NetApp Cloud Insights with Cloud Secure, Delivered by Advent One

Cloud Insights is designed specifically for today’s cloud-based infrastructure and deployment technologies and provides advanced analytics on the connections between resources in the environment. Cloud Insights is simple to use. Because it’s hosted in the cloud, it’s easy to get up and running fast.

NetApp® Cloud Secure, a feature of NetApp Cloud Insights, analyzes data access patterns to identify risks from ransomware attacks. It reports access activity from insiders, outsiders, ransomware attacks, and rogue users. Advanced reporting and auditing make it easy to identify violators and possible threats. Unlike perimeter security tools, which assume that insiders are trusted, Cloud Secure assumes zero trust for everyone. All activities on the supervised shares are monitored in real time. The data is used to automatically identify the working communities of all users. The ability to audit all documents access helps you to ensure compliance with regulatory requirements.

How Cloud Secure works

Cloud Secure does not assume a trusted internal network; it takes a trust no one approach. It inspects and analyzes all data access activity in real time to detect malicious behaviors. Cloud Secure performs four major functions:

Monitor user activity - To accurately identify breaches, every user activity across on-premises and hybrid cloud environments is captured and analyzed. The data is collected using a lightweight, stateless data collector agent installed on a VM in the customer’s environment. This data also includes user data from Active Directory and LDAP servers and user file activity from NetApp ONTAP® and Cloud Volumes ONTAP. Cloud Secure detects anomalies in user behavior by building a behavioral model for each user. From that behavioral model it detects abnormal changes in user activity and analyzes those behavior patterns to determine whether the threat is ransomware or a malicious user. Using this behavioral model reduces false positive noise.

Detect anomalies and identify potential attacks

Today’s ransomware and malware are sophisticated, using random extensions and file names which makes detection by signature-based (blocked list) solutions ineffective. Cloud Secure uses advanced machine learning algorithms to uncover unusual data activity and detect a potential attack. This approach provides dynamic and accurate detection and reduces false detection noise.

Automated response policies

Cloud Secure alerts you and automatically takes a data snapshot when it detects risky behavior, making sure that your data is backed up so that you can recover quickly.

Forensics and user audit reporting

Cloud Secure provides a graphical interface to slice and dice activity data to perform data breach investigations and generate user data access audit reports. It allows multiple views of file data activities by user, time, activity type, and file attributes.