Pure Storage, Inc.
Compressibility Metric-based Detection of a Ransomware Threat to a Storage System

Abstract:

An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.