未來的計算存儲卸載以加快從勒索軟件、惡意軟件和其他入侵中恢復的速度.pdf

《未來的計算存儲卸載以加快從勒索軟件、惡意軟件和其他入侵中恢復的速度.pdf》由會員分享，可在線閱讀，更多相關《未來的計算存儲卸載以加快從勒索軟件、惡意軟件和其他入侵中恢復的速度.pdf（18頁珍藏版）》請在三個皮匠報告上搜索。

1、OCP Global Summit October 18,2023|San Jose,CATim Fisher,IBM FlashSystemsUsing Computational Storage to speed recovery from IntrusionsFlashCore Module A Computational Storage DeviceXLarge38.4TBu 115.2TBePCIe Gen4Market Leading DensitySmall4.8TBu 22TBePCIe Gen3Medium9.6TBu 28.8TBePCIe Gen3Large19.2TBu

2、 57.6TBePCIe Gen4Enterprise Performance and Endurance with ONLY QLC since 20207 Year Endurance GuaranteedBest Price PointBest ValueFCMOffering 2.5”Dual portedNVMe SSDU.2 Form FactorHardware Compression and DecompressionHardware AES-256 Encryption with TCG OpalFIPS 140-3 L2Certification in progressUs

3、ed exclusivelyIn IBM Storage Appliances(for now)3Business and industries are encountering a growing landscape of cyber security risks.A record high of cost of a data breach in 2022.Extortion was the most common attack impact in most organizations.Phishing was the top initial access vector.Security i

4、ntrusion was frequently achieved through malware,mainly backdoor deployment and ransomware attacksData Breach(by IBM Security X-Force)Source:Cost of a Data Breach Report 2022(IBM Security)Source:X-Force Threat Intelligence Index 2023(IBM Security)An SSD also has visibility to all the data flowing in

5、 the systemCan Compress and Encrypt-with no performance penaltyVarious checks can be made on the data-with no performance penaltyHas intimate knowledge of access patterns,latency,types of data transfer and IOPsAdditional Information can be passed to the SSDs about volume,file,OS.Trends and predictio

6、ns can be intelligently madeWhat does Intrusions and FCM have to do with Computational Storage?BUT:It can generate data needed for determining Intrusion attacks with less performance impact then any other part of the systemBlock Storage is missing some context other parts of the system haveWhich mak

7、es one consider:RansomwareWiperwareMistaken deletes Turning encryption or compression on in applicationExfiltration stealing data but not hurting it.SSDs can help in early threat detection!FCM is adopting a standardized process for computational storage,with an infrastructure built on proposed NVMe

8、concepts:TP4091 Computational ProgramsTP4131 Subsystem Local Memory While our use case is still primarily within our own appliances,where we control the software stack,this will allow the FCM to efficiently adapt and modify our computational programs for future use cases and platforms.FCM Computatio

9、nal Storage(CS)InfrastructureWhat new CS feature will FCM deliver with this InfrastructureIntrusion Detection Hints!RansomwareWiperwareExfiltrationFCM will analyze different aspects of the data and I/O and provide analysis to FlashSystem Spectrum Virtualize softwareFlashSystem will provide alerts of

10、 possible attacks and use Safeguarded Copies to recover dataWe believe Intrusion Detection is the next BIG thing in Computational StorageFCM NVMe layer will implement a subset of the commands detailed in TP4091 and TP4131 as well as required commands present in the NVMe 2.0 base specificationUpon co

11、nfiguration the CAP.CSS will indicate the FCM supports multiple command sets,the host can determine if only the base command set is to be used or if all commands sets can be usedFCM will create two additional namespaces on boot.One will conform to the Computational Namespace definitions in TP4091 an

12、d the second will conform to the Subsystem Local Memory Namespace definitions in TP4131Computational Memory Host Interface and NamespacesHostFCMNVM NamespaceComputational NSSubsystem Local Memory NSFCM is an FPGA based controller design utilizing AMD/Xilinx Versal technologyThe FCMs primary function

13、 is an Enterprise QLC SSD that includes compression,encryption,high-performing FTL,and other featuresThis computational storage use case is designed to not interfere with the storage performance or function Computational ComponentsWhile there are many other components that make up the hierarchy of o

14、ur controller,we will focus on the roles of the APU(s),RPU(s),and programmable logic as they pertain to the computational storage infrastructureFCM Controller OverviewAMD/Xilinx Versal FPGADual-core ARMCortex-A72 APUDual-core ARMCortex-RF5RPUProgrammable Logic(PL)FCM CS infrastructure will include a

15、 statically allocated memory region for each RPU as well as a dedicated AXI-lite register space for each RPUThis region will be used to gather data for analysis and summarize the data so that it can be consumed by host or system APIThe PL will be responsible for gathering the data for analysisThe RP

16、U(s)will be used to analyze,summarize,and format the data for consumptionThe APU(s)will provide the setup,configuration,and management of the CS InfrastructureComputational Storage InterconnectPLAPURPU0PCIeAXIDRAMAXIRPU0RPU1RPU1RegisterSpaceRPU0RPU1FlashFCM CS infrastructure will include a staticall

17、y allocated memory region for each RPU as well as a dedicated AXI-lite register space for each RPUThis region will be used to gather data for analysis and summarize the data so that it can be consumed by host or system APIThe PL will be responsible for gathering the data for analysisThe RPU(s)will b

18、e used to analyze,summarize,and format the data for consumptionThe APU(s)will provide the setup,configuration,and management of the CS InfrastructureMemory AllocationMemory allocation forcomputationPLRPUData Collection for computationComputationsummaryHostSubsystem local memoryThe FCM is the IDEAL p

19、lace to track and analyze data for intrusion detectionFPGA based controller allows for easy addition of new modules to deal with new threatsThe amount and type of data being collected will lead to an unprecedented amount of information about the work your SSD is doing in your environment!FCM Intrusi

20、on AnalysisIBM is Committed to Cyber Resilience throughout the entire storage infrastructureIBM Safeguarded CopyIBM Storage DefenderIBM Storage SentinelFCM CSD Intrusion detection hintsReduce/Eliminate False Positives!Top reason for Storage Admins to ignore or turn off Threat Detection SoftwareFCM h

21、ints provides increased accuracyIn our FlashSystem products,hints from multiple FCMs will be combined for even more confidence!AFA Computational Storage PlatformThis work could revolutionize the detection,accuracy,and recovery speed of a malicious attack!The Future of Storage Based Resiliency and RecoveryOCP Global Summit|October 18,2023|San Jose,CA