Hello and welcome to Defending Your Data, the state of ransomware and Netapp's AI powered storage layer protection. Today's webinar features Gigaom and NetApp and is produced by Actual Tech Media. My name is Scott Becker with Actual Tech, and I'm excited to be your moderator for this webinar. Now, we've got a lot to cover today and we can't wait to get started. But first, I want to go over a few housekeeping details that are going to help you get the most out of this session. So let's start out in that chat tab over on the far right hand side of your screen. That's the place to say hello and to share your thoughts and reactions to today's discussion. That's also the place to let us know if you're having any technical difficulties. Now, we're sure you'll have questions for our expert panelists today, and we really encourage you to ask them to get the most out of the presentation for those questions. The place to type them in is the Q&A tab, just over, uh, over from the chat tab. And a quick note, we've got a lot of topics to cover today. If we don't get to your question, don't worry, we are going to forward any questions that we don't get to,the, to our experts tofollow up. Now finally, we've got some great takeaway resources for you in the docs tab. So be sure to click around in there and explore those. Um, you may have noticed a prize icon. We are in fact giving away an Amazon gift card worth $250 as a prize drawing at the end of the webinar. Of course, you must be in attendance for the duration of the live event to qualify for that prize, and you've got to meet the actual tech media prize terms and conditions, which you can also find in your docs tab. All right, well, with that housekeeping out of the way, I think we're ready to get into our discussion. And I am so excited to introduce you all to our expert panelists today. So we have Darryl Kent, who's field CTO at Gigaom, and we have Arun Rajan, who's VP and Chief data scientist at NetApp. So Darryl and Arun, thank you both so much for being here with us today. I'm happy to be here. Well, it'sgreat to see you, Darryl. I think, um, you know, it'd be great if you could just sort of set the stage for us today about the state of ransomware and defending your data. Happy to do that, Scott. As Scott said, I'm Darryl Kent Field CTO and analyst at Ghigau. I spend my time linking and aligning end user executive decision makers with technology providers. And so for today's case, that would be those who are navigating the evolving threat landscape, trying to balance prevention and recoverability and often grappling with what real resilience looks like today. We're way past the point where ransomware is just a cybersecurity issue. It's now a business continuity issue. It's a compliance issue, and frankly, it's a boardroom issue. In my role, I see one clear trend that Organizations are rethinking their strategies not just around preventing attacks, but around how confidently and cleanly they can recover when, not if an attack gets through. And frankly, we shouldn't even be asking when anymore. The better question is how bad is it going to be and how quickly and effectively can we recover? So with that, I'm excited to be here with Arun to explore how AI is transforming resilience as a core enabler at the storage layer itself, and why recovery readiness has become the defining metric for resilience. Arun. Anything to add? Hey. Thank you Darrell. Good morning, afternoon and evening to all the viewers. My name is Arun and as Scott mentioned, I'm the VP and chief data scientist at NetApp. As part of my charter, I lead efforts to embed intelligence via AI ML into Netapp's Cyber Resilience portfolio. Super excited to be here and look forward to sharing my thoughts and learnings on this very relevant and important topic alongside Daryl. Back to you, Scott. Excellent. Yeah, we're looking forward to those insights too. Um, so let's get into the first topic. You know, I've been, uh, you know, covering the IT industry for a long time, recovery for, you know, for decades wasreally something for, you know, the tech crew, um, you know, to figure out. But it's becoming more of a, of a board level mandate now, um, you know, and I wonder, Daryl, if you can, if you can talk about that a little bit. Absolutely. And you're absolutely right. What we're seeing across the board is a shift. Recovery is, as you say, no longer a task handled quietly by it. It's a strategic mandate tied to business continuity, compliance, cyber insurance and executive accountability. That means that infrastructure and security decisions are now inseparable. So CISOs and infrastructure leaders are being asked not just did you prevent the attack, but how quickly and effectively can you provide a clean recovery? And that's a new muscle for many orgs, and it changes how platform decisions get made. So by enabling those capabilities in the storage layer itself, you gain the interest of the CISO and they become a strategic partner with the CIO in storage, infrastructure and operational decisions. Which raises it up to a business level decision and a business level mandate. Arun, how is NetApp helping customers answer that boardroom question? Hey, uh, first off, spot on, Darrell, um, recovery is indeed a C-suite priority tied to business continuity and compliance. And to be honest, you know, it should not come as a surprise that infrastructure and security go hand in hand. Recovering mission critical workloads is clearly the name of the game here. However, an effective recovery is possible only if cyber resilience is built into your infrastructure. Let me repeat myself. Built in and not bolted on. And this is one of the reasons why we at NetApp call ourselves the intelligent data infrastructure company. We embed cyber resilience into our infrastructure. So consider in a ransomware scenario, we immediately detect an attack as it is happening not on your backup but on your primary storage. Because remember, it's not about protecting copies, but protecting the truth which lives on your primary netapp's proprietary technology, which we call as autonomous ransomware protection with AI or AI for short. Detects an attack on the primary storage as the attack starts to happen and immediately takes a tamper proof snapshot, ensuring that business critical operations can resume with minimal data loss. In other words, we enable our customers to have the best recovery point objective RPO and best recovery time objective RTO. Back to you, Darryl. All right. So to me, before we get back to Scott and on perhaps to our next topic, what I, what I hear there is it reinforces this boardroom decision because you are now providing as,I said earlier, this interest from the CISO, the security is now down in that storage layer. And it is also possibly bringing in the CDO and others because you are, um, protecting life primary data. And when you are affecting the organization like that around the primary sole asset of data. Um, it becomes a business discussion. Absolutely. Darrell, it, uh, I would say cybersecurity is a team sport. Well, you stole one of my lines, but I will use it anyway. Well, it was a yeah, it was a great discussion of,uh, you know, how important recovery is now, you know, in the boardroom and the C-suite really, you know, up level. Um, and Arun went into a little bit of,uh, you know, our next topic here, which is artificial intelligence. We had it in the title. Everybody's talking about AI. Where does AI fit into storage now? Um, so I'llstart this off. Arun, um, we hear a lot of noise and chatter in the market around AI. It's being discussed in all aspects of technology, and you cannot talk about technology in 2025 without mentioning AI as a central theme. Andgenerally the secondary theme becomes Cyber Resilience. So these two topics today are,tied together, uh, intricately. What we have found is that what really matters in AI is not that you have it, or you have it everywhere, or are you using it everywhere. It's all about precision. And by that I mean close to where the decisions are made and focused on specific tasks and capabilities. That's where it's most powerful AI that lives close to the data. And as you said, Arun built in rather than bolted on. Uh, where it's infused into the storage layer and not just watching from the perimeter or the backup layer is what can enable fast and trustworthy recovery, especially when ransomware behavior isn't loud or obvious and that, uh, by that I mean it's dwelling. It's just sitting there. It's not loud, it's not obvious. It's getting there incrementally. Uh, so this is where, uh, I infused into the storage layer and where recovery intelligence can matter the most and protect the real asset that ransomware actors are trying to compromise. Now, Arun, you already talked about RPI and how that improves trust in the recovery process. Anything else you want to talk about here relative to, uh, this particular, uh, point on? Um, you know, I'm not going to belabor it, but, you know, we've spoken enough about built in and not bolted on. But, you know, that's really our mantra. Right? And while I feel it's important to, you know, implement defense in depth and be cognizant of the importance of layered approach to security. I would like to tell our viewers that it's key to realize that security needs to be built in close to where you have your crownjewels aka your data, right? A good analogy I would like to give here is that think of, uh, your house. You know, like, let's say you have multiple fancy alarms in your house, door sensors, glass break sensors, motion sensors, etc.. But let's say you have your jewels and money, right? Open in the living room, right? It's easy peasy for the attackers.don't mind triggering all the sensors. They get in, take your assets and immediately get out before the cops can come. And it is the same for your data. You know, you could have a layered security approach, but ransomware attackers don't mind triggering the alarms they get in, take the data, encrypt the data, and they are out in minutes. An attack is over in minutes. This is why it is so important to have AI based safeguards built in alongside your data. And to be honest, this is the guiding principle for our unique approach to detection. Specifically talking about ERP, AI, we detect an attack as soon as it starts to happen and immediately lock the data in a tamper proof snapshot, which means the data can be recovered in minutes. Just to close this point, we at NetApp unify storage, security and recovery, effectively embedding cyber resiliency into our infrastructure. I think, uh, you know, I like that analogy very much because I always talk about it as you've got all these shields in place, you've got detection and prevention and some mitigation, but eventually shields fail. And that'swhat you're talking about here. And they fail because the threat landscape continues to evolve. It's difficult to keep up with. And you talked about a lot about detection technology. Uh. Anything else you want to say about NetApp detection technology here? Yeah. Um, the thing since you talked about the threat landscape, um, you know, I really wanted to share this important point with all our viewers. You know, I have worked in the security industry long enough. And let me tell you all, the name of the game in cybersecurity is to think like an attacker and always be ten steps ahead of the attacker. The ransomware landscape is very dynamic. And, uh, you know, as Daryl mentioned, thousands of new malware come up every day. And it is scary. So what this means is that you can't build an AI and sit peacefully thinking that you've solved the problem. Attacks will slowly start to bypass the models. At NetApp, I have an elite team of data science researchers who work at the intersection of AI and security. We ensure that Netapps ransomware detection models are constantly updated. They are constantly trained on vast amounts of new variants that come up every day, and this keeps our customers protected from new and emerging threats. And just one more thing to add. Uh, SC labs, which is a third party security testing company. They test Microsoft, Intel and other companies on their security offerings. SC labs tested us with multiple ransomware variants and we came out on top. We were given the highest rating. We caught 99% of the latest ransomware variants. Sowith that, you know, it is while prediction is outstanding and it needs to be in place, the detection needs to be there. It's not always possible necessary to predict as long as the precision in terms of flagging behaviors that deviate can be accounted for. And we'll get into that here in a little bit. Uh, I wanted to follow up a little bit more, uh, you know, as,you mentioned, on some differentiation, uh, these days, every storage vendors offer some form of ransomware detection, um, beyond what you've already discussed. You know, I can see the end user customers out here thinking, well, what should I keep in mind? And what are the questions you should be asking when choosing a ransomware solution? Now, I believe that part of that is detection and prediction and prevention, but it is also in determining behavior. Because what we're really after here is,um, ensuring the data is not only protected, but it'sclean andit's usable. Uh, when we finally do have that attack, um, is there anything you might want your customers to keep in mind or questions that they should ask beyond the ones that I've, that I've just suggested or beyond the typical ones because it seems like everybody's doing it. I think for the most part, you hit the nail on the head, Darrell, and this is a very important topic. So, you know, I want to clearly address it for our viewers. So every storage vendor offers talks about ransomware uh protection. And you know, they offer some form of ransomware detection. Um, so I just wanted to give a few points that, uh, you should think about when you are choosing a ransomware protection solution, right? Like so I'll just boil it down to three key points. I'll just mention the points, and then I'll kind of like dive into the details. The first point is, does your solution leverage AI, and if so, where does the AI reside? The second point is what is the protection efficacy of your AI. And the third point is how often is your AI updated? These are the questions that you should be asking the vendor to kind of choose the right solution that meets your needs. So let's take the take a look at the first point. Does your solution leverage AI, and if so, where does the AI reside? You know, writing rules and signatures is a thing of the past, and you don't stand a chance when the attackers are leveraging the best of AI to craft advanced threats. Therefore, its AI is not like a nice. To have an AI powered solution is a must have. I should learn from the data to block new threats. The second thing is where does the AI reside, right? Like AI has to be close to the data. It should reside where your primary data copy is. It should reside on your primary storage if it is not on your primary. Unfortunately, the solution is not fast enough to detect an attack and safeguard your precious data. The second point is what is the efficacy of the AI, right? While it's absolutely necessary to have AI running on primary storage, It is not going to be sufficient. The production effectiveness needs to be clearly verified by a third party testing company. And there are two numbers that you should ask your vendor. And these two numbers are precision and recall. Let me start with recall. What recall means is that out of all the ransomware attacks hitting your organization, how many would this AI catch? That is what is meant by recall. A poor recall means that the AI is not good enough to protect your data. The other number is precision. And what precision means is that out of all the alerts that your AI produces, how many of these are true ransomware alerts? Poor precision means that your AI is going to produce a ton of false alerts, which could overwhelm both your infra admins and your SecOps. So on this point, I just wanted to mention that NetApp has been tested by AC labs, specifically evaluated for precision and recall, and we came out with flying colors. We are 99% plus for both precision and recall. Okay, so the third point is, uh, how often is AI updated? So when you choose a solution, you need to make sure thatsolution constantly updates the models. Right? Like because as I mentioned earlier, new variants come up every day and you want to make sure that your AI is capable of blocking the new and emerging threats. So those are all three great points. And the first one about where does it live? I was smiling while you were saying that because, uh, we went through this about 20 or 30 years ago with storage virtualization, as you recall, it was, is it in band or is it out of band? And that was a huge discussion for a long time. And of course, the correct answer, in my opinion, was it needed to be in band, in the storage layer, in the storage controllers. And that clearly isuh, where we're at today. So I see this as we're in that same kind of time frame in terms of evolution of,AI relative to storage. Uh, what you, what you called efficacy and uh,precision and hence why I said AI embedded and precision up front. I agree with that 100%. And in terms of concurrency, uh, these things are happening at light speed. Uh, thebad actors are evolving, uh, and they're evolving with AI, which is not one person anymore. It's a thousand people representing one person. And so it's thousands and thousands. So it's you. Absolutely. That third point, I think, is as critical as any of them. It changes almost by the minute, if not faster. All right. Well, that was a great discussion ofAI in storage. Uh, really appreciate that. So, you know, it's really a new landscape. You know, Darrell, when it comes to recovery readiness, um, what is required now? So even yet today, even yet, as important as this discussion is, and even yet that it's a board level, almost an extinction level event discussion. One of the biggest challenges I see is organizational recovery practices are still often siloed across infrastructure, operations, security, compliance. And while each group is working to be complete and they're diligent in their areas of remit, they're not coordinating their efforts. This means they can't uncover blind spots, nor can they effectively and quickly recover as they independently work to determine, cause, or implement their own specific recovery events. They can find themselves stepping on each other or becoming stalled while they wait on others to act. They may each be well trained individual athletes, and they almost always are, as it were, but find themselves unable to run any effective plays. And this is where Aroon stealing my team sport comes up. Successful organizations are those who unify recovery operations andhandle the expectations in a unified way. They practice cross-functional playbooks, and they treat resilience as a shared responsibility in this regard. I see this as a team sport and as we know, a well practiced team working in unison has a better chance on the play field. So Aroon NetApp supports this kind of unified recovery experience. Part of your modern data management is all about unification. Absolutely. Beyond that, how would you, uh,support the cross-functional alignment? Sure. Uh, first off, you know, like, uh, totally. Right. In fact, like, I was also going to bring up the team support here as well, but maybe I'll, uh, since we've talked about it a bit, I'll, uh, say that, you know, for successful organizations, you know, gone are the days when the infra admin lives in their own little backup world. SecOps doing their own thing for detection and response and compliance teams figuring out the right posture. You know, at NetApp, we want to break down these silos, uh, with our cyber resilience offering. Right. And, uh, we rely on the NIST framework, which is a set of guidelines developed by the National Institutes of Standards and Technology to help organizations manage their security risks. And if you look at the NIST framework, this has five pillars, namely identify, protect, detect, respond and recover. Right. We specifically adapt this five fold framework for data security and recovery. Right. Uh, if you look at the identify and protect pillars, they ensure that the teams not only know where the critical pieces of data are located across their data estate, but can also instantly ensure that the volumes where they reside are secured with the right backup policies and ransomware protections. The detect pillar the third pillar ensures that we can detect an attack on the data. And this is based on the AAP AI technology that I spoke about earlier. Then you have the other two pillars respond and recover. And this is very important because the alerts that come from AAP AI are not only surface to the infra admins, but also to the seam. Right? And just want to mention, as a side note, that we have built in integrations with some of the major seam vendors. Uh, so,that, you know, like SecOps teams can start their global investigations to mitigate the threat. The infra admins, on the other hand, can respond by blocking potentially compromised users and isolating the volume, and then recovering instantly from tamper proof snapshots so that the mission critical workloads of our customers have minimal downtime. So, to reiterate, uh netapp's, uh, offering, which we call as ransomware protection service, breaks down these silos and seamlessly ties together posture management, data protection, ransomware detection and response, which leads to a unified recovery workflow with minimal data loss and downtime. Exactly. So. And this is agood model to use. But asI said up front, four of those five layers are going to get penetrated. Correct. Andthat's why recovery becomes, uh, the critical theme here at the end of the day. And so part of that recovery is ensuring, uh, not only the primary data as through all these first four mechanisms, but then making sure that anything that is backed up or snapshotted is immutable and clean and can be integrated into these SecOps workflows that you're talking about relative to CCM and others, you know. So I think it's important there in that one, you have a framework that you can develop your maturity around and develop your processes and policies around and,uh, practice your blocking and tackling in your team sport. But at the end of the day, um, you better be really,good at recovery because you will need to. Well, let's, uh, let's move on to our next topic, which is about that recovery. You know, we've talked about the team sport and,uh, you know, and I and,the,board attention, uh, to recovery. But where are organizations in terms of their,readiness to recover? So it's an interesting human psychological discussion, and it's a troubling pattern. Andwhat we see is there is a clear disconnect at the executive level. They tend to rate themselves highly on Cyber Resilience. But when they get tested for recovery under pressure, most organizations cannot recover without compromise. And it goes back to this unification and this team sport, uh, theyrealize very,quickly that rapid recovery isn't just about backups. It's about knowing what to recover when and how? Without introducing reintroducing the threat. And of course, you got to do that in as timely a manner as practicable with data that is known to be clean. Those are all variables that must be accounted for. And while at an executive level, they may say, yeah, we're protected, we're using most current software. We have all these shields in place. We're following this, you know, we're doing our backups. Uh, and they may be doing everything correctly. But when they actually get into a situation that they must recover from, they find there's blind spots, there's gaps, they're not ready and they're not operating as a team. That's why they tend to overrate their readiness. Arun, uh, do you see the same thing? And, uh, is there anything that NetApp is doing that helps customers close that gap. Yeah. To your first point, Darryl. 100%. There is this perception that I've seen that, you know, customers think that, oh, if I buy a bunch of security solutions, then my cyber resilience is somehow super high, right? The point to keep in mind is that unless you test your cyber resilience strategy, you cannot prove its efficacy. You absolutely need to test your preparedness for the event, right? Be it a natural disaster or a man made one like ransomware. This preparedness should be assessed by a regular scenario based drills, which again is a team sport, right? You need IT security, compliance and business units to come together. The drill should simulate realistic attacks and allow for the organizations to test out their incident response. And as you said Daryl, identify gaps in the plans, right. So by simulating a real attack in a controlled environment, organizations can refine their strategies, uh, strengthen cross-functional coordination and boost overall ransomware readiness. So we know at NetApp, you made drills as an integral part of our cyber resilience offering, which allows our customers to quantify their cyber liability. If I may use the term and ensure that their crown jewels are always protected. I agree. And so what we can do is possibly provide thelistening audience a few best practices here. One build recovery into your platform strategy. Integrate this protection and recovery and infrastructure decisions not as afterthoughts but as first order design requirements. Two engage cross-functional leadership early. It's a dirty little secret. We've said it several times relative to this topic today about being a team sport, but frankly, it has always been a team sport. The team just gets bigger and has more functionality. Uh, so number three, immutable and automated protection. And this is done well withAI. And then what you mentioned Arun test recovery at the organizational level, not at the component level, not at the tool level, not at the group level. Do it at the organizational level and then make that recoverability a board visible metric. That's what I would suggest ourgood best practices. That's an excellent advice. Um, so we've got one more topic to, uh, to talk about here. And that is where does storage fit now, you know, in terms of overall, uh, you know, organizational defense. So this goes back to the, uh, the storage virtualization discussion. It is we are we're determining whereit best fits. But in my opinion, uh, storage. Uh, as I've heard from storage providers like NetApp, uh, they talk about storage being the last and often best line of defense. I think it's the first line of defense. So, uh, what we're seeing here is a reframing. The storage layer is no longer just the end of the stack. It's no longer just shielded and protected by multiple layers of detection, prevention and mitigation processes and tools. Those shields will eventually get compromised, so we might as well live with that truth. The storage layer can and should be the most trusted checkpoint. That's where confidence in recovery begins and where intelligence can have the most impact. You want your data clean in the event you will need to recover it. And I guarantee you will, uh, whether from ransomware or other events. But you want it clean so that you can recover it from those who would attempt to hold it for ransom and attempt to corrupt it. I suspect Arun, you're going to agree here, but I'm kind of interested in what you have to say. Fully agree. Darrell. Storage is definitely the last. And as you said, the most important line of defense. I mean, we call it the last line of defense because, you know, attackers breach multiple security perimeters to kind of reach the data. Right. So I'm calling it the last line of defense based on, you know, like where it happens in the kill chain. Cyber kill chain. But to your point, you know, this is the most important checkpoint because ultimately this is what the attacker is after. And this is what organizations should be zealously protecting. So storage is the most important line of defense. I agree. And so depending on your perspective, the last line because it sits at the end of the stack. If you are in the kill chain correct. But if you are being proactive, you're you are saying, look, this is going to be my fortress and good luck, right? You know, give us your best shot as, uh, as,a rock group might have said. Well, this has been a wide ranging discussion. Um, you know, Daryl, I wonder if you could kind of, uh, give us some,key takeaways. You know, um, I think we can boil it down tothree key ones, I believe. One clean recovery is the new resilience metric. It's not just can you detect, prevent or mitigate as we've been talking about, it's can you trust what you bring back to do that? Uh AI is proving to be powerful if it's precise and embedded. So that's point number two. The storage layer intelligence is what separates proactive from reactive recovery and to ensure all that work is effective. Point number three cross-functional recovery readiness is the new mandate. So you've got a new metric resilience clean recovery. In that metric you've got a new approach or areal approach in AI embedded. And then you've got thenew mandate in recovery readiness. I think platform decisions must align with SecOps, IT ops and compliance and not just infrastructure. So did I capture them all a room? Anything to add? Yeah, this is a fantastic summary, Daryl. Uh, I concur with your key takeaways. Uh, just wanted to add a couple of things. Uh, NetApp is an intelligent data infrastructurecompany, and our customers love that. Cyber resilience is embedded into the infrastructure. Customers love the built in, AI powered ransomware protection, and the proof is in the pudding. We have had a hockey stick adoption curve for our Cyber Resilience offering. One last thing. To our viewers, uh, from my side, we at NetApp are constantly innovating hard to protect our customers valuable data. I would like to invite you all to attend our INSIGHT conference in October this year, where we will be announcing some breakthrough innovations for data security. Stay tuned and thank you so much for listening in. All right. Well fantastic summary. We do have, uh, just a couple of minutes here for someaudience questions. We've had quite a few come in here. Um, this first one isfor you, Arun. Um, they're wondering, how is NetApp storage based detection and storage layer protection different from the competition? Yeah. Um, so I would like to kind of like go back to the point where we discussed how do you choose an effective AI for your protection? Right. Like, uh, and I mentioned three points, and this is where we completely differentiate ourselves from the competition. First and most important, our AI powered solution is built into the storage layer. Right. Like built into and not bolted on a lot of the competition. Uh, what they do is the they partner with a backup vendor. So the data is sent to a backup, and the backup vendor does these advanced ransomware models in the cloud. And while they are super effective, the point is that these detections are always delayed by a few hours. So our solution, on the other hand, detects ransomware attacks as they are happening on the primary storage. So that is a huge differentiator. And second, we are the only storage vendor who has actually validated our ransomware protection effectiveness with an accredited third party testing vendor, and we are the only ones who published both precision and recall metrics on real ransomware variants. So I would encourage you all to kind of take a look at our labs report, which clearly shows all the variants that we have successfully blocked. And number three, uh, we believe that, as I said, ransomware variants keep evolving and we believe that our solution is effective only if it's up to date. So we constantly train our models on the new variants and make sure that we are always prepared against emerging threats. So these are the three key points which I say, uh, differentiate us from the competition. Okay. Excellent. Um, another question here. Uh, this one, uh, Daryl, this one's probably for you. Uh, wondering, can you explain encryption attacks and how AI is helping customers prevent them and helping customers be prepared for these attacks? Happy to give it a go. And Arun has been talking in threes. Uh, humans tend to think in terms of threes or more precisely, odd numbers. So I'm either going to give you one, 3 or 5. We'll see how many we come up with here. Um, first of all, encryption attacks, um, are stealthy and they're time delayed. So they often start with low and slow behavior, encrypting small bits of data over time to avoid triggering alarms. Uh, so that's point number one. Um, two backups alone aren't enough. If you don't know what clean looks like, if you restore from a compromised state, you're back where you started. Only now you have false confidence. I helps in reducing dwell time and improving recovery accuracy. When AI is trained to detect subtle anomalies in right behavior, and if they're stealthy and time delayed, it needs to be trained that way. Or they're trained in user access patterns, especially at the storage layer. It helps service threats earlier and, uh, surface threats earlier, I should say. Andguides a smarter response. So that's three. And I think I'm going to add to that. So now I got to go to five. Um, precision matters more than prediction. We talked about prediction. And it's very,important. Uh, but precision matters uh, more. And here's why. Uh, AI doesn't necessarily need to predict the attacker's next move. It needs to precisely flag behaviors that deviate from baseline norms in near real time, as Arun has said several times. So that's where precision is,critical. And then smart recovery. The fifth point I think and that's where I'll end. Smart recovery depends on smart detection. Recovery preparedness isn't just a function of snapshot frequency. It's knowing which snapshot to trust and when to act. All right. Well so that was a maximum value on that in that answer fivepoints. Welldone. All right. Well unfortunately we're just about up on time. Uh, for those of you who also asked questions, we had a lot of questions here. Um, we are going to pass those along to, uh, to Daryl and Arun for, uh, for follow up. So, um, you know, don't despair. We'llget your questions. Um, uh, Daryl and Arun. Thank you. This has been a fantastic discussion. I know I'velearned a lot. I hope the audience has as well. Uh, really appreciate your time today.
Learn how NetApp AI-powered automated ransomware protection achieves 99% ransomware detection, blocks threats in real time, and enables rapid recovery with immutable snapshots and anomaly detection.