Layered Resilience
Accelerate 2026 is approaching, and I’ve been preparing to speak on a cyber resilience panel. It’s prompted me to reflect on how prepared my organization really is—and I’m curious where others stand. This topic is never far from the headlines and feels like a great discussion point for this community or even a future meet-up. Here’s a snapshot of the layers we currently have in place: Immutable local Snapshots Immutable replication to a secondary site SRM Local WORM copy backups Auxiliary long-term WORM backups Air-gapped replication copy Investigating Cloud snap and Pure Protect This doesn't even include other tools like Varonis, Defender, Cortex...etc. What layers are you implementing today, and what are you working on to better protect your data? Sharing our successes and failures makes us all stronger! -Charlie
(3) Cyber Resilience Trends: In the News...
Recent industry coverage from SiliconANGLE, diginomica, and Coder Legion points to the same conclusion: in an era of AI-accelerated threats, organizations need a trusted recovery point at the storage layer. As Duncan Riley of SiliconANGLE wrote, Everpure is defining storage as the “last line of defense in modern cyber resilience,” with an architecture designed to protect recovery points even if an attacker gains administrative access elsewhere in the environment. That message was reinforced by coverage of a Fortune 100 recovery example in which attackers used stolen credentials and native tools, yet protected snapshots enabled revenue-critical operations to be restored in hours rather than weeks. The coverage also emphasized how AI is changing the threat landscape. diginomica noted that AI is compressing the window between vulnerability discovery and exploitation, forcing enterprises to rethink patching, resilience, and recovery timelines. Coder Legion captured the practical implication well: controls now need to hold up against attackers moving at machine speed, making out-of-band configuration and immutable snapshots increasingly essential. A third theme was the value of data context. Blocks & Files and SecurityBrief highlighted Everpure’s 1touch acquisition as an important addition to the cyber resilience story, helping organizations understand what data they have, where it lives, and what should be restored first. Together, these reports reinforce a broader shift in the market: cyber resilience is no longer just about preventing attacks, but about ensuring clean data, intelligent prioritization, and fast, confident recovery when the perimeter fails.
Know Thy Enemy: Threats to Cyber Resilience
April 2 | Register Now! "If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – Sun Tzu. Threat actors are the enemy to your operational resilience and ability to survive. Knowing their strategy and tactics will help you resist and recover from their malicious actions and keep critical workloads available. In this webinar, you’ll learn: Exploits and techniques your organization will face How AI is accelerating these threats Counter-measures to face the onslaught Register Now!Everpure Protect - Tools for Network Configuration
A key workflow item, especially when building Isolated Recovery Environments (IRE), Clean Rooms, test or production Disaster Recovery, or any other environment personality, is to reconfigure the network. Doing so automatically and per a plan is important to an automated, fast, and predictable workflow. We have built Everpure Protect Tools, which is a lightweight tool, registered with VMtools within a guest, that allows us to automate network configuration changes, per the individual Recovery Plan. Included in the download is a Powershell script for Windows, or a Shell script for Linux/Unix, which registered our tool with VMtools to perform the changes. The scripts can be loaded and ran manually in each guest, or distributed and executed as part of a workflow such as Microsoft MCM/SCCM. Everpure Protect Tools Once deployed, network changes on a per-VM or per-Recovery Plan basis will be automatically performed based upon the unique settings in the Recovery Plan being executed.Ransomware attacks are NOT going away
Here is why ransomware attacks are persistent and unlikely to disappear: 1. High Profitability and Low Risk for Criminals Ransomware is fundamentally a business model for organized crime, and it is overwhelmingly successful and profitable. Low Barrier to Entry: The rise of Ransomware-as-a-Service (RaaS) means even novice criminals can purchase sophisticated malware and infrastructure. This franchise model ensures high attack volume regardless of law enforcement efforts. Guaranteed Revenue Stream: The evolution to multi-extortion (encrypting data and stealing it) ensures that victims are forced to pay—either to regain system access or to prevent catastrophic data leaks and regulatory fines. This dual leverage guarantees profit even if the victim has backups. Anonymity: The use of cryptocurrency for payments, coupled with geopolitical safe zones for many RaaS groups, keeps the risk of prosecution extremely low for the attackers. 2. Attackers Are Outpacing Traditional Defenses The tactics used by ransomware groups are specifically designed to neutralize traditional defense and recovery measures: Targeting the Supply Chain: Attackers are finding success by targeting trusted vendors and IT providers to compromise dozens of companies simultaneously, making defense exponentially harder for individual organizations. Attacking Backups: Modern ransomware campaigns specifically target accessible backups to delete them or malware-infect them, eliminating the victim’s recovery option and forcing them to pay the ransom. AI for Stealth and Speed: The adoption of AI is accelerating reconnaissance and stealth, dramatically compressing the time between network access and payload deployment. Attackers can move faster than human defenders can react. 3. Cyber Resilience is the New Standard The industry has shifted its mindset from trying to achieve absolute prevention (which is impossible) to guaranteeing resilience. This shift acknowledges the persistence of ransomware. The focus is now on ensuring organizations can: Anticipate and detect threats early (low MTTD). Withstand the attack without immediate operational collapse. Recover guaranteed clean data within minutes (low MTTR). Ransomware will not disappear until the criminal model becomes unprofitable, and current data shows that attackers are highly successful and rapidly adapting their strategies.Pure Protect - What Do I Need For Initial Setup With FlashArray?
Gathering the details needed for installation, and reviewing the steps before hand, are an important part of any implementation. With Pure Protect v2.6, there are a few details to review and gather to ensure your deployment goes smoothly. Review the Quick Start Guide on the Pure1 Support Portal Review and verify or modify your firewall rules to support Pure Protect communication & workflows Create a vCenter user in each vCenter you will be connecting as a Site, which should be at least 2. You may use an administrative service account, or a limited role service account as defined in our vCenter Roles/Permissions document on the Pure1 Support Portal Verify that vSphere/vCenter is at v 7.0 or higher Verify that any FlashArrays that will be managed are at 6.6.3 or higher. Releases below 6.6.3 are not supported. Use the Pure1 NDU service for a quick, easy, and painless upgrade! Connect the FlashArrays that will be used in source/target pairs. Best Practice details for configuring FlashArray replication should be reviewed, and reach out to your Systems Engineer or Principal Technologist if you have any questions. Complete the Pure Protect Pre-Install Checklist - reach out to your Cyber Resilience FSA and/or Systems Engineer for a copy with the full details. Details of the Pre-Install checklist needed for initial Site setup are here. Additional may be needed for configuration of Policies, Groups, and Plans. For Each FlashArray: Management IP Address & API Token. If you create an API token with an expiration, you will need to remember to rotate the token in the Pure Protect Site Configuration before it expires. For Each vCenter: Site Name DRaaS VM Management IP Address & DRaaS VM name Subnet Mask & Default Gateway Domain name DNS Server Quota (if also using non-FlashArray replication) We look forward to hearing how you are using Pure Protect!From Passive to Proactive: A New Cyber Resilience Foundation
We are thrilled to announce a significant evolution of the Pure Storage Cyber Resilience solution, designed to transform your defense posture from passive to proactive. The announcements on September 25th deliver on three core pillars that are essential for modern defense: 1. Dynamic Response and Recovery: Recovery time must be measured in minutes, not days. We're introducing Pure Protect™ Recovery Zones to automatically provision Isolated Recovery Environments (IREs), plus a new Cyber Resilience delivered as a Service model with Veeam to guarantee instant, validated recovery. 2. Connected Detection: We’re eliminating security blind spots by embedding detection into the data layer itself. We have several new native detection capabilities and new integrations with CrowdStrike Real-Time Threat Graph and Superna Next-Gen SIEM to accelerate threat detection and remediation. 3. Built-in Security: Security is foundational. Our platform now features mandatory safeguards like TPM and UEFI Secure Boot and Enterprise-Grade Identity and Access Management to ensure the integrity of your platform from the ground up. See our Cyber Resilience announcement blog for more details.
