Forum Widgets
Recent Discussions
Ransomware attacks are NOT going away
Here is why ransomware attacks are persistent and unlikely to disappear: 1. High Profitability and Low Risk for Criminals Ransomware is fundamentally a business model for organized crime, and it is overwhelmingly successful and profitable. Low Barrier to Entry: The rise of Ransomware-as-a-Service (RaaS) means even novice criminals can purchase sophisticated malware and infrastructure. This franchise model ensures high attack volume regardless of law enforcement efforts. Guaranteed Revenue Stream: The evolution to multi-extortion (encrypting data and stealing it) ensures that victims are forced to pay—either to regain system access or to prevent catastrophic data leaks and regulatory fines. This dual leverage guarantees profit even if the victim has backups. Anonymity: The use of cryptocurrency for payments, coupled with geopolitical safe zones for many RaaS groups, keeps the risk of prosecution extremely low for the attackers. 2. Attackers Are Outpacing Traditional Defenses The tactics used by ransomware groups are specifically designed to neutralize traditional defense and recovery measures: Targeting the Supply Chain: Attackers are finding success by targeting trusted vendors and IT providers to compromise dozens of companies simultaneously, making defense exponentially harder for individual organizations. Attacking Backups: Modern ransomware campaigns specifically target accessible backups to delete them or malware-infect them, eliminating the victim’s recovery option and forcing them to pay the ransom. AI for Stealth and Speed: The adoption of AI is accelerating reconnaissance and stealth, dramatically compressing the time between network access and payload deployment. Attackers can move faster than human defenders can react. 3. Cyber Resilience is the New Standard The industry has shifted its mindset from trying to achieve absolute prevention (which is impossible) to guaranteeing resilience. This shift acknowledges the persistence of ransomware. The focus is now on ensuring organizations can: Anticipate and detect threats early (low MTTD). Withstand the attack without immediate operational collapse. Recover guaranteed clean data within minutes (low MTTR). Ransomware will not disappear until the criminal model becomes unprofitable, and current data shows that attackers are highly successful and rapidly adapting their strategies.🚨 Cyber Security Alert: 🚨 The Culture Clash That's Weakening Collaborative Defense
A cultural conflict between security and compliance/legal is severely slowing down the sharing of vital threat intelligence among security community, according to an interview with David Schwed, J.D., COO of SVRN. The bottleneck is not exactly tech, but risk aversion and bureaucracy that dilute timely alerts. The path forward involves using AI and privacy-enhancing technologies (like zero-knowledge proofs) to share security insights globally without ever revealing the underlying data. Ultimately, David's conclusion is that a collaborative defense requires a compliance shift: organizations must focus on more of a defensible decision-making process rather than avoiding all risk. Read the full article here: Collaborative Defense: How the Security and Compliance Clash Puts Defense at Risk ❓Question to the Community: What specific compliance or legal hurdles is your team facing when trying to share threat intelligence quickly, and do you see AI/privacy-enhancing tech as a viable solution for your organization? Click through to read the entire article above and let us know your thoughts around it in the comments below!MFA Downgrade Attacks: Good to know.
Short article on MFA downgrade attacks; provides the basics on what it is and how to defend. Good to know for considering your own policies and processes when folks lose devices. https://www.scworld.com/perspective/why-mfa-downgrade-attacks-could-be-the-next-ai-security-crisisPure Protect - What Do I Need For Initial Setup With FlashArray?
Gathering the details needed for installation, and reviewing the steps before hand, are an important part of any implementation. With Pure Protect v2.6, there are a few details to review and gather to ensure your deployment goes smoothly. Review the Quick Start Guide on the Pure1 Support Portal Review and verify or modify your firewall rules to support Pure Protect communication & workflows Create a vCenter user in each vCenter you will be connecting as a Site, which should be at least 2. You may use an administrative service account, or a limited role service account as defined in our vCenter Roles/Permissions document on the Pure1 Support Portal Verify that vSphere/vCenter is at v 7.0 or higher Verify that any FlashArrays that will be managed are at 6.6.3 or higher. Releases below 6.6.3 are not supported. Use the Pure1 NDU service for a quick, easy, and painless upgrade! Connect the FlashArrays that will be used in source/target pairs. Best Practice details for configuring FlashArray replication should be reviewed, and reach out to your Systems Engineer or Principal Technologist if you have any questions. Complete the Pure Protect Pre-Install Checklist - reach out to your Cyber Resilience FSA and/or Systems Engineer for a copy with the full details. Details of the Pre-Install checklist needed for initial Site setup are here. Additional may be needed for configuration of Policies, Groups, and Plans. For Each FlashArray: Management IP Address & API Token. If you create an API token with an expiration, you will need to remember to rotate the token in the Pure Protect Site Configuration before it expires. For Each vCenter: Site Name DRaaS VM Management IP Address & DRaaS VM name Subnet Mask & Default Gateway Domain name DNS Server Quota (if also using non-FlashArray replication) We look forward to hearing how you are using Pure Protect!AI Security Alert: The "Unknowable Unknowns" Threatening Your Data
Autonomous AI is now taking action in enterprise environments, but we’re trying to secure them by applying unpredictable systems with old, static rules. This gap creates massive risk, with merely just one AI error potentially causing catastrophic cascading failures. In this article: Why Designing for 'Unknowable Unknowns' is the Only Viable Strategy for Agentic AI, CEO of RockCyber and a contributor to a new OWASP report on AI security, Rock Lambros, was interviewed on how to navigate this new AI landscape. The OWASP report contributor states the solution is resilience: design for "unknowable unknowns" and move security "inside the loop" with continuous controls. So we ask the question: As AI gains autonomy, what is the biggest security risk you see affecting your data storage in the next two years? Click through to read the entire article above and let us know your thoughts around it in the comments below!💡 New Pure360 Walkthrough: Using FlashArray File Services as a Veeam Backup Repository
Hey everyone — I've got a new Pure360 technical walkthrough that answers a question we hear a LOT! “Can I use an SMB share from FlashArray as a Veeam backup repository?” ✅ Short answer: Yes, you can. And in this demo, we show exactly how to set it up step by step. You’ll see how to: Configure FlashArray File Services to present an SMB share Create the right export and quota policies Add that share as a Veeam Backup & Replication repository Verify your configuration by running a backup job and seeing data written directly to FlashArray It’s a quick but detailed walkthrough for anyone managing Veeam environments who wants to take advantage of FlashArray’s performance and simplicity. 🎥 Check out the full video on Pure360 to see the process in action. Have you set up FlashArray File Services as a Veeam repo in your own environment? Drop your experience or tips below — we’d love to hear how you’re integrating Pure with your backup workflows! -Jason🔶 New Pure360 Demo Video: Why Architecture Matters for Your Data Protection Strategy
In the world of enterprise IT, protecting your organization’s data isn’t getting any easier. Between sprawling virtual environments, hybrid cloud decisions, and the constant evolution of threats, stitching together point solutions simply isn’t enough. That’s why architecture matters — especially when it comes to your storage and backup strategy. In our latest Pure360 demo video, Principal Technologist Allynz (Zane Allyn) dives into how Pure Storage and Veeam create a unified architecture that transforms the way you think about data protection on VMware. You’ll learn how the tight integration between Pure, Veeam, and VMware enables: Smarter snapshot and backup orchestration Instant, application-consistent recovery across multiple scenarios High-performance operations that don’t impact production workloads Seamless extension of data protection into your DR site This isn’t about tools—it’s about an architecture built for resilience, automation, and efficiency across your environment. 🎥 Watch the full video now on the Pure360 demo site: VIDEO Join the discussion below — how is your team rethinking data protection architecture in the face of modern challenges? -JasonWhere to get cyber news: Useful links.
Here are a number of publications I use to 'try' to keep up with everything happening in cyber security: https://thehackernews.com/ https://www.darkreading.com/ https://www.scworld.com/ https://www.securityweek.com/ https://www.cybersecuritydive.com/ https://www.infosecurity-magazine.com/
Community Resources
Community Feedback
If you are having trouble in the community or need assistance, post here!
Account Info & Registration
Check out these articles for user account and registration information.