Driving Advanced Ransomware Protection with NVMe® Computational Storage

By: Tim Fisher, STSM, FlashCore Module Chief Architect, IBM

The frequency of cyberattacks occurring across the enterprise and hyperscale data centers is accelerating year-over-year as hackers become more skilled in breaching firewalls and accessing customer data. When a new vulnerability is found, ransomware attacks can quickly scale to disrupt many organizations, especially those without data resilience. It is clear that companies investing in AI-based security and resilience capabilities identify and resolve threats significantly faster.

As an NVM Express member company, we at IBM are pleased to use the NVM Express® (NVMe®) Computational Storage feature within our devices. In this blog, I’ll cover more about how IBM uses Computational Storage to address ransomware attacks with advanced security technology.

Using NVMe Computational Storage to Protect Against Ransomware Attacks

With NVMe Computational Storage, an NVMe SSD has increased visibility to the data flowing in the system and can compress, encrypt and transform data with minimal performance impacts. Furthermore, these SSDs have intimate knowledge of access patterns and types of data transfers, allowing them to predict data trends and flag any potential unwanted accesses. Computational Storage enables NVMe SSDs to help in the early threat detection of ransomware, wiperware, encryption and data exfiltration.

IBM’s FlashCore Module (FCM) has implemented a standardized process for Computational Storage, with an infrastructure built on NVMe Computational Programs and Subsystem Local Memory Command Sets. Our use case is still primarily used within our applications where we control the software stack, which allows the FCM to efficiently adapt and modify our Computational Storage programs for future use cases. Additionally, the FCM creates platforms that analyze different aspects of the data and I/O operations. The FlashSystem Spectrum Virtualize software then takes this analysis, provides alerts of possible attacks and uses safeguarded copies to recover data accordingly. Furthermore, by using NVMe Computational Storage, there are minimal impacts on storage performance and function.

IBM utilizes NVMe Computational Storage to establish a set of algorithms in the FCM that examines the drive’s workload and data patterns for every I/O operation and summarizes the information. This data is then read from the drive’s subsystem local memory and fed into ML models trained to look for various anomalies like intrusion, ransomware and mistaken deletes that may be occurring on the storage device. Providing the host with the workload and data analysis at the drive level can help the host accurately detect and quickly address ransomware issues. IBM’s Computational Storage algorithm provides a way to detect intrusions quickly and accurately, secure the data and notify the customer, which will ultimately save the customer from losing time and money if an attack occurs.

Learn More About Computational Storage

If you have more questions about NVM Express Computational Storage, I suggest you watch the NVM Express Computational Storage video series and my recent webinar “NVMe Computational Storage: From Addressing Ransomware to Improving Bandwidth.”

Finally, you can download the Computational Programs Command Set and Subsystem Local Memory Command Set on the NVM Express website and explore the full NVMe Computational Storage specification.