Autonomous Ransomware Protection - Real World Examples

TMADOCTHOMAS · ‎2024-03-22

We are running OnTAP 9.12.1(P11) and are considering implementing Autonomous Ransomware Protection. While I will test it, it's hard to simulate real-world scenarios perfectly. I'd love to hear from fellow admins who have implemented Autonomous Ransomware Protection what their take on it is. Was it performant? Was it mostly accurate or were there a lot of false positives? Any particular type of data it did or didn't work well on? I'd love any feedback anyone is willing to give! Thanks.

JillE · ‎2024-03-26

I have implemented in our Lab only. My biggest issue is that we have quite few jobs which create copies of files with dates at the end of the name, which ARP picks up as a new file types. I have had to quit monitoring "new file types" on quite a few of our larger usage volumes. I like having that automatic snapshot out there "just in case", but I would hate for my volumes to be disabled for any of the possible issues as I have them every day on multiple volumes. As far as I've been able to tell, you really need to setup the "workload characteristics" per volume, to get the most out of the product. I ran mine in "learning" mode for multiple months also. As a side note, there is an issue with looking at your outstanding possible problems. You have to go via the Dashboard to see them. If you try to go directly via Event, it errors. I've reported the issue. I think this is an excellent tool, but it requires a bit of time......

TMADOCTHOMAS · ‎2024-03-26

Thank you @JillE that is super-helpful! You're sort of confirming what I suspected, that it's quite a bit of trial and error and work to figure out the best configuration for each person's environment. I too am concerned about volumes being disabled for the same reason you are. Interesting re: the Dashboard vs. Events issue, good to know. Thank you again!

Autonomous Ransomware Protection - Real World Examples

Join us in Vegas, September 23-25