NFSv3) and perform ransomware detection and analysis on the NAS file system of the storage device. Switches on the data center service network need to be connected. P1 Optional This port and P0 of the 100GE NIC must be bonded and share the same service network IP address. Management network port P0 Mandatory One BMC network IP address is configured. One GE electrical port is used to provide hardware device management.
Huawei Confidential 20 Primary storage: OceanStor Dorado/OceanStor Pacific Total disk space of an array: 76.8 TB (physical capacity) Capacity for inspection: 10 TB OceanCyber300 1. Primary storage/Scale-out scenario 2. Backup storage scenario OceanCyber License Quotation Mode: Front-end Capacity License + Service SnS Capacity for inspection: 500 TB OceanCyber300 Backup storage: OceanProtect Total disk space for backup storage: 76.8 TB (physical capacity) Full backup performed 50 times OceanStor Dorado or third-party primary storage 2 3 1 2 3 4 4 1 500 TB (Backup back-end logical capacity) Front-end production system capacity (before deduplication): 10 TB Actual storage capacity occupied after deduplication: 5 TB 50 TB (Used capacity of backup copies after deduplication – Used physical capacity of the back-end) Writing data with a 10:1 data reduction ratio Writing data with a 2:1 data reduction ratio Front-end production system capacity: 10 TB
Huawei Confidential 21 Industry's First Ransomware Protection Solution with Network-Storage Collaboration (GA in 2023 H2) • Storage protection actions in advance and service recovery in seconds • Fastest recovery speed in the industry: 172 TB/h Faster recovery • Two lines of defense and six layers of protection, making it harder to attack IT systems Harder to attack • Multi-layer collaborative detection, with an accuracy rate of 99.9% • Automatic threat handling, simplifying O&M More accurate identification *Available in September MRP* architecture Storage resources Storage security protection 1 Storage detection 2 Secure snapshot 3 Backup protection 4 Isolation zone protection Network security protection 1 Network intrusion prevention 2 Spread prevention Isolation zone All-flash storage OceanStor Dorado backup storage OceanProtect Enterprise intranet Production zone Detection/Disposal/Recovery Network-storage collaboration Security situation awareness HiSec Insight Sandbox FireHunter 2 Firewall HiSecEngine 1 … ... Data management engine OceanCyber Data Security Appliance Abnormal event report Response policy delivery backup storage OceanProtect scale-out storage OceanStor Pacific all-flash storage OceanStor Dorado 1 2 3 Air Gap 4 Detection & analysis | Tampering prevention | Encryption | ...
Huawei Confidential 22 Summary: Building a Three-dimensional Protection Network to Ensure User Data Continuity Enterprise data center Production storage OceanStor Dorado/… Isolation zone Isolation zone storage Air Gap Scenario 1: Single service system 1 1 1 ERP HIS Core Bank CRM ... Finance Government Energy Manufacturing ... • Layer 1: The production storage detects and intercepts ransomware, preventing viruses from infecting systems. • Layer 2: Secure snapshots of production storage are restored in seconds, making data modification impossible. • Layer 3: Quick recovery is performed using the local backup, preventing data loss. • Layer 4: Offline data protection is performed in the Air Gap isolation zone, preventing viruses and attackers from gaining access. Comprehensive protection: four-layer three- dimensional protection solution, the most comprehensive in the industry Accurate identification: 99.9% identification rate, the highest in the industry Comprehensive pre-event, in-event, and post-event ransomware detection capabilities, enabling fast and accurate identification of ransomware attacks and proactive data protection • Recovery of local secure snapshots in seconds • Recovery speed of backup storage up to 172 TB/hour, five times that of the industry average Fast recovery: fastest data recovery in the industry Sandbox Firewall Network domain Centralized security management 3 Scenario 3: Data center ransomware protection Situation awareness 3 OceanCyber Data Security Appliance OceanStor Dorado/OceanProtect entry-level storage 2 Scenario 2: Multi-service system (including reuse) Built-in ransomware protection solution Detection and analysis | Tampering prevention | Leakage prevention |...
Huawei Confidential 25 * Internal use only South Africa's Eskom Enhances Data Security with Huawei Ransomware Protection Storage Solution 30% lower TCO, unified management of ransomware protection, and easy O&M The data reduction ratio increases from 2:1 to 4:1, reducing the backup time. Incremental backups are performed every day, and copies are retained for 15 days. The production and backup data center uses the same ransomware protection architecture for centralized management of all production storage, reducing system complexity. Eskom is the largest electric power company in Africa and supplies around 95% of South Africa's power and 60% of Africa's power. It has 3 data centers, 9 sub-centers, and 300+ branch sites. 3X higher recovery performance and 99.999% SLA for electric power Recovery of secure snapshots in seconds; LUN replication enables 56 TB/hour recovery speed of primary storage and 22 TB/hour recovery speed of backup data. Zero data tampering and deletion, ensuring electricity production security Secure snapshots ensure that data backup cannot be modified or deleted, while the physical Air-Gap provides an isolation zone. These provide dual protection to ensure data copy security and reliability. Ransomware Protection Storage Solution for Eskom Multi-center ransomware protection: built-in ransomware protection in the production data center + Air Gap isolation zone OceanStor Dorado production storage FC switch OceanStor Dorado OceanStor BCManager Firewall Air Gap Megawatt park data center/DR data center (production/DR data center) OceanProtect backup storage Other vendors' production storage OceanProtect backup storage Production server cluster Dedicated backup server 10GE encrypted replication link Secure snapshot Storage encryption
Huawei Confidential 26 China's Wanhua Chemical Safeguards Production Data with Huawei Ransomware Protection Storage Solution 50% TCO reduction Commvault + OceanProtect WORM supports file-level anti-tamper and increases the data reduction ratio from 3:1 to 20:1 to improve cost efficiency. Zero data tampering and leakage Secure snapshots are anti-tampering, preventing backup copies from loss in the event of ransomware attacks. The array encryption technology using a dedicated CPU-based encryption/decryption module ensures lossless production service performance and zero data leakage. E2E recovery of core production services within 4 hours Security snapshots are created for production storage every 4 hours, and for production isolation storage every 24 hours, and retained for 15 days to ensure production service continuity. Wanhua Chemical is an industry-leading new chemical materials company that ranked 17th in C&EN's Global Top 50 Chemical Industry in 2021. Wanhua Chemical has 24 branches worldwide, 6 production bases, and 12 national labs. … Media server Backup server Backup agent Backup software: Commvault ESXi FC switch production storage OceanStor Dorado OceanStor Dorado Security isolation zone Physical isolation OceanStor BCManager isolated production storage Production server cluster Backup agent Backup agent OceanProtect OceanProtect backup storage Multi-center ransomware protection: built-in ransomware protection in the production data center + Air Gap isolation zone Data tampering prevention Secure snapshot Data leakage prevention Array encryption Data tampering prevention Secure snapshot Data leakage prevention Array encryption Data tampering prevention WORM
Huawei Confidential 27 Thank you.

Recommended

Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.
SoulStoneBR
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Ransomware Unveiled: Understanding, Preventing, and Recovering
Ransomware Unveiled: Understanding, Preventing, and RecoveringRansomware Unveiled: Understanding, Preventing, and Recovering
Ransomware Unveiled: Understanding, Preventing, and Recovering
MaryJWilliams2
 
Discovery of rest at data
Discovery of rest at dataDiscovery of rest at data
Discovery of rest at data
Sanjeev Solanki
 
Free Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfFree Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdf
Varinder K
 
Discovery of rest at data
Discovery of rest at dataDiscovery of rest at data
Discovery of rest at data
Sanjeev Solanki
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
Ernest Staats
 

Recommended

Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.
SoulStoneBR
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Ransomware Unveiled: Understanding, Preventing, and Recovering
Ransomware Unveiled: Understanding, Preventing, and RecoveringRansomware Unveiled: Understanding, Preventing, and Recovering
Ransomware Unveiled: Understanding, Preventing, and Recovering
MaryJWilliams2
 
Discovery of rest at data
Discovery of rest at dataDiscovery of rest at data
Discovery of rest at data
Sanjeev Solanki
 
Free Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfFree Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdf
Varinder K
 
Discovery of rest at data
Discovery of rest at dataDiscovery of rest at data
Discovery of rest at data
Sanjeev Solanki
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
Ernest Staats
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
Emmanuel Oshogwe Akpeokhai
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
Amazon Web Services
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
Atef Yassin
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Webinar: 10 Reasons Why Backup Breaks and How to Fix It
Webinar: 10 Reasons Why Backup Breaks and How to Fix ItWebinar: 10 Reasons Why Backup Breaks and How to Fix It
Webinar: 10 Reasons Why Backup Breaks and How to Fix It
Storage Switzerland
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
VMUG IT
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
DATAVERSITY
 
Threat intelligence platform explained
Threat intelligence platform explainedThreat intelligence platform explained
Threat intelligence platform explained
Mindy Kam
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Securitate In Google Apps
Securitate In Google AppsSecuritate In Google Apps
Securitate In Google Appsrazvanroman
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
Dell EMC World
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Storage Switzerland
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
WilheminaRossi174
 
一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
ewymefz
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 

More Related Content

Similar to Huawei Ransomware Protection Storage Solution Technical Overview Presentation 2023 05.pdf

Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
Emmanuel Oshogwe Akpeokhai
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
Amazon Web Services
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
Atef Yassin
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Webinar: 10 Reasons Why Backup Breaks and How to Fix It
Webinar: 10 Reasons Why Backup Breaks and How to Fix ItWebinar: 10 Reasons Why Backup Breaks and How to Fix It
Webinar: 10 Reasons Why Backup Breaks and How to Fix It
Storage Switzerland
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
VMUG IT
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
DATAVERSITY
 
Threat intelligence platform explained
Threat intelligence platform explainedThreat intelligence platform explained
Threat intelligence platform explained
Mindy Kam
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Securitate In Google Apps
Securitate In Google AppsSecuritate In Google Apps
Securitate In Google Appsrazvanroman
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
Dell EMC World
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Storage Switzerland
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
WilheminaRossi174
 

Similar to Huawei Ransomware Protection Storage Solution Technical Overview Presentation 2023 05.pdf (20)

Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Webinar: 10 Reasons Why Backup Breaks and How to Fix It
Webinar: 10 Reasons Why Backup Breaks and How to Fix ItWebinar: 10 Reasons Why Backup Breaks and How to Fix It
Webinar: 10 Reasons Why Backup Breaks and How to Fix It
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
 
Threat intelligence platform explained
Threat intelligence platform explainedThreat intelligence platform explained
Threat intelligence platform explained
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Securitate In Google Apps
Securitate In Google AppsSecuritate In Google Apps
Securitate In Google Apps
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
 

Recently uploaded

一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
ewymefz
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
nscud
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
enxupq
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
Oppotus
 
Uber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis ReportUber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis Report
SatyamNeelmani2
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
ocavb
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
NABLAS株式会社
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
James Polillo
 
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
elinavihriala
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
Opendatabay
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
John Andrews
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
Subhajit Sahu
 
tapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive datatapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive data
theahmadsaood
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
ewymefz
 
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
correoyaya
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
ukgaet
 

Recently uploaded (20)

一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
Uber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis ReportUber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis Report
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
 
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
 
tapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive datatapal brand analysis PPT slide for comptetive data
tapal brand analysis PPT slide for comptetive data
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
 
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
 

Huawei Ransomware Protection Storage Solution Technical Overview Presentation 2023 05.pdf

  • 2. Huawei Confidential 2 Ransomware Has Become a Major Threat to the Digital World Average ransom demanded in 2022 Source: IDC 2022 US$150,000 43% of enterprises paid ransom. Source: IDC 2022 43% Ransomware attacks result in system shutdown for an average of 5 working days. Source: IDC 2022 5 days In 2021, every 11 seconds, an organization somewhere in the world suffered a ransomware attack. By 2031, it is predicted that this will increase to every 2 seconds. Source: Cybersecurity Ventures Every 11 seconds US$70 million The largest ransom demanded to-date Of enterprises attacked again after paying a ransom Source: Cybereason 80% IDC report: In 2022, 35% of organizations around the world experienced three to four ransomware incidents.
  • 3. Huawei Confidential 3 Challenges Brought by Ransomware Attacks to Enterprises Difficult recovery Difficult protection Difficult detection 45 mins Fastest penetration time 46% Paid ransom to resume business 5 days Average interruption time 2021H2 2022H1 5400 10666 ↑98% Number of ransomware variants Undetectable Ransomware attacks can hide in disguise to bypass detection. Spam Web ads System vulnerabilities USB flash drives Expanded attack paths In 2022, malware attacks on the Internet of Things (IoT) increased by 77%. PC & server Server Storage Virtualization IoT Individual devices Enterprise devices Individuals Groups Visible Hidden Semi-professional Professional Limited protection methods Unlimited attack modes Source: FortiGuard Source: Microsoft Source: IDC Source: Cybereason
  • 4. Huawei Confidential 4 Traditional Ransomware Protection Features Cannot Adapt to Increasingly Complex Ransomware Attacks Phase 1: Intrusion Client & server primary storage Storage Gains device credentials to lock it Hidden channel 1. Self-destructs ransomware and releases the ransomware module to provide ransom information 2. The ransomware with the secondary infiltration function is implanted into a backdoor channel for the secondary attack or expanding the attack scope. Snapshot and online backup Attacker User File Database … Storage Storage Network Perimeter Network Sends a phishing mail Hacker Internet 1 Brute-force cracking and remote connection 2 Searches for the target host to implement lateral diffusion 3 File 4 Phase 2: Diffusion Phase 3: Encryption Phase 4: Self- destruction Signature database-based protection File restoration, deception, traffic collection, and partitioned isolation Backup system The protection can be bypassed by zero-day vulnerability exploits, attacks that are not recorded in the signature database, and attacks using a different path than the protection path. Traditional Protection Attack Path Major Issues The backup system is difficult to recover or cannot be recovered, as it is a main target of the ransomware. Attack Phase IDC: Ransomware resilience is a team effort. It requires organizations to break down barriers between network, storage, and data protection processes to ensure that end-to-end risks are addressed holistically. Deeper collaboration between storage and networks, along with the use of AI capabilities, also ensures that there is effective and speedy detection, isolation, remediation, and prevention strategies.
  • 5. Huawei Confidential 5 Many Countries/Regions Have Issued Laws and Regulations for Data Protection Sheltered Harbor NIST Cybersecurity Framework General Data Protection Regulation (GDPR) Secure Tertiary Data Backup (STDB) Guideline Ransomware Defense Guide • Immutable • Survivable • Air-gapped • Secure • Controlled • Verifiable • Assurance • Heterogeneous • High performance • Sort and manage assets by level and category. • Back up important data and systems. • Set up complex passwords and keep them confidential. • Regularly perform security risk assessment. • Frequently perform virus scanning and disable ports. Security isolation Data detection Data tampering prevention Data encryption • Financial member organizations must extract key customer accounts in a standardized format and encrypt data. • Data is transferred to a 'vault' or isolation area. Data in the vault is unchangeable, isolated, recoverable, and subject to decentralized management. • An emergency recovery process is formulated. • Identification: asset management, business environment, governance, risk assessment, risk management strategy, and supply chain risk management • Protection: identity identification and access control, personnel awareness training, data security, data protection, and maintenance and protection technologies • Detection: anomaly and event alarms, continuous security monitoring, and process compliance detection • Response: security incident response capability (planning, communication, analysis, mitigation, and improvement) • Recovery: recovery plan and improvement measures • Personal data must be pseudonymized or anonymized for storage, and the highest privacy settings must be used by default. • All personal data must be collected and processed in accordance with relevant laws and regulations. • The data owner has the right to revoke data permissions at any time. • Properly perform identity authentication and permission management. • Formulate and employ strict access control strategies. • Improve personnel's security awareness. • Develop an emergency response plan.
  • 6. Huawei Confidential 6 Defense Detection + Response Data A Multi-Layer Protection System Is the Most Effective Defense Against Ransomware Attacks Northrop Grumman's Defense in Depth (DiD) model Building data-centric storage security capabilities In the face of ransomware attacks, secure storage enables attacks to be preventable and identifiable and data to be recoverable.
  • 7. Huawei Confidential 7 Storage Ransomware Prevention Solution Panorama: Unified Security Policy Management for Multiple Types of Storage and Proactive Defense OceanStor Pacific OceanProtect OceanStor Dorado OceanStor Dorado Production center Isolated zone for production OceanCyber Data Security Appliance Isolated zone for backup OceanProtect Isolated storage for production Isolated storage for backup Security policy Detection & analysis Proactive defense Security O&M Air Gap Air Gap Data tampering prevention
  • 8. Huawei Confidential 8 Security Policy: Industry's Only Unified Security Management for Multiple Types of Storage OceanStor Pacific OceanProtect OceanStor Dorado Production center OceanCyber Data Security Appliance Security policy Detection & analysis Proactive defense 1 2 3 1 Security situation display 2 Recovery management of secure copies 3 Industry's only security management that supports access by multiple types of storage Access management for multiple types of storage Security situation display Recovery management of secure copies
  • 9. Huawei Confidential 9 Data Tampering Prevention: WORM & Secure Snapshot Application backup copy data 1 WORM file system Secure snapshot 2 Production/Backup data Backup Backup resource pool You can set a protection period for the production or backup data to prevent data modification or deletion during this period. WORM file system Read-only snapshots do not allow deletion or modification during a configured protection period. Secure snapshots of backup copies OceanStor Dorado /OceanProtect
  • 10. Huawei Confidential 10 Data Tampering Prevention: Secure Snapshot Manual/scheduled creation of secure snapshots Protection period setting (1 day to 20 years) Automatic deletion of snapshots upon expiration of the protection period (optional) Quick snapshot rollback in the event of ransomware OR A snapshot cannot be deleted before the protection period expires. The protection period can be extended but cannot be reduced. Secure snapshot 1 day to 20 years, and the snapshot can be automatically deleted once the retention period expires. Retention period When configuring the HyperCDP Schedule, activate Secure Snapshot feature directly to automatically create snapshots. Scheduled creation Manually create a secure snapshot or convert a created snapshot to a secure snapshot. Manual creation Local: Short retention period (7 to 14 days) Remote: Long retention period (14 to 30 days) Compliance: Use secure snapshots to meet retention period requirements. Configuration recommendations
  • 11. Huawei Confidential 11 Data Tampering Prevention: WORM Commvault Storage Policy WORM Storage WORM file system Commvault delivers the locking policy to OceanProtect. OceanProtect checks whether the locking time falls within the minimum and maximum protection periods. If so, OceanProtect performs locking. NetBackup Policy Advanced Disk WORM file system NetBackup backs up data to OceanProtect. After the backup is complete, if OceanProtect does not detect any write behavior within the locking wait duration, OceanProtect performs locking. The locking duration is the default protection period of OceanProtect (automatic locking needs to be enabled). NetBackup  NetBackup integrates with WORM of OceanProtect by using Advanced Disk. (WORM Automatic Lock must be enabled and default lock time must be configured.) Commvault  Commvault integrates with WORM of OceanProtect by using WORM Storage. Other backup software  Integrates with OceanProtect secure snapshot to prevent tampering. Backup copy Backup copy Backup copy Backup copy Backup copy Backup copy
  • 12. Huawei Confidential 12 Detection and Analysis: Fast Detection, Accurate Identification, and Zero Impact Production center "99.9%" detection and analysis accuracy Zero impact on production Up to 50 TB/hour detection and analysis performance OceanStor Pacific OceanProtect OceanStor Dorado Huawei OceanCyber Data Security Appliance Security policy Detection & analysis Proactive defense File system detection Snapshot T1 Snapshot T2 Snapshot T3 File trend Capacity trend (GA in 2023 H2) File entropy trend Detecting suspicious copies
  • 13. Huawei Confidential 13 Encrypted data • Partially or fully encrypting data • Fast encryption • Generating special name extensions Quantity trend File entropy changes File type changes File change rate File name extension change rate File metadata changes Trend analysis of new files Type trend Name trend Size trend Entropy trend Quantity trend Trend analysis of modified files Type trend Name trend Size trend Entropy trend Quantity trend Trend analysis of deleted files Type trend Detection and Analysis: Ransomware Attack Detection Process Detecting suspicious copies
  • 14. Huawei Confidential 14 Item Detection and Analysis Virus Detection Target Checking the integrity of data backup copies Detecting malware and hidden malware Result Secure recovery Deleting malware Checking contents Service data and backup data Terminals and networks Identifying malicious attack mode Recoverability, damage, and encryption Signature, behavior, and unique attributes Frequency Near real-time and scheduled Real-time Detection and Analysis of Ransomware vs. Antivirus Software Virus Detection
  • 15. Huawei Confidential 15 Air Gap: Secure Physical Isolation You can use OceanStor BCManager to manage Air Gap replication policies (replication window period, replication group, detection after replication, and secure snapshot creation) only within the isolation scope. Policy orchestration OceanProtect OceanStor Dorado Production zone Isolation zone Recovery verification host OceanStor Dorado Switch OceanStor Pacific Switch OceanProtect Switch OceanStor BCManager Management console Production center 1. Configure an Air Gap replication policy on OceanStor BCManager 3. Start asynchronous replication of underlying storage data 2. Enable replication ports within the replication time window 4. Disable replication ports after the replication is complete 5. Periodically restore and verify data in the isolation zone 6. Routine O&M management Networking mode Configuration requirements • Replication from OceanStor Dorado to OceanStor hybrid flash storage • Independent physical network required for Air Gap replication (configuration of independent switches required) • Air Gap replication of the primary storage not supported in the DR Star scenario • Configuration of BCManager eReplication software (which can be deployed on physical and virtual servers) required for the isolation zone • Management console (must satisfy minimum resource requirements) • Recovery verification host (must satisfy service verification resource requirements)
  • 16. Huawei Confidential 16 Proactive Defense: Replacing Passive Response with Proactive Defense (GA in 2023 H2) OceanStor Pacific OceanProtect OceanStor Dorado Production center OceanCyber Data Security Appliance Security policies Detection & analysis Proactive defense 1 3 Data recovery Isolation zone OceanStor BCManager Replication SLA OceanStor Dorado/OceanProtect Risk discovery and proactive defense OceanCyber proactively disconnects the Air Gap replication link to reduce the risk of attacks in the isolation zone. Air Gap link disconnection If a ransomware attack is detected, the secure snapshot creation policy is triggered immediately to prevent further damage from being incurred. Proactive secure snapshot creation Provides a recommended "clean" copy for secure recovery. Data recovery Air Gap link disconnection 2 Proactive snapshot creation
  • 17. Huawei Confidential 17 Data center-level secure O&M • Unified management of primary storage, backup, compute, and network resources • Full-stack ransomware protection configuration and alarm • One-click data recovery and security configuration Health evaluation • Security risk identification • Alarm situation analysis • Security and health scoring Security O&M: Easily Configure and Maintain Storage Ransomware Protection in Conjunction with DME Ransomware alarm Ransomware protection policy configuration Security configuration check Ransomware alarm management Ransomware protection response orchestration Detection model management OceanCyber Data Security Appliance OceanStor Pacific OceanProtect OceanStor Dorado
  • 18. Huawei Confidential 18 OceanCyber Hardware Specifications Huawei OceanCyber 300 Huawei OceanCyber 300 Overall architecture TaiShan 200 2280 (Kunpeng 920, 2 x 32-core 2.6 GHz), 128 GB cache, 2 U rack server Max. number of nodes Single node, single server instance System disk 960 GB SAS SSD x 2, RAID 1 Data disk 10 TB SATA HDD x 2, RAID 1, disk expansion not involved Management network port 2, GE, used for service management of the OceanCyber Appliance Maintenance network port 1, GE, management network port, used for TaiShan 200 2280 server management Data network port 2 x 25GE optical ports (used for data-plane communication of ransomware detection) 2 x 100GE optical ports (optional, used for data-plane communication of ransomware detection)
  • 19. Huawei Confidential 19 OceanCyber Networking NIC Module Port Cable Connection IP Address Planning Description SmartIO interface module 1 P0 Mandatory This port and P1 of the SmartIO interface module 1 must be bonded and share the same management network IP address. Two GE electrical ports are used for service management of the OceanCyber Appliance and communication with the management plane of the storage system. The ports need to be connected to the management network switch of the data center. P1 Mandatory This port and P0 of the SmartIO interface module 1 must be bonded and share the same management network IP address. P2 Idle Not used. No network cable is connected. This network port is not used in the current version. P3 Idle Not used. No network cable is connected. This network port is not used in the current version. SmartIO interface module 2 P0 Mandatory This port and P1 of the SmartIO interface module 2 must be bonded and share the same service network IP address. Two 10GE/25GE optical ports are used to connect to the protected storage device (NFSv3) and perform ransomware detection and analysis on the NAS file system of the storage device. Switches on the data center service network need to be connected. P1 Mandatory This port and P0 of the SmartIO interface module 2 must be bonded and share the same service network IP address. P2 Idle Not used. No network cable is connected. This network port is not used in the current version. P3 Idle Not used. No network cable is connected. This network port is not used in the current version. (Optional) 100GE NIC P0 Optional This port and P1 of the 100GE NIC must be bonded and share the same service network IP address. Two 100GE optical ports are used to connect to the protected storage device (NFSv3) and perform ransomware detection and analysis on the NAS file system of the storage device. Switches on the data center service network need to be connected. P1 Optional This port and P0 of the 100GE NIC must be bonded and share the same service network IP address. Management network port P0 Mandatory One BMC network IP address is configured. One GE electrical port is used to provide hardware device management.
  • 20. Huawei Confidential 20 Primary storage: OceanStor Dorado/OceanStor Pacific Total disk space of an array: 76.8 TB (physical capacity) Capacity for inspection: 10 TB OceanCyber300 1. Primary storage/Scale-out scenario 2. Backup storage scenario OceanCyber License Quotation Mode: Front-end Capacity License + Service SnS Capacity for inspection: 500 TB OceanCyber300 Backup storage: OceanProtect Total disk space for backup storage: 76.8 TB (physical capacity) Full backup performed 50 times OceanStor Dorado or third-party primary storage 2 3 1 2 3 4 4 1 500 TB (Backup back-end logical capacity) Front-end production system capacity (before deduplication): 10 TB Actual storage capacity occupied after deduplication: 5 TB 50 TB (Used capacity of backup copies after deduplication – Used physical capacity of the back-end) Writing data with a 10:1 data reduction ratio Writing data with a 2:1 data reduction ratio Front-end production system capacity: 10 TB
  • 21. Huawei Confidential 21 Industry's First Ransomware Protection Solution with Network-Storage Collaboration (GA in 2023 H2) • Storage protection actions in advance and service recovery in seconds • Fastest recovery speed in the industry: 172 TB/h Faster recovery • Two lines of defense and six layers of protection, making it harder to attack IT systems Harder to attack • Multi-layer collaborative detection, with an accuracy rate of 99.9% • Automatic threat handling, simplifying O&M More accurate identification *Available in September MRP* architecture Storage resources Storage security protection 1 Storage detection 2 Secure snapshot 3 Backup protection 4 Isolation zone protection Network security protection 1 Network intrusion prevention 2 Spread prevention Isolation zone All-flash storage OceanStor Dorado backup storage OceanProtect Enterprise intranet Production zone Detection/Disposal/Recovery Network-storage collaboration Security situation awareness HiSec Insight Sandbox FireHunter 2 Firewall HiSecEngine 1 … ... Data management engine OceanCyber Data Security Appliance Abnormal event report Response policy delivery backup storage OceanProtect scale-out storage OceanStor Pacific all-flash storage OceanStor Dorado 1 2 3 Air Gap 4 Detection & analysis | Tampering prevention | Encryption | ...
  • 22. Huawei Confidential 22 Summary: Building a Three-dimensional Protection Network to Ensure User Data Continuity Enterprise data center Production storage OceanStor Dorado/… Isolation zone Isolation zone storage Air Gap Scenario 1: Single service system 1 1 1 ERP HIS Core Bank CRM ... Finance Government Energy Manufacturing ... • Layer 1: The production storage detects and intercepts ransomware, preventing viruses from infecting systems. • Layer 2: Secure snapshots of production storage are restored in seconds, making data modification impossible. • Layer 3: Quick recovery is performed using the local backup, preventing data loss. • Layer 4: Offline data protection is performed in the Air Gap isolation zone, preventing viruses and attackers from gaining access. Comprehensive protection: four-layer three- dimensional protection solution, the most comprehensive in the industry Accurate identification: 99.9% identification rate, the highest in the industry Comprehensive pre-event, in-event, and post-event ransomware detection capabilities, enabling fast and accurate identification of ransomware attacks and proactive data protection • Recovery of local secure snapshots in seconds • Recovery speed of backup storage up to 172 TB/hour, five times that of the industry average Fast recovery: fastest data recovery in the industry Sandbox Firewall Network domain Centralized security management 3 Scenario 3: Data center ransomware protection Situation awareness 3 OceanCyber Data Security Appliance OceanStor Dorado/OceanProtect entry-level storage 2 Scenario 2: Multi-service system (including reuse) Built-in ransomware protection solution Detection and analysis | Tampering prevention | Leakage prevention |...
  • 23. Huawei Confidential 25 * Internal use only South Africa's Eskom Enhances Data Security with Huawei Ransomware Protection Storage Solution 30% lower TCO, unified management of ransomware protection, and easy O&M The data reduction ratio increases from 2:1 to 4:1, reducing the backup time. Incremental backups are performed every day, and copies are retained for 15 days. The production and backup data center uses the same ransomware protection architecture for centralized management of all production storage, reducing system complexity. Eskom is the largest electric power company in Africa and supplies around 95% of South Africa's power and 60% of Africa's power. It has 3 data centers, 9 sub-centers, and 300+ branch sites. 3X higher recovery performance and 99.999% SLA for electric power Recovery of secure snapshots in seconds; LUN replication enables 56 TB/hour recovery speed of primary storage and 22 TB/hour recovery speed of backup data. Zero data tampering and deletion, ensuring electricity production security Secure snapshots ensure that data backup cannot be modified or deleted, while the physical Air-Gap provides an isolation zone. These provide dual protection to ensure data copy security and reliability. Ransomware Protection Storage Solution for Eskom Multi-center ransomware protection: built-in ransomware protection in the production data center + Air Gap isolation zone OceanStor Dorado production storage FC switch OceanStor Dorado OceanStor BCManager Firewall Air Gap Megawatt park data center/DR data center (production/DR data center) OceanProtect backup storage Other vendors' production storage OceanProtect backup storage Production server cluster Dedicated backup server 10GE encrypted replication link Secure snapshot Storage encryption
  • 24. Huawei Confidential 26 China's Wanhua Chemical Safeguards Production Data with Huawei Ransomware Protection Storage Solution 50% TCO reduction Commvault + OceanProtect WORM supports file-level anti-tamper and increases the data reduction ratio from 3:1 to 20:1 to improve cost efficiency. Zero data tampering and leakage Secure snapshots are anti-tampering, preventing backup copies from loss in the event of ransomware attacks. The array encryption technology using a dedicated CPU-based encryption/decryption module ensures lossless production service performance and zero data leakage. E2E recovery of core production services within 4 hours Security snapshots are created for production storage every 4 hours, and for production isolation storage every 24 hours, and retained for 15 days to ensure production service continuity. Wanhua Chemical is an industry-leading new chemical materials company that ranked 17th in C&EN's Global Top 50 Chemical Industry in 2021. Wanhua Chemical has 24 branches worldwide, 6 production bases, and 12 national labs. … Media server Backup server Backup agent Backup software: Commvault ESXi FC switch production storage OceanStor Dorado OceanStor Dorado Security isolation zone Physical isolation OceanStor BCManager isolated production storage Production server cluster Backup agent Backup agent OceanProtect OceanProtect backup storage Multi-center ransomware protection: built-in ransomware protection in the production data center + Air Gap isolation zone Data tampering prevention Secure snapshot Data leakage prevention Array encryption Data tampering prevention Secure snapshot Data leakage prevention Array encryption Data tampering prevention WORM