Accelerate with ATG- IBM DS8000 - Deep Dive on Ransomware Threat Detection with FlashCore Modules

Aligned with the Detect, Protect, and Recover functions of the NIST Cybersecurity Framework (CSF) 2.0, DS8000 has long delivered protection and rapid recovery through immutable Safeguarded Copy. With DS8000 G10 R10.1, IBM extends this strategy with inline, hardware‑assisted ransomware threat detection at the I/O block level using IBM FlashCore Module 4 (FCM4) and AI‑driven analytics.

Ransomware detection is performed directly within the FCM hardware, inline with the data path, ensuring continuous analysis of every write operation with no impact to application performance. Low‑level telemetry is offloaded every few seconds to the Hardware Management Console (HMC), where it is aggregated and analyzed using machine‑learning models to identify early indicators of active data attacks - independent of hosts, operating systems, or applications.

IBM is delivering DS8000 ransomware threat detection and alerting in phases. In the current Phase 1 release with R10.1, detection logic is active and telemetry‑based alerts are sent to IBM Support for model training, tuning, and false‑positive reduction. In a future Phase 2 release, customers will receive alerts directly through multiple notification channels, enabled via the DS8000 Security Group license.

Speaker: Brian Sherman, IBM Distinguished Engineer, IBM Advanced Technology Group (ATG) - Storage

Tags

Accelerate with ATG- IBM DS8000 - Deep Dive on Ransomware Threat Detection with FlashCore Modules

Related Media