Ransomware attacks are NOT going away
Here is why ransomware attacks are persistent and unlikely to disappear: 1. High Profitability and Low Risk for Criminals Ransomware is fundamentally a business model for organized crime, and it is overwhelmingly successful and profitable. Low Barrier to Entry: The rise of Ransomware-as-a-Service (RaaS) means even novice criminals can purchase sophisticated malware and infrastructure. This franchise model ensures high attack volume regardless of law enforcement efforts. Guaranteed Revenue Stream: The evolution to multi-extortion (encrypting data and stealing it) ensures that victims are forced to pay—either to regain system access or to prevent catastrophic data leaks and regulatory fines. This dual leverage guarantees profit even if the victim has backups. Anonymity: The use of cryptocurrency for payments, coupled with geopolitical safe zones for many RaaS groups, keeps the risk of prosecution extremely low for the attackers. 2. Attackers Are Outpacing Traditional Defenses The tactics used by ransomware groups are specifically designed to neutralize traditional defense and recovery measures: Targeting the Supply Chain: Attackers are finding success by targeting trusted vendors and IT providers to compromise dozens of companies simultaneously, making defense exponentially harder for individual organizations. Attacking Backups: Modern ransomware campaigns specifically target accessible backups to delete them or malware-infect them, eliminating the victim’s recovery option and forcing them to pay the ransom. AI for Stealth and Speed: The adoption of AI is accelerating reconnaissance and stealth, dramatically compressing the time between network access and payload deployment. Attackers can move faster than human defenders can react. 3. Cyber Resilience is the New Standard The industry has shifted its mindset from trying to achieve absolute prevention (which is impossible) to guaranteeing resilience. This shift acknowledges the persistence of ransomware. The focus is now on ensuring organizations can: Anticipate and detect threats early (low MTTD). Withstand the attack without immediate operational collapse. Recover guaranteed clean data within minutes (low MTTR). Ransomware will not disappear until the criminal model becomes unprofitable, and current data shows that attackers are highly successful and rapidly adapting their strategies.Pure Protect - What Do I Need For Initial Setup With FlashArray?
Gathering the details needed for installation, and reviewing the steps before hand, are an important part of any implementation. With Pure Protect v2.6, there are a few details to review and gather to ensure your deployment goes smoothly. Review the Quick Start Guide on the Pure1 Support Portal Review and verify or modify your firewall rules to support Pure Protect communication & workflows Create a vCenter user in each vCenter you will be connecting as a Site, which should be at least 2. You may use an administrative service account, or a limited role service account as defined in our vCenter Roles/Permissions document on the Pure1 Support Portal Verify that vSphere/vCenter is at v 7.0 or higher Verify that any FlashArrays that will be managed are at 6.6.3 or higher. Releases below 6.6.3 are not supported. Use the Pure1 NDU service for a quick, easy, and painless upgrade! Connect the FlashArrays that will be used in source/target pairs. Best Practice details for configuring FlashArray replication should be reviewed, and reach out to your Systems Engineer or Principal Technologist if you have any questions. Complete the Pure Protect Pre-Install Checklist - reach out to your Cyber Resilience FSA and/or Systems Engineer for a copy with the full details. Details of the Pre-Install checklist needed for initial Site setup are here. Additional may be needed for configuration of Policies, Groups, and Plans. For Each FlashArray: Management IP Address & API Token. If you create an API token with an expiration, you will need to remember to rotate the token in the Pure Protect Site Configuration before it expires. For Each vCenter: Site Name DRaaS VM Management IP Address & DRaaS VM name Subnet Mask & Default Gateway Domain name DNS Server Quota (if also using non-FlashArray replication) We look forward to hearing how you are using Pure Protect!From Passive to Proactive: A New Cyber Resilience Foundation
We are thrilled to announce a significant evolution of the Pure Storage Cyber Resilience solution, designed to transform your defense posture from passive to proactive. The announcements on September 25th deliver on three core pillars that are essential for modern defense: 1. Dynamic Response and Recovery: Recovery time must be measured in minutes, not days. We're introducing Pure Protect™ Recovery Zones to automatically provision Isolated Recovery Environments (IREs), plus a new Cyber Resilience delivered as a Service model with Veeam to guarantee instant, validated recovery. 2. Connected Detection: We’re eliminating security blind spots by embedding detection into the data layer itself. We have several new native detection capabilities and new integrations with CrowdStrike Real-Time Threat Graph and Superna Next-Gen SIEM to accelerate threat detection and remediation. 3. Built-in Security: Security is foundational. Our platform now features mandatory safeguards like TPM and UEFI Secure Boot and Enterprise-Grade Identity and Access Management to ensure the integrity of your platform from the ground up. See our Cyber Resilience announcement blog for more details.Ransomware’s Worst Nightmare: New Cyber Resilience Arsenal (new blog post)
With the barrage of new announcements coming out of NYC Accelerate, I wrote a new blog post that is relevant to all customers, but specific to State / Local Government and Education customers summarizing what is new and the value it brings in terms of Active Cyber Resilience. Your feedback is welcome: https://goo.gle/3xzWj8P zPure Protect v2.6 Released - With FlashArray Integration!
Pure has released v2.6 of Pure Protect //DRaaS, with FlashArray Integration! This release brings the ability for Pure Protect to directly manage a FlashArray backing datastores in VMware. Add your FlashArray's management IP and API key to Pure Protect, and you can start creating Policies that bring the RPO down to 15 minutes! No more needing to create array policies, replication groups or POD's, or other components. Pure Protect manages all of this for you, based upon an SLA Policy applied to an Application Group of Virtual Machines! RTO's are equally as fast, with Pure Protect orchestrating the replication, volume promotion, datastore creation, virtual machine registration, power on, and some reconfiguration if needed. With all of this being done on-array and via API's, RTO speeds and reduction of Work Recovery Times (WRT) will be unmatched! Reach out to your Pure team for details, or request a Community Edition via the Pure1 Catalog to try it out!Pure Protect - My License is Active, What Next?
Now that you have your Pure Protect License for either Premium Edition or Community Edition, what is the next step? The first step, and commonly missed, is to add yourself the "DRaaS Global Admin" in Pure1 IAM. To do so, choose the Application Switcher (next to your user profile in the top right), and choose IAM Once their, add to your username the "DRaaS Global Admin" role. A user with existing Pure1 Admin privileges maybe required to perform this action. Once complete, you will see "Create Deployment" page under "DRaaS | Deployments" on the left navigation bar. I advise reading through the quick start guide on Pure1 Support portal to get an idea of the few questions and pieces of information needed to be successful. These include IP and network information for the appliance, ensuring firewall ports are opened for the appliance, vcenter service account credentials, and if you are using AWS, credentials and network information. Reach out with feedback or questions via this community portal or your Pure account representatives! ChadPure Protect - Network and Firewall Requirements
An important topic with deploying Pure Protect, both Premium and Community Editions, is what ports and network settings are required for it to work? We maintain a page answering all of those questions in the Pure1 Support portal! Within the Pure Protect Quick Start documentation, which is great information to review prior to a deployment, we include a page "Network Firewall Requirements." This details outbound communications to Pure1, to vCenter and ESXi, to AWS if used, and between sites when using VMware to VMware workflows. Log in with your Pure1 Customer credentials, and reach out with any questions! - Chad MonteithPure Protect //Community Edition - Now Available!
We are excited to release Pure Protect //Community Edition! Now available in the Pure1 Catalog, Community Edition provides Pure1 users with the ability to use and test Pure Protect quickly and easily. Community Edition today includes a fully featured release of Pure Protect, limited to 5 TiB of protected VM's, and provides community support through this forum! When you are ready to move up to Premium Edition, you gain full 24x7 phone support from Pure Storage, as well as the ability to protect more than 5 TiB of VM's. To start with Community Edition, Log in to Pure1, under Marketplace choose Catalog, and then the Pure Protect catalog offering. We look forward to hearing from you and how you are using Pure Protect //Community Edition! - Chad Monteith
