Speeding Threat Detection

Speeding Threat Detection

Today, we’re announcing new data resilience capabilities for the IBM FlashSystem family of all-flash arrays to help you better detect and recover quickly from ransomware and other cyberattacks. We’re also announcing new members of the FlashSystem family with higher levels of performance to help accommodate these new cyber resilience capabilities alongside production workloads.

Cybercrime continues to be a major concern for business. Almost every day we see reports of new attacks. The average cost is $4.24 million, and recovery can take days or weeks.1 Cyberattacks have both an immediate impact on business but can also have a lasting reputational impact if the business is unavailable for a long time.1

How Cyber Vault Can Help Businesses Recover Rapidly

Even with the best cyberattack defense strategy, it’s possible that an attack could bypass those defenses. That’s why it’s essential for businesses to have both defense and recovery strategies in place. Storage plays a central role in recovering from an attack.

IBM Safeguarded Copy, announced last year, automatically creates point-in-time snapshots according to an administrator-defined schedule. These snapshots are designed to be immutable (snapshots cannot be changed) and protected (snapshots cannot be deleted except by specially defined users). These characteristics help protect the snapshots from malware or ransomware and from disgruntled employees. The snapshots can be used to quickly recover production data following an attack.

Recovery from an attack involves three major phases: detection that an attack has occurred, preparing a response to the attack, and recovery from the attack. Each of these phases can take hours or longer, contributing to the overall business impact of an attack.

An offering implemented by IBM Lab Services, IBM FlashSystem Cyber Vault is designed to help speed all phases of this process. Cyber Vault runs continuously and monitors snapshots as they are created by Safeguarded Copy. Using standard database tools and other software, Cyber Vault checks Safeguarded Copy snapshots for corruption. If Cyber Vault finds such changes, that is an immediate sign an attack may be occurring. IBM FlashSystem Cyber Vault is based on a proven solution already used by more than 100 customers worldwide with IBM DS8000 storage.

When preparing a response, knowing the last snapshots with no evidence of an attack speeds determining which snapshot to use. And since Safeguarded Copy snapshots are on the same FlashSystem storage as operational data, recovery is fast using the same snapshot technology. Cyber Vault automation helps speed the process of recovery further. With these advantages, FlashSystem Cyber Vault is designed to help reduce cyberattack recovery time from days to just hours.

IBM FlashSystem Cyber Vault is part of IBM’s comprehensive approach to data resilience: high availability and remote replication for disaster recovery in IBM FlashSystem. Backup, recovery, and copy management using IBM Spectrum Protect Suite. Ultra-low-cost long term storage with physical air gap protection with IBM tape storage. Early attack detection through IBM QRadar and IBM Guardium. And proactive attack protection using IBM Safeguarded Copy.

High Performance Hybrid Cloud Storage Systems

To ensure cyber security does not have to come at the expense of production workload efficiency, IBM is introducing new storage systems with greater performance than previous systems.

Built for growing enterprises needing the highest capability and resilience, IBM FlashSystem 9500 offers twice the performance, connectivity, and capacity of FlashSystem 9200 and up to 50% more cache (3TB). The system supports twice as many (48) high-performance NVMe drives. Likewise,FlashSystem 9500 supports up to forty-eight 32Gbps Fibre Channel ports with planned support for 64Gbps Fibre Channel ports.2 There’s also an extensive range of Ethernet options, including 100GbE RoCEv2.

speeding-threat-detectionm-1.jpg

Supported drives include new IBM FlashCore Modules (FCM 3) with improved hardware compression capability, Storage Class Memory drives for ultra-low latency workloads, or industry standard NVMe flash drives. FCMs allow 2.3PB effective capacity with DRAID6 per control enclosure and 4.5PB effective capacity with forty-eight 38TB FCMs in a planned future update. These new FCM 3 drives help reduce operational cost with a maximum of 116TB per drive and an impressive 18PB of effective capacity in only 16U of rack space with FlashSystem 9500.3 FCM 3 drives are self-encrypting and are designed to support FIPS 140-3 Level 2 certification, demonstrating that they meet rigorous security standards as defined by US government.

FlashSystem 9500 also provides rock solid data resilience with numerous safeguards including multi-factor authentication designed to validate users and secure boot to help ensure only IBM authorized software runs on the system. Additionally, IBM FlashSystem family offers two- and three-site replication plus plus configuration options that can include an optional 100% data availability guarantee to help ensure business continuity.4

“In our beta testing, FlashSystem 9500 with FlashCore Module compression enabled showed the lowest latency we have seen together with the efficiency benefit of compression. FlashSystem 9500 delivers the most IOPS and throughput of any dual controller system we have tested and even beat some four-controller systems.”

— Technical Storage Leader at a major European Bank.

New IBM FlashSystem 7300 offers about 25% better performance than FlashSystem 7200, supports FCM 3 with improved compression, and supports 100GbE ROCEv2. With 24 NVMe drives, it supports up to 2.2PB effective capacity per control enclosure.

speeding-threat-detectionm-2.png

For customers seeking a storage virtualization system, new IBM SAN Volume Controller engines are based on the same technology as IBM FlashSystem 9500 and so deliver about double the performance and connectivity of the previous SVC engine. SAN Volume Controller is designed for storage virtualization and so does not include storage capacity but is capable of virtualizing over 500 different storage systems from IBM and other vendors.

speeding-threat-detectionm-3.png

Like all members of the IBM FlashSystem family, these new systems are designed to be simple to use in environments with mixed deployments that may require multiple different systems at the core, cloud, or at the edge. They deliver a common set of comprehensive storage data services using a single software platform provided by IBM Spectrum Virtualize. Hybrid cloud capability consistent with on-prem systems is available for IBM Cloud, AWS, and Microsoft Azure with IBM Spectrum Virtualize for Public Cloud. These systems also form the foundation of IBM Storage as a Service.

For more information about these new offerings, watch our webcast or explore IBM FlashSystem.
[1] Source: IBM Institute for Business Value 2021 Cost of a Data Breach report, https://www.ibm.com/security/data-breach [2] Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM. Information regarding potential future products is intended to outline general product direction and should not be relied on in making a purchasing decision. [3] Effective capacity is based on compressibility of data, which will vary among data types. Some data (already compressed or encrypted) will not compress at all. Refer to IBM compression estimator tools. [4] Available only for HyperSwap configurations deployed by IBM Lab Services.