3 2 1 [music]It all starts with a dream, right? When I was a child, I would see every night the wonderful spectacle full of stars. That make me wonder how distant they were. Journey of their light from the stars to my eyes. the European Space [music] Agency is an intergovernmental organization. It has 23 member states and it is devoted to [music] study the space. We have sent missions to planets. We have landed on a comet. We are creating 3D maps of [music] the galaxy. But this is just the beginning. Our science missions produced a lot of data more and more every year. For example, GAA has observed two billion stars. Uklid will observe 1.5 billion galaxies. [music] galaxies. [music] galaxies. [music] >> NetApp is one of the most efficient scalable and flexible [music] system we have ever had. In fact, in this 20 years of experience of NetApp, we have never lost a single fight. >> NetApp takes cyber security seriously. We rely on the NetApp anti-ransomware capability. We are confident that our cyber security perure is also improving through the years with the help of NetApp.When I [music] speak about amounts of data, I'm speaking about tens of pabytes. Because of the importance of that data, we call [music] this place the digital library of the universe. We really look [music] to inspire the new generations so that they are the future astronauts, scientists, researchers, engineers. We are already in our path [music] to an intelligent data infrastructure and the new missions are able to observe a lot more of the universe. For me, this is the most of a major wonder in all this journey [music] which is just starting. All >> [music] >> right. >> right. >> right. I'm hoping everyone can hear me. I wanted to uh just think about the size of that for context on this. At one point, I remember us talking about how we could digitize the Library of Congress.Now what did you hear digitized universe effectively like it'sincredible the amount of size and capacity of what we are doing today in this space it'skind of unbelievable um thank you for all everyone here forjoining us on thetech lab series cyber security theimportance of what we're facing in the marketplace today the transitions of what we're seeing I talked to a customer just yesterday and they that everything that they thought they would be dealing with 5 months ago has changed 50%. And they expect it to change in the next 5 months another 50 or more%. Because therate of adoption things are just accelerating so fast. And the other thing he came back at me with was their thought process is intuitive and uh intelligent information and then actual response in a safe environment. You know, so theykind of look at things now today as they've really dealt with cyber security. They've spent a lot of time on cyber security. It'sa great terminology, but what they are actually seeing today now is the full experience of what the business is, which amounts to both security keeping people out and how do you ensure that you get them out if they do get in your house. You know, security systems only so good for the outside. How do you actually mitigate that risk? How do you make sure that things are going to be back to normal and the business is going to be running? Um, and I think for us today, one of the things that is uh the most critical is the fact that NetApp has a foundational piece to this. You know, and when I talk to Justin or I talk to people on the product side of the house, it never ceases to amaze me how much of what we build on and deliver on today is based on the intellectual property, the patents and the intelligence of oursystems our systems since the early 90s. It has been this growth mechanism and this evolution of our technologies and our capabilities that have been consistently complementaryary to what the industry does and we've adapted and kept it going and rather than you know having to deal with completely net new components of it we have leveraged an incredible amount of intellectual property to build what is the best storage platform securitybased platform foundation for data in the industry in the world hard stop. Nobody can do what we can do. So with that in this tech lab, this is going to be about understanding theinnovations, understanding how to put them together, how to message them in a way that I won't be able to. Justin loves it. andbeing able to put it in a spot where you can understand how to apply this to your customers and the things that they are seeing today, what they've seen in the last 5 months and what they're going to expect in the next 5 months and how do we parlay that into ensuring our value is front and center. So with that, I'm going to hand it over to the illustrious Justin Walsh. Let him say everything that I can't say normally. And then the last piece I'm going to put out there, I'm a Jeep owner. I love Jeeps, which means I love Easter eggs. So, you're going to see a hidden QR code in here that's going to allow you to engage andwin a prize possibly in this area. So, keep your eyes out. There might be multiples, but keep your eyes out. See if you can find that Easter egg. Thank you. Over to you, Justin. >> All right. Thanks, Kevin. Thanks, Kevin. Thanks, Kevin. So, hello everybody. My name is Justin Welch. I'm a principal architect here at NetApp. Uh, and yeah, I'm looking forward to spending about the next 45 minutes or so with you going over uh, NetApp and the things that we can do to help you secure and harden your environment. Um, to start off, you know, I'd like to kind of make a bold statement here that uh, hopefully you're all aware of, but uh, this is where NetApp is finding itself in the industry today. We are the most secure storage on the planet and that comes with a lot of weight, right? Weare being entrusted with a lot of data that our customers have and we need to ensure that we are protecting that data that we can detect attacks that uh that are coming along and that we always have an option to recover that data regardless of what may be uh what may be going on the types of attacks. Now in today's world there are a lot of different types of attacks that are happening and we've seen it from you know the simple click on a link in an email and that starts going out and you know encrypting the local laptop and then it's it spreads out to the uhnetwork shares and the things that are there andthat type of attack has been around for a long time and fortunately you know endpoint security and these other levels of security are certainly uh up to the task of detecting and stopping that and if that lands on net app storage as well, we can uh detect and stop and recover from those types of attacks. But the more insidious attacks are the ones where somebody is directly uh attempting to get into your environment and attempting to breach and touh do harm to the data. Whether that's a nation state that's looking to exfiltrate and steal information or even just to cause harm and damage or is that you know theguy sitting in his mom's basement you know thecliche of the attacker that is you know trying to make some money andgain uh fromdoing damage toabusiness. So, we want to be able to make sure that we can protect, detect, recover from any of those types of attacks. And thisclaim, the most secure storage on the planet, it isn't just uh NetApp, you know, tooting our own horn here or anything. It is uh backed up by in the industry and our peers in the industry. And our customers are telling us, NetApp, this is where you uh this is where you shine. And some of the things that we uh that we can tout here that can help us back up that claim is well first off our CSFC certification which is our partnership with the federal government, United States federal government around being able to use NetApp in any of their networks in any of their environments. Uh this certification allows us to go in and land NetApp storage in their networks and they don't have to jump through additional hoops, right? We've already been certified. We've already been through the ringer on that and they know that we are a solid partner with them. We've been validated and verified as such. A lot of our competitors will come in and say, "Hey, we have, you know, storage here and there in these different uh environments, but they've had to go through certifications and validations and jump through hoops in order to say that." Whereas we've got thatcore certification allows us to go anywhere we're needed to go. um FIPS certifications. We have uh we were the first storage uh vendor to have FIPS 140-3 certified encryption. Um obviously others have started to gain that certification as well, but uh we were the first there. Wecontinue to push and be a leader in uh the Fed uh in the certification areas around FIPS and what we're doing with our encryption on the drives. We'll talk a little bit more about encryption as we uh continue on this. We're on the Department of Defense, the Dodden APL. We have common criteria certifications. The list oferts and validations and verifications goes on and on. It's not just us saying this. It is this is where we are in the industry. [clears throat] [clears throat] [clears throat] So now I'd like to shift a little bit and talk about NetApp's approach uh to security andhow we get to where we're at. You know, whatis it that we're doing that's different than others and what is the big differentiator for us? And we truly believe that [snorts] storage is the last line of defense. Uh so you think about the, you know, the attacks I was talking about earlier. Ifsomebody clicks that email link, it's going to go through and start encrypting things. And that's, you know, that's not necessarily getting through all these different layers of security. It'strying to find a shortcut in to just go directly to the storage layer andencrypt this thefiles there. themore dangerous attack is the attacker that comes in and he starts breaking through these different layers of security, perimeter security, network security, identity security, application security, right? And there's even more levels in here. This is just a smattering of those uh protections and layers that you layers of defense that you want to put into place. As an attacker gets into an environment though, they get they breach that perimeter security. They get through that network security. They hit the identity security. If they can steal credentials to storage orto environments, now they have the keys to the kingdom, right? That gives them access to that application uh layer. And when it comes down to it, the data layer is the last line of defense. If an attacker gains access to the data, they have had to go through that data security layer last. And NetApp takes that very seriously. That is where our focus is. That is our primary concern. We want to ensure thatdata layer is the last line of defense that it cannot be breached that the attackers cannot get in there because if they do now they have access to the data they can encrypt the data they can exfiltrate the data they can read it they can delete it and destroy it and do all the things uh thatthey want to do. So NetApp we are not pretending to be all the layers of security. That's not what we're about. Yes, you need perimeter security. Yes, you need network security and you need best in breed in those areas and NetApp is going to partner with those other vendors andplay a part andhelp them asbest we can. Uh but our focus is the data security layer. That's what we do best. That's why customers come to NetApp is because we can secure that storage. We can protect the data. we can detect attacks early on and we can ensure that you have an option to recover so that youdon't have to pay ransoms and you don't have to capitulate to the uh the attackers's demands.So let's talk about this a little bit more. Um protect, detect, recover. These are the three sections and areas that I'm going to be talking about today. Um first off, protect. We want to protect the data that you entrust to us. We want to ensure that it is uh has all the coverage and necessary uh tools in place to prevent these types of attacks. And the first way to do that is via encryption. AndI talk about encryption of data at rest. I had a customer that was transferring uhstorage from one location to the other and they asked, "Hey, is this data protected? If someone were to hijack this truck and steal these drives, uh would they be able to read the data on them?" And the answer is no because we do implement data at rest encryption. We can do that at the hardware layer where you have designated hard drives that can go in and encrypt that data and ensure that if somebody does gain access to that drive, they can't read the data off. We also can implement encryption at the software layer. uh and that also allows us to write data encrypted as it lands on the disk and again preventing people from oran attacker from coming in and reading the data on that drive and trying to do something untowards with it. Um so data at rest encryption is a core tenant of what we do. We consider it to be table stakes. We want it to be turned onall the data. There's no downside to it. There's no reason not to have data at rest encryption turned onall of the your systems that are running NetApp andall of your environments. Um it is at this point uh no overhead from a performance perspective and it's just something that needs to be there all you know in and out. Now on top of data at rest encryption, we also need to concern ourselves with data inflight encryption. Right now, we're talking about the man-in-the-middle types of attacks where somebody gets into that network, you may not know they're even there, and they're stealing packets off the network. How do we ensure that they can't read the data within those packets that's going between the host and the storage? So, data inflight encryption is a real thing. NetApp can certainly uh provide solutions there. And again, both of our data at rest and data encryption technologies are included with the licensing that you have today. There's no additional license for these encryption solutions. uh they're built in and you can utilize them as you see fit. But data inflight encryption, we have the ability to encrypt protocols, NFS, SMB encryption, do SMB signing and sealing. We can do Keraros for NFS or we also offer an IP sex solution where you can uh encrypt all the traffic that's coming and going over a specific IP. And on top of that, we can allow we also have offload cards that can help you offload any performance hit that may be uh incurred due to the data inflight encryption. We're using encryption to uh encrypt our peer-to-peer traffic. So, if you're replicating from NetApp A over to NetApp B, uh we can encrypt all the data that's going in coming as well as our tiering technologies are encrypted and the communications with our management interfaces as well as our active directory interfaces. youhave the option to encrypt all of that data in flight as it's coming and going. And please uh by the way, if you do have questions, uh please put them in the Q&A section. We do have people here that are actively looking to answer questions. So if you have some, put them in there and theycan uh they can address those questions asthey pop up. Um so anyways, back to uh encryption, data inflight, data and rest encryption. Uh one of the big topics that I'm hearing a lot of customers talk about today is uh quantum computing and quantum cryptography. Uh you know thetype of attacks that are happening now a lot of them are what we call uh harvest and then uh decrypt later. Harvest now decrypt later. And basically what they're what these attackers are doing is they're stealing encrypted data with the intention of decrypting that data when quantum computing becomes readily available. um and thatday is coming. So postquantum compute is a date that uh at that point attackers will be able to use quantum computing to decrypt any of the data that they have stolen up to that point. And if that data isn't encrypted with a quantum uh ready or quantum safe uh algorithm, they will be able to crack that and essentially steal that data thatuh was previously unusable. So we want to make sure that thedata that we're encrypting and or the algorithms that we're using to encrypt the data are quantum safe today and that is where we're at. So the onboard data at rest encryption uh algorithms are h NIST has proven them to be quantum safe uh has declared them quantum safe um or quantum ready I should say and then we are also looking at getting quantum safe uh algorithms out for data inflight encryption. We are at the forefront ofprotecting our customers against the postquantum uh cryptography and postquantum attacks that are looming. Waiting for that to come out. So uh again want to make sure you just want to reiterate uh we are doing uh leading edge things. We are at the forefront of protecting data against quantum types of attacks. And we do have landing pages and more information on netapp.com if you'd like to see more about uh the quantum problem that's coming up andhow to ready your environment for that type of an attack. Now uh next is uh our in our protect column we'retalking about the snap lock and tamperproof snapshot. So snap lock is our uh ability to create immutable and indelible copies of the data. So I talked a little bit about thethis breach that's happening, right? So an attacker gets into your environment, maybe they've attacked that uh identity level and have stolen storage administrative credentials. What can we do to stop them from destroying the data or encrypting the data within an environment and that's where this snap lock technology comes in this immutable and indelible. When you take a snapshot of a NetApp environment, that snapshot is immutable by default. It always has been. NetApp snapshots have always been immutable. So you have that storage layer, it is you take that snapshot, ransomware can come through and wipe out all the data in that active file system, but it cannot touch the data that's captured in that snapshot. Uh so that data again, it is immutable. However, back to our attacker, right? He has gained storage administrative access because he attacked that identity level. he has maybe put some uh key loggers into the environment and has stolen credentials. Or maybe it's an internal attacker, right? Maybe it's somebody inside of the environment uh that already has credentials because they're a trusted employee or whatnot and they have decided todo some damage. How do we stop that type of attack? How do we prevent an internal rogue administrator from deleting the data orencrypting the data that we have? immutable and indelible copies of the snap ofthe of the data iswhere this really comes into play. So we have we offer three levels of immutable and indelible or snap lock solutions. We uh our highest most rigid level is called uh snap lock compliance. And essentially what this entails is creating a bucket of data. You're going to set a retention policy on that bucket of data so that uh once anything is written to it,gets locked into place. So it cannot be modified. it cannot be changed and it cannot be deleted for the retention of that you set on that bucket. So as data comes in, it gets written. It can't be changed. It can't be modified for 30 days, 90 days, 120 days, however long it is that you need to lock it down. And when I say it is indelible, that includes uh NetApp. We there is no back door. If you go in there and decide to lock your data down for 30 years instead of 30 days and then realize, oh well, this is going to use up all my space. Um if you call up NetApp, there's no back door for us to go in and lock inand unlock it. There's no admin account that could go in and unlock it.is immutable and indelible for the duration of that lock. And that's what you want. You don't want an attacker to find some secret account thatcomes around the back and unlocks that data and then deletes it. You want that to be immutable and indelible. So, Snaplock compliance can certainly offer that uh that type of protection. And you can set it up of one, you know, from one day up to a 100 years, I believe, is our max. Um, you could even go past that if you really need to. But the next level down, so Snaplock compliance, very rigid, very locked into place. The next level down is what we call Snaplock Enterprise. And enterprise does allow that one single admin account to go in and make some modifications to that lock if needed. So, it's not as rigid as Snap Lock compliance. And there are use cases for both of those. Uh and then the third iteration of snap lock is our tamperproof snapshots. And this is a little bit different from the snap lock compliance and snap lock enterprise level in that it does not require an additional copy of the data. For enterprise and compliance, you have to create an additional bucket, an archive level. You're going to copy the data in there and it gets locked when it lands on that copy. With tamper-proof snapshots, you can take a snapshot that was created right in your production or right in your secondary environment and lock that snapshot down for a set amount of days so that it cannot be deleted until a retention policy is met. Now, this is where I like to bring up the Uncle Ben conversation. If you know about Spider-Man, Uncle Ben said, "With great power comes great responsibility." Right? If you lock your tamperproof snapshots down for 30 years, they're going to be locked for 30 years. you're not going to be able to delete them. You're going to fill your volume up with snapshot uh data. So, be careful. We give you a lot of power with tamperproof snapshots. We recommend that you use them ina comprehensive way and understand the ramifications of keeping long-term snapshots around. Um, typically I like to tell my customers you want days of snapshots. One day, three days, five days oftamperproof snapshots. If you start thinking weeks, months or years, that's where you use thatsnap lock compliance level, that higher level to lock the data for longer term. So, uh, snap lock, tamperroof snapshots, uh, different levels there that you can utilize. And again, the licensing for all of this is included with the solution. So, once you roll a netapp environment out, you have access toour snap lock technology underneath the covers, and you can use that as you see fit. All right. So with that being said, customers came to NetApp and they said, "Hey NetApp, what's the most secure I can make the data? What's my most secure option that's available to me? Um, if I just want to really lock down the data that I have and ensure that nobody can access it." And so, you know, smart people in NetApp got together and said, "All right, what can we do to help uh enable this?" Andwhat we've come up with is a reference architecture around Cybervault. Um, cybervault is an industry term. It's all about how we can lock data down andensure that you have that recovery point. And in most environments, you'll see what's on the screen here. You have your primary storage, you have your secondary storage. You can replicate in between the two of them, right? Data is going back maybe birectionally. Uh, and that's good. If you get attacked, that's where the attackers are going to primarily be looking toget that data uh andstart causing problems. So, Cybervault comes in as a third copy of the data or anarchive copy of that data and you want to put it behind a logical air gap so that if somebody does get into that environment, somebody does gain administrative access, they may see the primary storage and the secondary storage, but because of this logical air gap, they cannot get to the data in that cyber vault. That data is completely protected. And on the vault side, you're going to go in, you're going to disable protocols, right? So there's no SMB, there's no NFS running on there. It is completely isolated off from protocol perspective. And then above it, you're going to disable the management interfaces so that nobody can get in and change settings and modify that environment, especially well, first of all, they can't connect to it. And second of all, um you don't want them to be able to change any of the settings. Then as you replicate into this Cybervault environment, it's going to be a pull replication. you're going to pull data from the outside in. Never push. If you start pushing data into that vault, now an attacker could come in and start pushing bad data and seed bad data into your vault, which you do not want. So, it's always a pull uh action where thecyber vault will pull a replication cycle in fromexternal wherever that happens to be. And this way you have a copy of your data that is secure. Um there's no uh specialized hardware that comes along with this.is just simply on tap ouroperating system that is protecting that data and it's all about how you configure on tap in a cybervault versus a primary or secondary and storage uh storage environment. But this can be run in any environment that you may have. I've seen customers put this cyber vault solution in their secondary storage uh clusters. I've seen them put it in their primary storage clust uh clusters. I've seen them put it in the cloud. You can put this wherever you would like it to be and wherever it needs to be. Right? There's the old uh debate of do I want myarchive copy close to primary that way if I have to recover I can do that faster or do you want that uh archive to be in a third you know a third site most secure possible so that nobody can get gain access to it. This type of solution will work in any of those uh setups that you just need to make sure that it is configured properly to do so. And please reach out toNetApp. We can help you uh we can help you do that configuration. Now, Cybervault is really at the core uh andofour protect one of our protection u best practices if you will and we believe in it so much that we guarantee that the data captured in one of our snap lock volumes uh we guarantee that you will be able to recover it. We have a ransomware recovery guarantee that if you sign up for that and go through there's a professional services component to that. If you do that, we guarantee you'll be able to recover that data regardless of the nature of the attack. Um thatdata will be protected at all costs and you will be able to recover it. Now um one other thing thatuh well an interesting concept here is that what happens in the event of an attack right if you were to get hit with ransomware and this is your setup today. You have your primary storage, you have your secondary storage. For most of the attacks, the you know theclick the link and is encrypting the data on the storage and you need to get that data back. The local snapshots in that primary storage environment are going to be your go-to. You're going to go to that snapshot. You're going to do a snap restore, a single file snap restore. Um you know, lots of different options. Create a clone, copy the data back. That's going to your be your primary recovery option. If however that primary storage and/or secondary storage is completely gone, now you're going to have your vault that's locked up that you can recover that data out of and put it back into uh your production environment. And a lot of customers Italked to and a lot of businesses arelooking at an isolated recovery environment that enables you to have uh that data in the vault be recovered into astaging area where you can then go through and uh run virus scans andyou know do analytics on that data to ensure you're not putting an attack or you know amalicious file or malicious uh you know data that may be there back into your production or your secondary environment. So be thinking about how to implement and integrate those isolated recovery environments and NetUP has a solution for that as well that we'll uh that's coming up. We we'll talk about that here in a minute. All right. So Cybervault high level it's a reference architecture. Um you can pick and choose the technologies out of there you want to put into place. It uses your existing uh NetApp hardware or if you need additional capacity you can put any NetApp hardware into that environment. It's going to allow you to protect that data against attack and recover that regardless of the nature of that attack. Immutable indelible isthe core component of that. But yeah, there you go. All right. So, uh moving on next uh in the protect column, multi-admin verification. And we've seen this around a bit. Uh but MAV essentially allows you for destructive commands to set up achecks and balances. So, if somebody runs a command like snapshot delete or volume delete or one of these destructive commands that are on the storage, um it's going to send an alert out and say, "Hey, somebody's trying to delete this volume." And you can configure it so that it requires additional people to approve that command before it'll take effect on the storage. And this uh this has been very useful. I've actually seen this uh this capability stop a ransomware attack where somebody got in, they gained storage administrative credentials. They were trying to modify some of the settings on the storage and as they ran thecommands to do that. Mav stepped in and said, "All right, I see the command you're trying to run here, multiple people have to approve this before it can take effect." And it actually stopped and alerted thebusiness to uh the attack that was ongoing and they were able to prevent it fromhappening with multi-admin verification.So powerful tools again included with onap. So when you roll that out all of these have that I've been talking about so far have been included. Now an additional capability that we have is called f policy and f policy is built into onap and basically this allows you to uh look at files and see what's going on with individual files on the storage. There is a native mode where you can go in and create a list of file extensions. If you don't want the file extension 7777 to ever land on your storage, you can configure this f policy to say no files with this extension canbe written to the storage at all and the end user will get a right denied error and it just simply blocks the file from ever being uploaded. You can also do an allow list. So if you know the file types that you want, say you have a repository where an application is writing PDF files and you only ever want PDFs in that directory, you can say allow PDFs. Everything else is blocked. very effective at preventing uh unwanted files from landing on the storage to begin with. So that's just one half or one part of the f policy engine. The second part comes in around uh if anything touches a file, we can generate an event whether it's a file update, delete, modify, copy, anything along those lines, we can generate an event on that action. And we'll talk here in a second about how we can take that event and uh we can make uh we can take actions based on what we're seeing. we can use AI to look at those events and say, "Hey, something looks suspicious or out of the ordinary. U maybe we want to stop that oralert on it at a minimum." So that brings us into the detect column. Wecovered protect and yes, there are other ways to protect the data. This is just a highlevel overview of some of the things. So if you want a deep dive into other mechanisms, we do have a hardening guide that's out there thatwe can share uh that will go through all the in-depth capabilities that we have inside of ONTAP. In detect though, NetApp is leading the charge. We are leading the industry with the ability to have um real time or near-time ransomware protection. And this is where we really differentiate again from a lot of our competitors, a lot of the others in the industry in that as files are being written, uh, we want to know immediately if there's something anomalous going on. A lot of our a lot of the others will say, "Hey, I'm backing your files up. I noticed that some of these are encrypted. Maybe you want to take a look at those and see what encrypted them. Maybe you've been attacked." That's great. That's a you know, that's a great tool in your toolbox. But NetApp takes a different approach. When we say that storage is the LA as the last line of defense, this is one of the things that we mean. We have built into ONTAP um our autonomous ransomware protection engine or ARP. An ARP is an active ransomware scanner. It is going to look at the data as it's being written and determine is this a normal action or is this abnormal or something that's happening with malware or ransomware. And again, it's built into the system so you don't have to have any additional components. You can turn it ona volume. It's going to look at that volume and determine yes, there's ransomware orno, there is not. You know, something's suspicious or anomalous or no, there isn't. And we are using AI to back that up. So, in our labs, we're actually running ransomware against our storage. And we are building profiles based on what we see uh with that ransomware running. So, this is what it looks like running on ONAP. Build that profile. Now we can take that profile and download it onto your storage and you can take action. Um, you know, it will take action based on what it's seeing. If it sees the profiles of a ransomware attack, it's going to be able to take a snapshot and then immediately alert you uh that there is something going on. Uh, and so we have gain uh wehave had this solution validated by SE Labs out of the UK. We received their AAA rating. Uh, they have told us theirprecision and their recall numbers are better than 99%. Basically, precision is all about how um how many false positives we give. Arewe actually able to detect theransomware or are we detecting false positives? So, less than 99% of false positives. Uh and then um the recall is how accurate are we? If we get hit with a ransomware attack that is captured in one of those profiles, we will detect that attack 99 uh better than 99% of the time. So, that's what those numbers are about. And it is a very effective solution on box. You own it with your ONAP environment. So you can enable it and protect the data that's there. Now that's not all. Everything I've spoken about up to now has been included as an integral part of ONAP. The systems themselves. This next layer of defense is all about adding more potency and power to our ransomware detection capabilities. So ransomware resilience service. This was announced uh at our insight conference just recently and basically it is another layer of protections in there. This uses that f policy engine I was talking about. Um it is very effective at detecting anomalous activities. It uses AI to actively do that. Um it looks at data that is being read. If somebody's reading data that maybe they shouldn't be. We call that data breach detection. We can alert on somebody reading files. uh if somebody is exfiltrating data out, we can alert on that as well, saying, "Hey, somebody's trying to copy files out." We then partner with uh networking uh or, you know, otherthird-party tools that can actually stop that attack. In that case, uh it also looks for data destruction. Somebody's going in and deleting files or somebody's going in and encrypting or modifying files uh in an anomalous way. We can detect that with our NetApp ransomware resilience service. And this is part of NetApp console. Um that's uh again uh just got released a couple weeks ago. Um that is the direction that NetApp isheaded uh around managing yourstorage environment. But this ransomware resilience is a paid module within NetApp console and it can it has a lot of power that you can utilize and check out and see if it is actually you know if you are being attacked orhaving issues. Now, uh because NetApp, uh is just launching this uh ransomware resilience tool, we are offering a free six-month trial. There's no uh purchase required. Obviously, you have to have an ontap environment. Uh you know, it has to be running against an ontap environment in order to work. Uh but you get up to 100 terabytes of uh capacity scanned. Um and it's included in that six-month free trial from the time you sign up. thesign up isongoing until January of 2026. So, you've got between now and then to register for this uh free months trial uh this six-month free trial if you're interested in using it. And we're finding that is a very powerful tool. Again, defense in layer, defense in depth. This adds a second layer at the storage side to help detect and mitigate ransomware and malware attacks. This can actually stop an attack. Uh, ransomware resilience. If it sees an anomalous action going on, uh, you have the ability to actually block a user or quarantine an IP address to say no more access until somebody figures out exactly what's going on with this attack andyou know, why it's there and what's happening with it. So, utilize theuh the six-month free trial. uh you can take uh you know grab that QR code and let it and follow that into uh the more information around it. All right, so this brings us finally to recover. Um how do you get the data back? Um we never want to have our customers have to pay a ransom. We always want to give you the option to recoveruh your data regardless of the nature of that attack. And how do we do that? It should be no surprise. NetApp snapshots are the best way to recover data from an attack. If you have an attack ongoing, right? Ifdata comes in and wipes out yourentire uh file system that you may have there, snapshots are immutable. They have always been immutable. You can use snap restore. You can use single file snap restore. You can create clones, copy data back. If you have theransomware resilience tool, there's actually the ability to go in and help you build scripts to recover that data. Um, there's also the option in there to set up one of those clean rooms that we were talking about earlier, uh, to where we can put that data into an isolated recovery environment, scan it, make sure thatdata is clean and get it back. But at the core of all of that is our snapshot technology. We want you to take as many snapshots as you can and keep them for as long as you can. That is the best practice. You have up to 1,024 snapshots per volume. And with that uh you can take a lot of you know point in time captures of the data toreduce the granularity of restore thatmay be required to get your data back up and running. Um so take snapshots, protect those snapshots, right? That moves into thesnap locking capabilities. You're going to replicate those snapshots into a snap lock volume. You're going to take tamperproof snapshots to ensure that nobody can delete them. And we're going to be able to protect you from attacks that are coming from without, right, with thehardening, the multiffactor authentication, the multi-admin verification that's built into the box. Um, and then we are also going to be able to augment that with immutable and indelible copies of that data and multiple snapshots to recover that data regardless of the nature of that attack. Whether it's the click the link and start encrypting type of attack or if it's somebody actually entering into the environment and breaching and sitting and trying to uh pick apart your solution so they can figure out how to ransom you down the road. Um, so protect, detect, recover. Um hopefully we covered that ingood enough detail. Obviously if you have more questions you can reach out to the net your netapp team orone of us and we can uh you know dive deep into this uh andgo give you more information. There are some uh best practices that are out there how to maintain cyber resilience. Uh obviously you want to implement security at as with as many layers as you can as many uh layers as possible in your environment. The more layers of defense, the harder it's going to be for those attackers to come in. Even given that NetApp is that last line of defense at the storage layer, you want to be able to protect on multiple layers. And you want to focus your defenses, right? You want to make sure that the business critical components of your environment are protected. So yeah, it's great to have these, you know, these hardening components in place, but if you can't recover the business critical applications and workloads, then you're missing the boat. So make sure that that's where the focus of your protection isaround your business critical needs. Be surprised how many uh customers I talk to that think, let'sprotect everything and you know, it spreads the protections thinner than they need to be. Um early detection of the attack. Uh this is the tricky part, right? If there was an easy button you could push and just detect attacks the minute somebody gets in and tries to do it, that would be fantastic. But obviously that that's uh that's not a reality in today's world. We want to be able to detect those attacks though from a storage perspective as early on. We're not going to wait for everything to be encrypted and then have that data being exfiltrated out and say, "Oh, hey, look at that. We see or you're backing that data up. We see these encrypted blocks or in these encrypted files. Um you might have been attacked." Right? That's not what we want to do. We want to detect as early as possible. Give you more options to recover. Give you more protections as they are in place to get back. And then finally, test this out. Testout your capabilities to recover. If you haven't been running desktop or red versus blue activities in your environment, you need to do it. You need to have a conversation with not only your storage administrators, your infrastructure people, but your security people, yourlegal teams. They all need to be in on this same conversation. Can't tell you how many times I've sat down with customers and said, "Hey, what's your incident response? What happens if you go back to your environment and you see ransomware running today? You,know, youpull up your desktop and you can't access it because the files are encrypted. What do you do? Who is your first call? Where do you go right off the bat?" You want everybody in the organization to know the process. What do If I see ransomware? What do If my laptop iscompromised or my endpoint is compromised or as a storage admin what do If I see uh data being encrypted or I find encrypted data that shouldn't be who is that first call and you want to make sure that you have reached out to your partners with net like such as NetApp uh we want to be uh part of your solution so what happens when you get with ransomware your legal department's going to come in and say you can't tell anybody there's no you know nobody can uh you don't want that data to get out we want to control the information as it leaves. And that can exclude a lot of your partners. You won't be able to call us up. You won't be able to have our help inthat recovery process unless you've gone through the steps in front to build in that relationship. You want to have NetApp on that approved list of, hey, here are a list of people that we can call to help us in this recovery. Even if legal says you can't call them, we want to already have thisrelationship so they know that we're on that approved list. And there'sno doubt. you don't have to fight that political battle in the middle of the attack. Uh you can have it done beforehand. So incident response uh is critical. Have conversations with your teams, have conversations with your management and with your, you know, thepeople above you, with your security teams, with your legal department, and ensure that everybody's on the same page of what needs to happen in the event of an attack. Again, if you want more information, you can go to security.netapp.com. This is our technical landing page around all of our best practices. The link there is for our best practices uh around how to harden your environment from the inside out. And in fact, if you want to know more uh about that or you want help, let's say you do uh decide that you want to get hardened, there's more that you can do. Uh NetApp offers what's called a data protection and security assessment. Um the DPSA is NetApp professional services coming out. They run scripts. They look at your environment. They build a report card around what they find so they can tell if you know, hey, you're you don't have youmay have something like SMB 1.0 oryou know, someyou know unsecure protocols running in your environment. They're going to find that kind of stuff in uh by doing this assessment. At the end of it, you get a report card. Green, yellow, red. Here's how you look. Uh green, you're looking good. You know, yellow you need to remediate. read obviously isproblems that you need to solve. You can then take that report card, send it up to your management, say, "Hey, we need more help. We need more money. We need more time." Whatever it is toharden this environment. Um or if it's all green, you can send that up too and say, "Look howsecure we are and how uh you know, hardened we havemade this environment." So, here's the QR codes if you want to know more about that data protection security assessment. Also, the uh ransomware resilience service that I talked about earlier, you got uh for the six-month free trial, thereare QR codes for both of these. So, Kevin, how did I do? >> I think you did great. Youdid exactly what I thought you do. You say everything I couldn't say. Perfect. But QR codes again, yes, we saw them throughout and I saw a few people acknowledge where they saw them. That's awesome. Um these offer us the ability to get deeper, help you find out what's happening in there. So, please do take advantage of those service capabilities and the assessment capabilities. Um, a couple of the questions that came up though, Justin, that you know, I said earlier on is like we've always built on these layers and evolved our environments as we've gone through andSnaplock is clearly one of those and that definition is there. We talked youtalked about enterprise and you talked about compliance and we talked about indelible and we talked about immutable and kind of the how that construct goes together andfor me talking to customers often thequestion is it's a oneandone it's all or the above type of thing and it's like tell us exactly quick snap lock compliance enterprise really what does it mean to you like if I'm a customer and I'm saying I need to block everything out I need to lock it for compliance purposes because of my industry or because of privacy requirements,but I also have an investigative side of the equation and I might need to actually remove data at some point in time and you know some people offer that by you know backend support capabilities and things of that nature. What are the differences in those choices for us? So indelible is an absolute word. If you want your data to be indelible, you're not going to be able to go in there and remove components out of it. And that's really where the decision comes down. Do I want snap lock compliance or enterprise? Um, if that data, so for example, SEC 17 A- 17A-4 is a regulatory requirement. I think I got that right. Uh, where the data is immutable. You have to prove thatdata hasn't been tampered with for seven years. Right? So that's an instance where you even if somebody comes in and says, "Hey, I need my data removed. I want it pulled out." That data can't be tampered with. And that's one of the examples of indelible that really makes a lot of sense. You don't want to have to worry about somebody coming around andyou know hacking into the environment orlegitimately going into the environment and modifying thatcopy of the data. You want it to be there and locked down. So you need to decide what's important in your environment. You want to know that the critical data is going to be written andsolidified in a third copy in that archive so that if everything else goes away, you can always get that data back andrecover it quickly. Snap lock is read. You can read that data, right? So you do have access, but you can't delete it and you can't modify it. >> Perfect. Now again though, it doesn't mean I have to do just one or the other. >> Correct. Yes, you could do a combination. Absolutely.And you're licensed for all of it. So you can put tamperproof snapshots right in your production environment or right in that secondary environment and protect it there for short term. Then the long-term side comes out and you can do snap lock compliance or snap lock enterprise. Yes, you do. If you have one license, you can pick and choose which one you want to do uh compliance or enterprise on a pervol basis.>> Oh, great. So that really does help with that layering construct that you talked about where it's internal or external threat mentality. I can actually adjust between systems or copies of the data and choose to build the layers that insulates me from both the risk and then also helps me mitigate the risk after the fact having the data available. So that'soutstanding. Appreciate that.>> Yeah. >> Yeah. >> Yeah. >> All right. Again, that's something that we would actually explore uh in the security assessments data protection security assessments. It's something that's directly available to us in the resiliency service. I encourage you to check out via these QR codes. Um, and I want to say thank you and please if there are more questions in the Q&A, we're going to be in we'll ensure we're going to follow up with those as well and we'll get that information out there. Um, if there are more questions that come in after the fact, you can follow this and know where to find us and we will absolutely engage and help you figure out the questions, the answers and the specifics as to how this matters in your environment. Because one of the things about cyber, it is different in every person's shop, right? there's different priorities, different requirements, different governance, etc. So, uh, let us help you on that side of the equation. Um, and with that, I'm going to say thank you very much and please keep an eye out for kind of the future, uh, tech labs here. I think January is going to be the next one. Uh, working on topic and whatnot now, but please keep an eye out for that. We'll make sure invites get out to you as well there. Uh, with that, unless there's any other specifics, Justin, thank you very much everybody. Thank you very much for uh taking the time and investing the time with us to have this conversation andunderstand it. So, from Net Up, much appreciated. Thank you.