Oh, welcome everyone to our webinar on NetApp Cloud Volumes Ontap and the strategies to secure your data in the cloud. My name is RJ and I'll be your host today. Our Customer Success engineers, who specialize in Cloud Volumes Ontap are here to share their insights and expertise in this webinar. Today's session will mainly cover the threat of cyber attacks and how NetApp can help keep your data safe. So before we begin, I'd like to quickly go over a few housekeeping items. Please keep yourself mute during the presentations. Feel free to submit your questions through the Q&A panel at any time. We will address as many questions as possible during the Q&A session. We encourage active participation, so please do not hesitate to engage with us throughout the webinar. Now, I would like to invite Jacob, Riley and Abdul to take over from here. Thank you Ajay. So my name is Jacob Waltz. We'll do a quick round of introductions between ourhost for today. My name is Jacob Walz. I am the customer Cloud customer success engineer for Azure, and I'll quickly move it over to Riley and Abdul. Hi, I'm Riley Coyne. I'm also an Azurecloud customer success engineer. Uh, hi, this is Abdul. Uh, I'm the Google Cloud platform customer success engineer. Great. Yeah. So thank you all so much for taking the time out of your day to join us in the second part of our webinar series, uh, coffee with Customer Success. Uh, during our first webinar series, we discussed, um, pairing with Cloud Volumes Ontap. So if you missed that, please reach out to us. We'd love to share the recording with you. Or, um, you know, if you want to have a workshop with that, reach out to your Customer Success team or your, um, your account team. And, uh, we would love to talk to you more about our one of our first series, which was, uh, so tiring. So move on to our next slide. So today we're going to be discussing the threat of cyber attacks and how NetApp can help protect you and your most important asset, which is your data. Um, just a quick rundown of our agenda. We're going to be discussing the threat and cost of cyber attacks, how NetApp and its portfolio can help protect your data. And we're also going to touch on some documentation and best practices you may or may not know about. And then we're going to end it with some Q&A. So not if but when. So unfortunately we live in a day and age where the next cyber attack is just right around the corner. It's not a matter of if, it's a matter of when. Sophisticated attacks like ransomware, phishing and data breaches are growing increasingly inevitable and an ever growing connected world. So again, the question is not. The question isn't when, win, but it's how prepared you and your company are to mitigate, respond to, and recover from an attack. So during our webinar today, we'll show you how NetApp allows you to be proactive, not reactive. So the real threat of cyber attacks. So over 2200 cyber attacks occur daily. That's roughly 92 attacks an hour to attacks every minute, or about an attack every 39 seconds. There are no businesses too big or too small not to be affected. Actually, a lot of cyber criminals decide to attack smaller businesses as they do not have the personnel to help put safety practices in place to fight cyber threats. As a lot of the larger companies do. So ransomware attacks are surging, increasing two fold year over year, with more than half of those having half of those being attacked actually having to pay the ransom, which is leading to massive data.exposures of billions of personal records being exposed. So what's leading to these massive surges and attacks? Well, there are many,factors, but let's think about our evolution of our world. Let's think about how many devices in our homes are now considered smart, like our refrigerators connecting to our home networks. Let's also think about how many devices that we have on our person at any given moment. They're all connected to our company's networks, connected to our company's email servers, connected to other confidential resources on our company's networks. Billions upon billions of devices are now connected, and there's no sign of this trend slowing down at all. Speaking of trends that are not slowing quantum computing, one of the most important and transformativeindustry trends occurring in our day and age is the ability to perform unimaginable calculations in milliseconds or less, while on the right hands can help advance human civilization, but also may be detrimental in the wrong hands. This will give an unbelievable, powerful tool to criminals that have also paired with artificial intelligence may bring businesses to a halt. Which actually leads me into our next slide. The double edged sword of artificial intelligence. As with all new inventions, innovations, trends, there are majority of us who look at something as amazing as artificial intelligence and think, how can this help me? Then there are those who look at these technological shifts and think, how can I take advantage of someone using this? A scary thought, but a thought we need to have in order to stay vigilant against those who want against those attacks. AI is allowing for increased, sophisticated,attacks, allowing criminals to create ultra realistic phishing emails. Synthetic voice cloning that can mimic someone's voice almost perfectly. Just a quick show of hands who wants a voicemail from their company's CEO needing some urgent information in five minutes before their next call? Not me. So also, AI is lowering the barriers for attackers with AI toolkits that can be found on the dark web to allow for amateur attackers to do tremendous damage where previously they were not able to because they didn't have the necessary skill sets. While AI in the wrong hands can cause harm. AI in the right hands can move the world forward. AI is giving us advanced cybersecurity capabilities with anomaly detection, automated threat response, and more. And we actually learn more about how NetApp is utilizing AI for good later in our presentation. Now, this might seem like a silly slide. I mean, why does it matter? I mean, we're all here. We all know why we why cyber threats matter. But, I mean, if you spend any time staying on top of the industry trends or doing your company trading, you're being bombarded with, you know, similar information. But I can assure you that all of our leaderships know why it matters. The street knows why it matters. And most importantly, cyber criminals know why it matters. A cyber attack can not only cost you and your company their reputation, it can grind your business to a halt with depending on the security measures you have in place, may be seconds, might be minutes, might be weeks, might be longer. A cyber attack can cost your company millions, with the average cost of a data breach being close to $5 million. A well carried out cyber attack can result in intellectual property loss. If your company is a company on cutting edge technology breakthrough, think about what a competitor or bad acting government agency would do, or be willing to pay to catch up. Years of research. And on a final point on this slide, I'd like to discuss one of the most overlooked victims in a cyber attack, which is actually your company's employees. A cyber attack can leave all of your employees personal information at risk and to be used against them if they got into the wrong hands. A cyber attack is not only incredibly stressful for the company, but it's also incredibly stressful for the employees who aren't sure where their personal information is. So thank you for allowing me the time to talk to you about the importance and costs of cyber attacks. I'm going to be handing it off to Riley, followed by Abdul on some of the tactics and technologies from NetApp you can utilize to protect your data. Awesome. Thanks, Jacob. So we've heard what this can do to your system, what it can do to your employees and your livelihood. Let's learn how NetApp can help improve your data security. So NetApp offers 30 advanced security features through its ONTAP software. Enhancing your data confidentiality, integrity and availability across on premises cloud and hybrid platforms. There are encryption. There are encryption solutions built into ONTAP as well. If you're using CVO, uh, integrated into CVO through your various hyperscalers as well. NetApp does provide real time AI powered ransomware detection, and I'll get into that here in a little bit as well. It gives you responses automatically, protecting data from attacks and minimizing downtime. These built in tools can help detect, block, and recover from cybersecurity threats. Strict data retention and deletion policies do support data minimization and compliance with regulations such as Fips 140 20, or any of those kinds of regulations for personally identifiable information. NetApp solutions align with NIST IST cybersecurity framework, helping organizations meet industry standards as well, such as GDPR. Any of these kind of compliance regulations? NetApp enables fast and full data recovery with locked down snapshot copies and cyber vaults. Um, this also allows your business to have continuity after incidents. Go ahead and move on to the next slide for me, please. Thank you. So there are a couple of different ways you can protect your system, how you can detect what's happening on that system and steps towards recovery. So that policy engine, it can automatically block known malicious types, uh, of file types that may not be recognized on your system, uh, with immutable worm primary data and tamper proof snapshots. Theylock down those snapshots and prevent data deconstruction with immutable, indelible snapshots. So in the case of a ransomware attack, they're not able to hijack your data and keep it from you. With these immutable snapshots, you're able to recover from those. Virus scanning is really important as well. Um, so this virus scanning does work on your production data, your important systems that you're running currently, but it also works on snapshots that you may have taken, as well as data that you have teared off. And then back to that end to end encryption. So not only do you have, uh, your data encrypted, if you're moving from on premises to cloud or cloud to cloud, but you have that encryption built into ONTAP, but you also have an extra layer of encryption from your cloud provider as well. And then over on to the autonomous ransomware protection that can automatically detect and respond to file system anomalies. And they may signal ransomware attack, ransomware attacks. Um, there's a whole slide that will go over that covers these kinds of things with AI as well. And of course, snapshot restores. Not only can you do a full snapshot restore for the volume that you've taken that snapshot for, but you can even go down into the file level as well. Okay. So let's move on to some encryption. So NetApp volume encryption. It's a software based data at rest encryption solution that uses AES 256. So each data volume has an encryption key that you can use and decide which volume to encrypt. So you don't necessarily need to encrypt every volume. But if there's more important volumes, you can snapshot copies and flexclone volumes are also encrypted. So data in flight going from onecluster to another is encrypted as well. Um, anything with cloud volumes Ontap will you will need an external key manager. So if you're using Azure, there's Azure Key Vault or AWS, KMS or Key Management System and GCPkey management service. Cloud volumes Ontap does support NetApp volume encryption and it is a software based. This is getting into that Fips 140 Dash 20 that I was talking about. That is personally identifiable information that a lot of banks, financial institutions and other medical companies will end up using. If you use a NetApp volume encryption, you have the option to use your cloud provider's key vault. There is third party key vaults that you can use as well, but we're going to stick with the Hyperscaler key vaults for this discussion. So we'll start off with managing keys with AWS Key Management Services. These next couple of slides are just going to be overviews on how to enable those, or what you would need to do to enable that on your system. So AWSKMS is used to protect ONTAP encryption keys. So you can use AWS managed keys or customer managed keys in this scenario. And generally they're kept in a key vault that is located uh, with your hypervisor. They oncethe key vault is set up and thekey is put in place, you would then go and enable that through the CLI, um, the ONTAP CLI. Or you can use Rest API as well for AWS KMS cloud volumes. Ontap does need to be at least 9.12.0 or later. Um, you do need to have cluster SVM administrator privileges and of course an activate AWS subscription. Generally for AWS it's fairly simple. You can create it, create or grant a key and the AWS KMS key, and then you add the policy. And then in here we have thespecific roles that you need to make sure you add into your IAM policy which is describe key, encrypt and decrypt to make sure that data in flight can be encrypted before it's sent out and decrypted. Once it lands on the system and it's still encrypted once it's over on the other side, it just needs to be read. And then of course, you just enable the AWS Key Management Software and Cloud Volumes Ontap. Over to Azure Key Vault. Uh, very similar to AWS. Azure Key Vault is built into the Azure portal itself. Again, you can use Azure Managed keys or Customer Managed keys, and these will rotate as needed. Um, you initially set up the key vault directly through the Azure portal, create your key vault, create your keys, and then attach any kind of service principles you need to or any permissions that you need to on the Azure side. Um, with Azure Key Vault you can actually use ONTAP versions 9.1.1 or later. So you can use older versions of ONTAP as needed. Um, again, you still need to also have cluster administrator purposes and then an active Azure subscription. So Azure Key Vault is only set up for the data SVM. And then you need to um you would then enable it volume per volume with NetApp volume encryption. And then NetApp aggregate encryption requires an external supported Kmip server. So this goes back to Azure Key Vault AWS being only able to use NetApp volume encryption, whereas if you wanted to use NetApp aggregate encryption, you would need to use a third party key management software. Um, the other thing is that CVO will pull Azure Key Vault every 15 minutes to make sure that the validity of that key, and if it cannot, then it'll help lock down your data. So if there is a disconnect there, it'll make sure that your data stays safe. Um, and then of course the configuration steps, um, you go into the Azure app registration to,create your permissions, create your client secret key. The key vault itself. Um, create the key and then go into the Active Directory endpoint. Um, if you need to, if you need to configure those for an Ha system and then get back into that CVO cli to enable that on the system itself. Now I'm going to hand it over to my colleague Abdul. Uh, thanks a lot. Um, so similar to other Hyperscaler, uh, Google also have the, um, key management service, that they provide to their customer to have the data at rest encrypted. So, um, Cloud Volumes Ontap, um, will use, uh, the Google KMS as external key manager, uh, which is based on Kmip protocol. And I will highlight the, uh, the,requirement and the steps, uh, how we can enable uh, that for to encrypt the,volumes on uh CVO. So the first thing is that, uh, we have to make sure that the, uh, as far as the CVO node management is able to get to, uh, Google Authentication Service, and the SVM live is able to get to KMS. So thefirst step is that, uh, we have to enable the Google, um, uh, KMS APIs. You have to ensure that the CVO is running 9.1.1 or higher version. Um, you have to use uh. As far as the CVO is concerned, you are the have the rights as the cluster or SVM administrator. Uh, and then you have to make sure that you also have the subscription to use the KMS service. Um, depending on the service, they are different costs associated. Uh, so I have the, um, uh, slide to show you which are the different option you can use as far as the, um, I mean, the as you can see, as far as the configuration steps are concerned, uh, the key thing is that you need to set up within your project, you have to select a GCP region and create a keyring. Within the keyring, you will be able to create a key. And then there are additional step in terms of permissions, uh, which required a custom role that need to be created for the service account are followed by a policy binding that is required for the Google KMS key and the service account. Uh, and after that, uh, you need to download uh, key uh, for the service account and those once you, uh, go through those, these steps then on uh, CVO itself, you log in, uh, and you will be able to connect, uh, to KMS as an external key manager. And then, uh, you have to enable, uh, those keys. And once those keys are enabled, every time when you create a new volume that will be encrypted using those keys. So, uh, can we go to the next slide? I think that will make it a bit easier in terms of the steps. So as you can see, um, on the left side, the first thing is that you have to use Google, uh, cryptographic keys. Uh, so you have to select the project, you have to select the region, uh, and you will create the key ring within the key ring. The second step is right below that. You have to create a key. Now uh, KMS does support uh,providing a generated key, which means that, uh, it will be managed by Google. You have the also option to use CMAC, uh, which means that the keys still will be stored in Google KMS. However, uh, a customer, um, have the option to manage in terms of how they want it to rotate. So as you can see on the bottom, um, where it says the rotation period, you will be able to change based on your security standard, uh, internal policies, how quickly you want to rotate those keys. And once you are able to get the keys, um, the,additional steps are using, uh, either you can use the Google uh, CLI. Uh, there's an option to even use, uh, APIs. If you want to automate this process. It will require using the gcloud IAM to create the custom role. And then the KMS keys to create the association, the policy binding. Once you finish uh, you are done with those steps. The,um then you will be able to um use CVO command line. You log in as cluster admin or SVM admin and then you will be able to connect, uh, using the those keys and the service account, uh, to,enable the keys. And then from that point on, every time when you create a new volume that will be encrypted. So this will ensure that your data at rest is encrypted. All right. Uh, if we can go to the next slide. So beside, uh, data at rest encryption NetApp also provide, uh, virus scanning. That is for, uh, any malicious attack, uh, or to detect, uh, any files, binaries that does not have the right signature. Um, as uh, and this is service is available both for uh, SMB and NFS, uh, clients. So every time a client wanted to open a file, um, they will read renaming or closing a file. The request will be sent, uh, from your client to CVO, uh, whenever there's a read operation for those files on your share. Uh, q CVO willredirect the request to the Vscan server once it verified that it is clean and it does not have any malicious code associated with it. With it,will respond back to the client that they are. They will be able to perform those file operations. Um, beside, this is real time scanning. Beside that, you will be able to also run ad hoc on demand V scans. So if you want it to run something off hours, uh, across anything that was previously not been scanned, you will be able toscan all the data that, uh, hosted on CVO. Uh NetApp have multiple supported vendors. Uh, McAfee, Symantec, uh, Micro Trend. And they are additional, uh, antivirus software provider, Which are can be integrated. So, um, it's a pretty inline, uh, scanning. Um, it will be completely transparent, uh, to the customers once you enable this integration. I think, uh, I will from here, I will either, uh, Jacob, you want to take, uh, if you move to the next slide, I think that's back to the, uh, ransomware. Jacob O'Reilly, if you want to discuss, uh, take from here. Yeah, sure. I can grab that. Thank you. So, ransomware for Cloud Volumes Ontap. Uh, CVO includes built in functions for protecting against ransomware. It has the immutable copies of volumes. Um, when, uh, snapshot policies are activated, CVO creates read only copies of its volumes that cannot be corrupted by ransomware. In the event of an infection, the snapshots can be used to recover from corrupted volumes. File extension blocking. So F policy is a component of ONTAP that monitors client access to the files stored in CVO volumes, and can prevent potentially harmful operations. When activated, F policy blocks operations on known ransomware file types. Um, and if Jacob, you want to kick over to the next slide, we've got some more stuff that we cover withautonomous ransomware protection. Awesome. Thank you. So Autonomous Ransomware Protection, or ARP, is a built in feature for CVO that proactively detects and alerts administrator and administers to administrators to abnormal activities indicate indicative of ransomware attacks. Um, a couple of the key features are data encryption detection. So it can identify unauthorized encryption of files. So if a system is using a different form of encryption, or if it's anomalous to what the system is used to, and you'll see that that's a common thing across all of these,detection mechanisms. So with data theft detection it monitors for potential exfiltration of sensitive data. So data is getting moved outside of the system that doesn't normally get moved. Um analytical indicators. So high data entropy uh indicating increased randomness of file data. Um, unusual surges in volume activity coupled with data encryption, uh, file extensions that deviate from typical patterns. So it can look at all of these different facets of your system and see that there are behaviors happening that are not normal to what your normal end users use, or how this data is normally managed on your system and can act accordingly. With these automated responses, it can detect the suspicious activity and will generate a new snapshot copy, supplementing the existing scheduled snapshot to safeguard your data integrity. Um, there are more. If you need more information, there are links here that we can provide to you here in a moment as well. And some additional considerations. Licensing and activation. The ARP license is actually pre-installed on every CVO instance, and is just ready for activation on each volume. With the comprehensive protection, ARP does offer robust detection and alert capabilities. Integrating it with Blue XP Ransomware Protection Services provides end to end coverage, including enhanced protection and recovery options. So this is a continued version of the autonomous ransomware protection, but we're going to touch a little bit more on the AI. Netapps built in, AI powered ransomware protection is the next generation threat detection at the storage layer S labs and independent third party testing facility has validated our ransomware detection capabilities with 100% precision and 99% recall accuracy. Precision.indicates the capability to correctly identify ransomware threats without false positives and recall measures. It measures its effectivenessin detecting all instances of ransomware in the test environment. This means less alert fatigue and more accurate detection of legitimate threats. Um, and we can also provide you that full report as well. This is GA with Ontap nine 16.1. Um, and again we have more detailed information we can refer to with additional links that will drop in the chat here in a moment. Blue XP provides further ransomware protection features in addition to the CVO built in protection. Um alert. There are alerts and snapshots. Um. The snapshot can offer quick restoration to its pre-attack state in case data becomes compromised, And then with Cloud Insights providing an ever evolving defense mechanism by continuous, by continuously evolving as threats, landscapes change. Cool. Thank you. Riley. Yeah. Thanks, Abdul. Riley, you guys did a great job. Uh, so, yeah, just our final slide on the, uh, NetApp cyber resiliency portfolio. Um, we're going to be talking about storage workload security, which is part of Netapp's data infrastructure INSIGHT, or formerly known as Cloud Insights, if you've heard of that. Um, so for storage, workload security, uh, it's part of again, like I was saying, it's part of the Resilient Cyber Resiliency portfolio detects and alerts on anomalies. It allows for real time visibility into user activity across your organization that protects against insider threats and ransomware attacks. It also auditing machine learning driven anomaly detection and policy based automated responses. So for storage workload security, you just need to use a lightweight connector collector VM to analyze data access patterns with the use of your Active Directory, your Ldap and file activity to detect real time and alerts and protect on internal and external threats. Storage workload security gives companies peace of mind by giving real time user activity, anomaly detection, access patterning, proactive alerting, and integrated action response. Um, and actually this next slide, uh, really hits home for me because this is a direct quote from one of my actual customers, uh, that I work with very closely. Uh, I won't read you this whole quote, but I would like to really point out the very first sentence, uh, which I always, uh, really got a kick out of, um, because he would say this to me a lot, you know, he said storage workload security is essentially a digital bodyguard for your data. Um, a very powerful statement from a company, uh, that is really in the front lines of NetApp technology. Um, so I'll leave you guys with this. Um, it's kind of our, did you know, slide. So just a few things I thought would be really important for us to leave off with. Um, so first, I just wanted to let you guys know is the intelligent data infrastructure company. We are trusted by companies in all industries, large and small, and by all of those who want to protect the most crucial aspect of their business. Uh, secondly, kind of what Riley was touching on before, uh, NetApp earned a triple A rating for its ONTAP ERP with AI by the, uh, SC labs. Third, um, I know we didn't touch on this much, but, uh, Blue XP classification is complimentary to our Blue XP users. Um, so one thing I like to say is, you know, you learn your data, you know, your data, and then you can protect your data. So when you learn your data, you know your data. And when you know your data, you can protect it. Um,fourth, uh, we have an extensive NetApp documentation, technical report, uh, site. So we have extensive documentation on a wide range of topics. Uh, but most importantly to this conversation that we're having today, uh, we have a whole section on security.hardening, best practices, um, things like that. So we'll have a link to that for you guys so that you can, um, go do some research. There's plenty of documentation out there that can help you protect your data. Um, fifth, uh, alongside our technical documentation site, we also have customer facing labs, uh, that allow our customers to practice new, old features, um, in a safe environment before actually implementing it into production. Um, and then lastly, I know this is actually isn't on the slide, but, um, I would be remiss not to mention this before we end, please,reach out to your Customer Success team to learn more or to set up a workshop with them for a deeper dive. If you don't have a Customer Success team, please reach out to your NetApp account team. And we will. You know we want to work with you. Uh, we want to help protect your data. So. And with that, uh, thank you so much for your time today. Uh, I'm going to open it up for questions with our presenters. Um, if we're able if we're unable to answer your question or you feel like you just want a deeper dive, please let us know or leave your email in the chat, and we can schedule time, uh, to have a deeper conversation with you. So thank you. If you need a demo of it, please do email us. Uh, we would be happy to give you a demo, but if you have any questions right now, you can raise your hands. And we have our customer success engineers right here who can answer your questions. Okay. The questions. Okay. Thank you. Jacob, Riley and Abdul. This was an insightful session. Um, as we wrap up, I want to extend a heartfelt thank you to all of our attendees for joining us today. Your participation and engagement is greatly appreciated. Right after the session is you will receive a poll. Please do take the poll. Uh, if you have any further questions or need additional information, please don't hesitate to reach out to us. Uh, we are here to assist you and help you, um, have a great day and we look forward to seeing you at our future webinars. Thank you everyone. Thanks a lot. Thank you. Please reach out to us. If you wanted to have more deep dive session or any assistance, um, how we can help you to protect your data. Thank you. Thank.