Event-Driven Ransomware Detection with ONTAP ARP + Datadog
ONTAP's Autonomous Ransomware Protection (ARP) detects ransomware by identifying encryption patterns at the storage layer using machine learning. When an attack is detected, an event is sent through a serverless pipeline involving API Gateway, Lambda, and Datadog for rapid alerting. This integration enables near real-time detection with end-to-end latency of about 30 seconds in testing.
- ▪ONTAP ARP uses ML-based entropy analysis to detect sudden spikes in file encryption, mass file extension changes, and abnormal write patterns.
- ▪The detection pipeline sends EMS events from ONTAP to Datadog via API Gateway and Lambda, enabling alerts within seconds.
- ▪The solution integrates with existing logging infrastructure and supports secure webhook configurations using HTTPS and mutual authentication.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 1143688) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Yoshiki Fujiwara(藤原 善基)@AWS Community Builder for AWS Community Builders Posted on May 17 Event-Driven Ransomware Detection with ONTAP ARP + Datadog #aws #serverless #datadog #amazonfsxfornetappontap Serverless Observability for Amazon FSx for NetApp ONTAP (3 Part Series) 1 Why Your FSx for ONTAP Audit Logs Deserve Better Than EC2 2 Shipping FSx for ONTAP Logs to Datadog — The Serverless Way 3 Event-Driven Ransomware Detection with ONTAP ARP + Datadog TL;DR ONTAP's Autonomous…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
