Welcome to the Episode 358, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”
What’s in a name?
When people say the words “cyber resiliency,” what do you do?
Do you cringe at the buzzy-ness of the term?
Do you pause and think, “do we have yet another term to worry about?” Or, do you realize that cyber resiliency is just a way to describe all the best practices we need to use when ensuring data protection, security and recovery in our enterprise IT environments. In this case, buzzy-ness is just business.
In this episode, AJ Casamento of Brocade (aj.casamento@brocade.com) and Ant Tyrell of NetApp (tyrell@netapp.com) join us to discuss how NetApp and Brocade are teaming up to help you get the best overall results for your cyber resiliency plans.
For more information on Brocade:
Finding the Podcast
You can find this week’s episode here:
I’ve also resurrected the YouTube playlist. You can find this week’s episode here:
You can also find the Tech ONTAP Podcast on:
I also recently got asked how to leverage RSS for the podcast. You can do that here:
http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss
Transcription
The following transcript was generated using Descript’s speech to text service and then further edited. As it is AI generated, YMMV.
Episode 358: NetApp, Brocade and Cyber Resiliency
===
Justin Parisi: This week on the Tech ONTAP Podcast, AJ Casamento and Ant Tyrell join us to talk to us all about cyber resiliency with NetApp and Brocade.
Podcast Intro/Outro: [Podcast-intro]
Justin Parisi: Hello and welcome to the Tech ONTAP podcast. My name is Justin Parisi. I’m here in the basement of my house and with me today I have some special guests to talk to us all about the ever-changing environments with SAN deployments, especially when we talk about things like cyber resiliency. So to do that today, we brought along AJ Casamento from Broadcom/Brocade.
So AJ, what do you do and how do we reach you?
AJ Casamento: Yeah, thanks Justin. I’m a Principal, R&D engineer here at the Brocade Storage Networking division of Broadcom. And I can be reached at AJ.Casamento. That’s c-a-s-a-m-e-n-t-o at broadcom.com.
Justin Parisi: All right, and also with us today we have Ant Tyrell from NetApp.
So Ant, what do you do here at NetApp and how do we reach you?
Ant Tyrell: Hey, Justin. Yeah. I’m a principal consulting solution architect based in EMEA in the UK specifically, but cover in EMEA, Latin America. My focus and background is in the ONTAP world, the ONTAP ecosystem. And I can be reached tyrell@netapp.com, so t-y-r-e-ll at netapp.com.
Justin Parisi: So you cover EMEA and Latin America? So like you basically can go on holiday, like you go to Latin America, you’re like, Hey, I might as well just stay here for a little while.
Ant Tyrell: Yeah, I’ve gotta get that past my manager though. So that’s the challenge. Yeah.
Justin Parisi: Oh no, you just take it afterwards, but hey.
Anyway, . Alright. So enough of that, let’s talk about Brocade first. So, A J if people are not familiar with the Brocade, go ahead and give us that overview.
AJ Casamento: Yeah, so Brocade is the supplier of fiber channel storage area networks with NetApp, it’s been a 20, I think at this point, 22 year plus partnership that we’ve been in.
So we go back more than a few versions of software with you lads. But we provide the storage area networking infrastructure here in the storage networking group, right? And so that’s generally thought of as the fiber channel SAN infrastructure to the NetApp platforms.
And if you look at it overall, you’ll find us pretty much 97 ish percent of the global 2000 make use of fiber channel SAN. And I wanna point that out because there’s all sorts of conversations around where things sit and why people use certain architectures.
And I wanna make clear that there is not, to my knowledge anyway, ever been a single technology that solved every problem. But where people tend to use our technology and particularly in partnership with yourselves has to do with that very topic of cyber resilience and the uptime of the platforms and the security of the platforms and the resilience of those environments.
So for the very mission critical stuff that tends to be the places that we play in.
Justin Parisi: You mentioned cyber resiliency and that’s what we’re here to talk about. So let’s dive into that a little more. You mentioned it involves uptime and that sort of thing. What other pieces of that tie into cyber resiliency?
It sounds like a very, you know, buzzy term, right? For lack of a better word, but…
AJ Casamento: Yeah. You know, that’s fair Justin. And it is, and one of the fun things in our industry is that when somebody comes up with a good idea, nobody else is shy about snagging onto it as rapidly as they possibly can.
And everybody’s had the term cyber security for an age, right? That’s been a focus. But the phrase cyber resilience speaks to the combination of both the reliability as well as the security of the platforms.
So there’s the uptime component of it. And I think an would agree with this, most application owners in the world most IT infrastructure teams in the world actually deal with multiple buckets of applications. You can sort of sort them into applications that can tip over and people won’t always notice right away.
And then there’s buckets of applications where if they tip over, there’s going to be a lot of screaming and yelling. And then there’s buckets of applications where if they tip over, the company goes away. And that last bucket gets a different level of criteria. Right? And that’s a pretty standard scenario for people to live with.
So, when you’re looking at that and trying to work through that, the other pieces that go in with that cyber resilience in the world we all live in has to do with the hardening of the environments and the security of the environments, because the bad actors are getting cleverer and cleverer, and they’re being more patient about it too. I’ll bring up the SolarWinds hack. They were in SolarWinds and being distributed without causing any grief for the better part of a year before people found out that the hack was in there. And at that point, they’ve already populated into how many environments? And so similarly with the ransomware people where they used to jump in right away and it’s like, oh, you know they bump into you on the street, Justin, and then offer you your wallet back, minus the cash and credit cards.
They used to be really immediate in the attack. And now a recent study that I saw suggests that they are inside the IT environment for something over 160 days on average before they make themselves known. And one of the things that they’re doing with that is making sure that the amount of data that you have to throw away to not pay them is just more than you can stand.
Ant Tyrell: They really wanna make the pain costly, don’t they? Ratchet up that concern to that extent that you’ve got no other choice, basically.
AJ Casamento: Yeah. Yeah. And, on top of that they’ve no compunction about who they go after, right?
At the start of the pandemic. They were going after the healthcare providers, because they knew the immediacy of the problem and that people would just cough up the money. We had the Continental hack and the ransomware got paid so we could turn the natural gas pipelines back on. I think one of the things that customers need to be thinking about as well in partnership with NetApp and Brocade, is that there is legislation now being proposed, and I actually honestly think it’s a good idea, that will force companies to disclose when they’ve been hacked and when they’ve paid ransomware because that isn’t something they have to do currently.
Ant Tyrell: It is in some parts of the world, there AJ. I was having this conversation with a colleague a couple of days ago and there are some countries that have that regulation already and Yeah, I agree, I think that’s a good step forward. It makes a lot more transparency to the whole conversation.
AJ Casamento: And it’s your data, right? That got exposed, and you can make the argument that as a customer for that company, you’ve the right to know that your data’s been exposed.
Ant Tyrell: I’ve had two in the last year actually, where I’ve been emailed by companies to say that your data’s been compromised in some way or other, so it’s happened a lot.
Justin Parisi: Well, there’s also the concept that governments are starting to understand that data security is actually national security. Right. It’s becoming a part of your defense. Yeah. And you have to really dedicate that money to that because you know, as we saw with Ukraine, there were attacks that happened before the war.
Right? And , maybe that’s a precursor to something bigger happening, right? So you need to really make sure that you have a handle on these breaches and that people are aware of it so that you can prepare accordingly.
AJ Casamento: Yeah. And to your point there, Justin, the bits they go after are infrastructure, right?
And if you look at where we have a lot of cross-sectional footprint between our companies, financial is a huge one. While it can be pretty disruptive, if all of a sudden you can’t pay for your groceries, right? You want to create mayhem prior to some other bad action that’s a quick way to do it.
Ant Tyrell: That’s a misconception as well, isn’t it? Some people think when you hear cyber attack, you think, oh, these bad guys are going after the nuclear plants or the electricity grid. You take out a bank, that’s just as serious, isn’t it? That’s gonna cause just as much disruption as key physical infrastructure.
AJ Casamento: And in some instances it’s not even hackers. In some cases, and I’m gonna pick on the accountants here guys, so, be ready to shelter me if I need to run, right?
But, you get these guys like with the Southwest Airlines meltdown that happened here in the States. And part of the conversation is that the original founder was more of a logistics guy, and the airline ran like a top. And then you get somebody in who’s like, oh, well, you know that infrastructure’s already depreciated, so we should just hang onto it because now we’re printing money by not refreshing it. And the challenge with that is as that infrastructure ages it’s not trivial. I mean, you both know that when you get behind a certain number of versions, right? It’s not as simple as saying, well, you know, we’ll just put on the latest version of… no, there’s multiple steps you’ve gotta go through. You need this version of firmware on this platform with this device driver in order to go to this version of the OS before you can do this update to this application. So the interdependencies are huge. And when they have those kinds of meltdowns, it’s not always trivial to recover from those, because in some instances that infrastructure has just gotten too long in the tooth because somebody thought that it would be more cost effective to just run it until it tipped over.
Ant Tyrell: I’ve spoken to a couple of customers in the last few weeks who’ve got exactly that problem, AJ. It’s only when they have a bump in the road that they realize, oh wow, okay, we’re a little bit behind here, we need to catch up.
And it’s then a big hurry to get up to the latest version where whatever actual vulnerability it is that they need to correct in their environment is available. So it’s not plain sailing sometimes.
AJ Casamento: Yeah. And it’s the length of time that it takes.
I guess I would argue that yeah, some of that stuff’s pretty solid. I mean, I’ve had scenarios where I’ve had a customer proudly show me an uptime value on one of our switches that was in excess of 14 years. And for the folks listening to this the way you should translate that is they hadn’t rebooted the platform in 14 years. It just sat there ticking over. Right. And so, yeah. Okay. That’s bragging rights a little bit to say that the gear is just rock solid. But then I’m looking at that in absolute horror because I know how brittle that becomes, because if you haven’t updated the code on our platform, what’s the chances that the platforms attached to it have been updated?
Right? And one piece of that tips over, it’s a house of cards. Functionally it’ll all come tumbling down. . So anyway, that sort of scenario leads me to a discussion that we continually harden our platforms. And I will talk about security here just a little bit.
So I can’t think of a switch vendor in ethernet or fiber channel or even InfiniBand that has a completely full on custom OS any longer. Everybody has pretty much moved to variants of common operating systems. Generally, embedded Linux in the industry is one of the big ones.
And so one of the things that you wanna sort of keep in mind there, Is that as vulnerabilities get addressed and they do, and hundreds of them a year and that’s not an exaggeration. More than 400 security vulnerabilities a year get published. NetApp gets ’em, Brocade/Broadcom gets them. Cisco gets them. All the major server vendors, the HPs and the Dells and Lenovos and everybody and Fujitsus they all get the same list of security vulnerabilities. And we all have to go look at the modules and softwares that we use and determine which ones apply to us.
And we address over a hundred of those a year that do apply to us in our software updates. And so, a thing that I would say to the folks listening is when your NetApp colleagues come to you and say, Hey, you need to be moving to this version of Brocade software. They’re looking out for you.
That’s not just make work, that’s not mom nagging at you to clean your room. That’s hey there are things that you want to fix that will, that will make this more secure. Open SSL, as an example, there are versions of Linux that you can’t do that patch to because the OS doesn’t have the hooks to support it. They only cook those in maybe two versions back. So when you’re in older versions of software, you’re not going to get those security pieces. And that’s a risk I think people need to be aware of, and a risk they should not take.
Justin Parisi: I guess that’s the danger of treating your IT organization like your Toyota Corolla, right? . . It’s got 200,000 miles. It works just fine!
AJ Casamento: Right? Yes, exactly. Exactly. Ant, you had a point you were making.
Ant Tyrell: Yeah, I was just gonna make that comment that particularly in the world we live in right now, so much more complexity to these environments. 10/20 years ago, you had a couple of servers, a fiber channel switch, and a SAN platform storage array. Where today, the attack vectors have just multiplied almost exponentially, haven’t they? You’ve got lots of embedded operating systems, but then you’ve got the management layer on top of that as well.
That’s probably where we see most of the vulnerabilities is in some of the layers that the management, the third party tool used… and that’s before you even start talking about cloud integration. If you’ve got one of these environments that’s connected to multiple clouds and they’re all using different OSes. It’s a complex world out there.
AJ Casamento: It is. And, to the point you just made it is not always the immediate stuff that’s on your platform. Right. So, the ONTAP folks are pretty careful about the things they allow in the environment as are we on our fabric OS right?
There’s a set of controls that we do around that. But as you broaden that into the multi-cloud experience and so on and so on, and the number of management tools. And one of the fun things about tools that I’ve learned over the years, is that I’ve never met a tool that can’t be misused. The same things that let that tool be terribly functional for what you want to do or need to do, right? Are tools that in the hands of an inside hacker or someone who’s gained control of a platform can turn around and hurt you badly, right? Or they may seem like something that has nothing to do with you, right? And we’ve talked about this once before, but the folks that got into Target a few years back and scrape the payment card data on something over a hundred million cards They got in by finding the company that was doing the management of the high volume air conditioning systems for the stores.
Right. That’s the code they hacked and then they found one of the stores where the facilities network and the data network was cross connected. And that’s how they got in. You can be minding your own business and looking after things just wonderfully on your side and the neighbor next door sets fire to his garage and the fire comes across. It doesn’t have to be your fault. And the point I wanna make there is that getting access into those networks at some point will happen. Making sure that the elements within your network, within your infrastructure are properly locked down and up to the latest versions and as solid as you can make them. Folks, that’s just good housekeeping. And that’s not something that you should just brush off, because when it bites you, it tends to be really, really ugly. And so we harden the kernel, we do the updates. We’ve gone to Silicon Root of Trust in our platforms in gen seven. We verify software images before they’re loaded to the switch. They’re digitally signed, so that people can’t put malware into the platform. The Solarwinds sort of thing, where it’s a package that’s compromised and being distributed… that can’t happen in that same scenario. It doesn’t mean there aren’t other scenarios, but it can’t happen in that one. And then, with our SAN Nav management platform, we’ve drastically simplified the ability to do certificate updates to the platform.
And one of the things that I wanna say about that, and I think it it plays as well to the NetApp tools on dealing with ransomware is you have to make security simple for people. Security needs to be easy to do. And if you don’t believe that, the next big family gathering that you’ve got, find the people that are my age, right?
So find the people in their mid sixties in your family, and remind them politely, of course that for every single account they have that touches the internet, whether it’s a streaming service like Netflix or Disney Plus or Hulu, or it’s their banking information or the payment of their electric bill online or whatever, that they need to have a unique and hard to guess password for an account name for every single account and watch their reaction.
Justin Parisi: Then you start to talk about password managers and you’re like, oh, you should use a password manager and that’ll help you.
And then you start to remember that last pass got breached . So right, it’s everywhere, right? It is literally everywhere.
Ant Tyrell: It’s never ending.
Justin Parisi: It’s gotten to the point now where I’ve seen some, some cybersecurity experts start to recommend you actually do write your password down on a piece of paper cuz you’re less likely to lose them or get them accessed that way than you are to have them accessed online.
Ant Tyrell: It’s either that or move to the country, isn’t it? Move to the country and live in a wood cabin on your own…
Justin Parisi: where there is no internet. Safest way move out where is no internet and you’re safe . Yeah. But even then you’re not, because everyone else is connected. And again, we go back to the banks and the financials.
So yeah there’s a lot to think about and it is a very vast environment that you have to worry about and it especially comes into play when you start to think about how data centers are changing.
So, AJ gimme an idea about, what’s happening with the modernization of data centers and how that’s impacting things like cyber resiliency, because we’re thinking about things now, like Kubernetes and containers and automation.
So where does that all fit in with the cyber resiliency talk?
AJ Casamento: One of the things that you wanna keep in mind is that there’s a lot you can do with modifications and changing things if the foundation is solid. There’s marvelous things you can do with things like Kubernetes or whatever your favorite containerized environment is. And being able to spin stuff up, right? And one of the joys about containers is you’ve got the complete package. So the idea that everything I need to run is right here in this package. And I don’t have all the person interaction thing that goes on in some other instances, right? And so time to deployment and response times to issues, that’s sort of the drive of that, right? How adaptive can we be? How rapidly can we respond to the way the market’s moving or the way an application needs to change? And that’s grand, right? But at some stage, it’s still sitting on infrastructure.
It’s still reliant on the data being someplace, and the data being safe and secure. And the challenge with that is, you need the abstraction layers to allow all of that automation to work right, and have the right hooks into the infrastructure to make the things happen underneath it. But the data has to be someplace that’s solid, that’s up all the time, that’s secure. And that’s the scenario that we continue to drive to.
And we provide the infrastructure to get down into some of the granularity. One of the things that we’ve done with NetApp that we talked about on a previous podcast, was this idea of virtual machine ID.
Now we haven’t put that across into containers at this stage. But it’s a technology that will work with containers as well, the idea of container ID in parallel to the virtual machine ID. As you start taking applications and putting them into into containers, you still need visibility. You still need to be able to see what’s going on with the application and the customer’s experience, right? The fact that it’s running in user memory space as opposed to to system kernel space isn’t gonna make the application owner any more forgiving of a performance glitch or a hack or any other thing that’s that that’s going on.
So it’s an interesting, sometimes difficult blend, to be honest, to give them all of the access and opportunity for automation software and then provide the right hooks back in so that the security levels are maintained. Because if you stop and think about it for a second, the same tools that let you do really cool things about cloning containers…
if you’re the management person or you’ve got management access, what keeps you from creating clone containers of that data and putting it off to the side someplace where nobody’s gonna notice that it’s there until you’re ready to take the data away and do something with it? You know, like sell it to somebody or something of that nature. So being able to provide that level of automation, but also provide the security backend to it, I think, is more challenging to people and it provides additional threat vectors. I think that’s one of the things that we all see is, at some point we need very secure copies of the data sets as well because the bad actors are out there. It’s not just scare tactics or scare conversations. It’s a real fact.
Ant Tyrell: There is actually something that we did do fairly recently, AJ in that regard, to be fair. So we launched our BlueXP interface in November last year.
And there’s a capability within there known as Cloud Insights or the Cloud Data Sense element, and that can actually detect and alert on unusual user behavior in the environment. So if you try and mount the HR folder, say, or try and do something that’s not normally part of your day-to-day workflow, we’ve got tools now that can actually alert it on some of that stuff. So it is a crucial part of detecting some of these things. It’s not always possible as we were talking about before, that the world’s so complex now and constantly changing.
But detecting that it’s even happening like the SolarWinds reference you made, not knowing that that was going on for over years. It’s pretty terrifying. So yeah, some of those Cloud Insights tools now can do some user behavior detection. So we are making steps towards that.
AJ Casamento: I think that’s exactly the kind of thing in exactly the kind of direction that needs to be taken, because when you look at it, sort of rule four of IT for me is if you can’t measure, you can’t manage. Without visibility, how do you know? You’re driving with a blindfold. Right. Do you speed up? Do you slow down? Do you turn right? Do you turn left? How do you know what to do if you don’t have that visibility? And I think that Cloud Insights is a very good start in that direction.
We need to know what’s going on in the infrastructure. We need to be able to see it. We need to know when things start behaving differently than they were. And you may look at it and go, right. I know what that is.
Ant Tyrell: There’s plenty of false positives, but at least you’re getting the alerts that you can make that decision, can’t you?
AJ Casamento: Yeah. But you know, one of the cool things you do in your software that I think is because of the way you guys learn you begin to not panic them. Right. And a lot of people can remember back to the very first network management softwares, and it’s one of the things we tell people too, because there’s a level of visibility that we put into the ability to learn flows in our SAN infrastructure. You turn on gen seven platforms with NetApp storage attached, and whoever servers out there. And as soon as traffic starts flowing across in our gen seven platforms, we start learning initiator target, initiator target LUN or initiator target namespace ID flows, right? And you can start seeing behaviors, and you don’t want people to start scaring themselves with alerts. You gotta remind people you’re now seeing what’s there, but what’s there was there already. Those are your traffic patterns. So you need to start being aware of what’s going on in the environment, all of those things were potentially there before. Learn what normal looks like. And that’s, I think, one of the things you guys do a nice job of. Learn what normal looks like and then figure out what you should be reacting to.
Ant Tyrell: Some of us just don’t like looking at the needle, AJ, when it’s going in. Look away and close your eyes.
AJ Casamento: Yeah. You’re gonna feel a little pinch. Yeah.
Yeah. Yeah. Fair enough. Right. But it’s just something that needs done right. And people need to be thinking about staying up with the latest software, keeping their house cleaned up, the latest patches in place. And then being aware that ransomware as a service is a thing.
Justin Parisi: Yeah. You can actually outsource that now. You don’t even have to be good at it.
AJ Casamento: No. No. And again, on the tool thing, you know, kali.org, the intent is that you can go create test packages to test your network with, and it’ll go look for vulnerabilities and it’ll show you what can be exploited.
And the thing that keeps anybody else from using that to go after your network from the outside would be? Oh yeah. No, it’s the same code, right?
Ant Tyrell: Especially combined with a bit of ChatGPT manipulation, all of a sudden it’s super steroid code, isn’t it?
AJ Casamento: Did nobody ever watch the movies?
Like, what are you people doing?
Justin Parisi: Let’s talk a little bit about Brocade and some of the best practices that are recommended for cyber resiliency in your environment. So AJ, Gimme the rundown of things that you end up recommending to customers to try to secure things a little better from all sorts of threats, because there’s ransomware, there’s breaches, there’s insider threats.
AJ Casamento: Yeah. So for starters work with trusted partners. The NetApp folks and the NetApp systems engineers, they’ve been partners with us in storage area networks for 20 plus years now.
So, they’ve got a good understanding of the environments and what needs to be looked at, but you need to be willing to run the audits. Within SAN Nav, you can run audits. If you’re a supplemental support customer through NetApp with Brocade support, you can run something called Brocade Support link which will do an audit of your storage area network and tell you what ports are open that shouldn’t be open and things of that nature. So we have an actual best practice assessment that can run in your environment that I recommend that people do and look at what do you have open that shouldn’t be. Only use secure protocols. I know that people have coded a bunch of stuff into SNMP, but you gotta at least run SNMPv3. Just because it’s been there forever and nobody’s touched it, doesn’t mean that versions where the community strings are visible and so on are something you want to continue to let run in your management subnet.
Do isolate your management subnet. I know there’s a lean now where oh no, well, we can just run everything in one network. And that’s not really a scenario that I would feel comfortable with because the concept that one or more actors are gonna gain access to a platform through a user or some level of interface that’s got a hook out to the internet is a very different thing than somebody’s got access to your management subnet because it’s an isolated management subnet. So isolation is helpful there as well.
Do be looking at updating to the latest versions of code that you can, or the most trusted versions that you can get to so that you stay up to date. Go with the latest versions of ONTAP in the environment that will work for you because you guys continue to apply security fixes and patches in the environment and get prepped for things in that nature.
And then from the uptime side of things, there’s reasons why dual redundant hardware, isolated SAN fabrics have been around for as long as they’ve been around. There’s reasons why we exist in 97 plus percent of the global 2000. And again, not for everything, right, but for the core components that can’t go away.
There’s reasons why banks rely on us and in partnership with you folks around things like clustering technologies, whether it’s MetroCluster or whatever, and the snapshotting environments that we can do together to keep data secure at distance from whether it’s a physical outage, whether it’s a weather based outage that we’ve had. We’ve had a hell of a season already this year. Or the hackers, right? And keep your eyes open, and watch as these incident reports come up. Be aware, because we’re gonna send out security advisories.
I know that NetApp sends out security advisories if there’s vulnerabilities. We’re required by law to tell you, so when those hit, yeah, it’s a pain in the butt to go look, but you gotta look. So those are things that I would recommend.
Justin Parisi: Ant, from the NetApp side, what are some recommendations that you deliver and what sort of NetApp solutions do we have that help provide better overall cyber resiliency?
Ant Tyrell: I think probably the first place I would look as a NetApp customer is what we call hardening guides for each of our product sets. So for Santricity, for Active IQ, for ONTAP. They’re just simple PDF documents really, but they run through the key ways that you can lock down some of these systems as best that we can.
That goes maybe beyond even just what we do out the box. AJ made the point earlier about trying to make security easy. That’s something that we’ve had quite a big focus on over the last couple of years at NetApp. So, certainly from our ONTAP systems group, any new system that ships from the factory, now we, we’ve got most of these things turned on by defaults, whether it’s data at rest encryption, just trying to lock down the box as much as we can.
Encryption over the wire for replication traffic. All those things are there by default, really. But then we’ve lay it on top of some new features fairly recently. We had a new ONTAP release just before Christmas. We introduced something there called tamper proof snapshots.
So, if you do have some of these really important SAN workloads with databases running on top of LUNs, for example, we’ve now got a way of essentially taking an immutable backup of that production environment. That’s another layer to these things.
As AJ referred to earlier, there’s never gonna be one tool or one piece of software that does everything. Particularly with security, it’s a multi-layered, multi-faceted approach.
You look at some of the regulatory verifications, we’ve pretty much got all of them that you would normally need in an enterprise platform. We’re one of the few vendors on the, the Department of Defense Secure List product for the US audience listening.
We’ve got a variety of other certifications and validations in some of the other regulatory areas. I think’s, fair to say, more than most of our competitor platforms, I think. So yeah, we’ve had a lot of features recently. One other one is multi admin verify, so being able to lockdown and protect against an individual login.
We’ve got things like multifactor authentication and encryption of things like log and EMS events such. So all that kind of stuff is table stakes right now. But things like multi admin verify, we’re starting to add things that we know other vendors don’t have at the moment.
If an administrator does somehow have their credentials hacked or phished, that multi admin verify feature essentially disallows a single admin from doing something that’s destructive. So they could still do the basics, like creating a volume and creating a share or creating a LUN.
But when they try and take a volume offline, or delete a snapshot, or delete a volume, that triggers a process that has to get a secondary approval from another admin. It sounds quite straightforward and a basic feature, but I think we’re one of the only platforms out there that could do that right now.
So yeah combining things like that with some of the hardening guides. We’ve got a fairly solid set of features there to help our customers as best we can.
Justin Parisi: And earlier you mentioned Cloud Data Sense and Cloud Insights…
those are some off box solutions as well. Yeah. And then you also have the autonomous ransomware protection, detecting anomalies within your data sets to see if there’s potentially a ransomware attack ongoing.
Ant Tyrell: Exactly. We’ve had a functionality in ONTAP called fPolicy for a long time.
It’s just the way of blocking certain file types in its crudest implementation. So, if you didn’t want an MP3 file to be written to an ONTAP system, for example, you could just disallow that file type forever. We turn that on, but we turned a feature on in 9.12 where with a single button click, you can disallow all of the well-known ransomware and malware file types from being stored on that platform. So as I said before, it’s a nice quick and easy thing. It’s not the most intelligent. It’s not gonna go and wash your car and iron your clothes, but it will stop the most common file attachment from being written just with a single click. At a bare minimum, that’s something that every one of our customers can do the minute they turn these systems on and then yeah, as you say, mate, you’ve gone beyond that, we’ve then got the more intelligent stuff like autonomous ransomware protection on box, which can go and actively look for these things.
And the ransomware protection and reference there is a service that we have in BlueXP. So that goes beyond just ONTAP. That can look into windows file shares, it can look into databases as well. So that’s almost like a fair party capability really, as opposed to just being ONTAP focused.
So that’s a nice service to have there as well. Just because it’s got that ability that lives outside of ONTAP, where they can do that kind of detection of no unusual behavior when it comes to users and what they’re doing, whether they’re trying to, you know take a share and access a share that they wouldn’t ordinarily be allowed to.
That kind of behavior is, it’s just a first step of detection really.
AJ Casamento: If you’re gonna do something out of the ordinary, a second approval, or a second admin has to step in. One of our big cross-sectional areas is the financial community where NetApp and Brocade work together. And the number of banks that I know that just spend huge amounts of time on the idea of the man in the middle of attack, that it’s one of their own people that could be the problem child now. It could be just somebody who’s looking to, been told to, recover space or clean up and mistakenly reaches for the wrong volume, or to delete older snapshots, not realizing what they’re doing. But more critically when there’s a bad actor somewhere in that mix, it’s a huge focus point for every financial institution I have ever touched. It’s I think just a really brilliant step on your part that you’ve put something in place.
Justin Parisi: And you mentioned earlier that all these seem very simple, but in reality, that’s where most of the stuff happens, right? In the simple areas. It’s the admin credentials that are exposed, so that’s really where you need to start when you’re starting to lock down your environment is what is the easiest entry point, because if you’re a bad actor, you’re definitely going after the easy low-hanging fruit stuff, because that’s gonna be the fastest way to get your money.
AJ Casamento: This is gonna sound unfair and I apologize up front for it, but, Fiber channel in particular, we are not the most hacked protocol on the planet, right? Ethernet is. But that doesn’t mean that you don’t want to use ethernet.
Obviously, you need to, right? We all depend on it. So, the trick to that is you’ve gotta be aware of what you’re putting where, and what kind of mechanisms you’re using to access it. When you look at something like an HCI or a vSAN sort of environment, it’s not that you won’t use it, but be aware that if that application server gets hacked, or when, if you prefer the starker view of things.
It’s not just the application that’s running in that server. If that server, if that hardware platform is a mirror for another platform, which is how those environments work, because you’ve distributed the disk drives back out to individual server platforms. I’ve got not just access to my data, but I’ve got access to whatever data is being mirrored to me from other application platforms on the floor. And then, because of the way people tend to do those implementations, they’ll isolate the storage traffic potentially to a VLAN, but then if I’ve hacked that server, I now have visibility to that VLAN. I can see the other traffic, I can see the other node. So I can launch my attacks into the other platforms once I’m in. It’s a very different scenario to our partnership in this storage area network in that FCP, which is serial SCSI3 over fiber channel or FC-NVMe too, which is NVMe over fiber channel or FICON, which is the mainframe protocol. Right? Those are the ways we move data. Those are not mechanisms that allow you to change the zoning or give you management access to either our switches or the ONTAP platforms that are attached to it. And so I think the separation of that management plane and the data plane is a key piece of security that makes us very useful to the more critical environments.
Justin Parisi: Alright, sounds like weve got a lot to think about with cyber resiliency. There’s a lot to it. There’s cyber security, there’s disaster recovery, there’s failovers and that sort of thing. We have a lot of solutions out there for that. We’ve talked about a few of those on this podcast with Brocade as well as NetApp.
So AJ, if we wanted to reach you to ask more questions, how do we do that?
AJ Casamento: Yeah. Again, Justin, that’s AJ.Casamento. That’s c-a-s-a-m-e-n-t-o at broadcom.com.
Justin Parisi: All right, and Ant.
Ant Tyrell: Yeah, thanks Justin. My email is tyrell@netapp.com, so t-y-r-e-l-l at netapp.com.
Justin Parisi: All right, and AJ, if we wanted to find more information about Brocade, where would we do that?
AJ Casamento: Yeah, so you would go to broadcom.com /brocade.
Justin Parisi: All right. Excellent. And, Ant, you have anything we can look at with the NetApp side?
Ant Tyrell: I’d probably just encourage customers or listeners to go and check out BlueXP, so blue xp.netapp.com. That’s the window into NetApp these days, isn’t it?
Justin Parisi: The single pane of glass in a NetApp. Single, single pane of glass. Yeah, . All right. Excellent. Thanks so much for joining us, AJ and Ant, and talking to us all about cyber resiliency, as well as Brocade and NetApp solutions.
All right. That music tells me it’s time to go. If you’d like to get in touch with us, send us an email to podcast@netapp.com or send us a tweet @NetApp.
As always, if you’d like to subscribe, find us on iTunes, Spotify, GooglePlay, iHeartRadio, SoundCloud, Stitcher, or via techontappodcast.com.
If you liked the show today, leave us a review. On behalf of the entire Tech ONTAP podcast team, I’d like to thank Ant Tyrell and AJ Casamento for joining us today. As always, thanks for listening.
Podcast Intro/Outro: [Outro]
Why Is The Internet Broken? 