Our latest Ask Us Everything session landed right in the middle of Cybersecurity Awareness Month, and the timing couldn’t have been better. The Pure Storage Community came ready with smart, practical questions about one thing every IT team has top of mind: how to build cyber resilience before an attack happens.
Hosted by Don Poorman, with Pure Storage’s Shawn Bulbrook and Dan Cobian leading the discussion, the hour turned into a rapid-fire exchange of ideas and best practices.
1) SafeMode vs. Immutable Backups
The first question: What’s the real difference between immutable snapshots and SafeMode snapshots?
“Immutability means your data can’t be changed or encrypted,” explained Shawn. “SafeMode goes further—it makes data indelible. Even an administrator can’t delete it until the timer expires.”
Dan added that snapshots on Pure Storage systems are space-efficient and live directly on the array, which means recovery is almost instantaneous—no long restores or data copies. That simple distinction hit home for many attendees used to slower recovery models.
2) Spotting Trouble Early
Next up: How can we tell if ransomware is encrypting data before it’s too late?
Dan showed how Pure1 anomaly detection flags suspicious activity like unusual write spikes or a sudden drop in data reduction ratios. “Those are the fingerprints of encryption,” he said.
Shawn expanded on this with Pure Storage’s integrations with CrowdStrike, Varonis, and Rubrik, which can automatically snapshot and isolate affected data. “It’s not just alerting—it’s active protection,” he emphasized.
3) Protecting the Whole Fleet
For teams managing multiple arrays, Dan introduced Pure Fusion, a fleet-wide control plane built into the Purity operating environment. “If Rubrik triggers a snapshot, it happens across every system in your fleet,” he said. “You’re no longer managing one array at a time.”
4) Testing Your Recovery Plan
When asked how to practice recovery safely, Shawn pointed to Pure Protect, which lets teams create isolated recovery environments for tabletop exercises and ransomware simulations. Combined with partners like Veeam and Commvault, it allows instant live-mount testing—no waiting on restores or impacting production.
“It’s about building confidence before you’re under pressure,” said Shawn.
5) Proving Compliance and Readiness
Another hot topic: compliance and cyber insurance. Dan highlighted how Pure1’s Data Protection and Security Assessments generate ready-made reports showing SafeMode, encryption, and replication status. “It’s an easy way to show auditors you’re walking the talk,” he said.
The upcoming FlashArray and FlashBlade Hardening Guide will take those insights deeper with detailed configuration best practices.
6) When the Unthinkable Happens
One of the most talked-about segments was Evergreen//One’s Cyber Resilience SLA. If production is quarantined, Pure Storage ships a clean replacement array within 48 hours, provides a recovery engineer to help rebuild, and you keep the new array—no fail-back required.
“That’s Pure standing shoulder-to-shoulder with customers,” Don noted.
The Takeaway
From SafeMode to Pure Fusion to Evergreen//One, the message was clear: cyber resilience isn’t a single feature—it’s a layered practice.
As Shawn closed, he summed it up perfectly: “We’re not just a storage vendor—we’re your recovery partner.”
Join the conversation in the Pure Community to share your own strategies for protecting and recovering your data.
Be sure to join our next Ask Us Everything session, and catch up with past sessions here!
