Let Your Cloud Native Storage Save You from Ransomware!

The presentation discusses using machine learning and entropy calculation to detect ransomware in a Ceph cluster without Rook. The speaker demonstrates a live demo of the code and explains the logic behind it.

• The speaker uses entropy calculation to detect ransomware in a Ceph cluster without Rook
• The code is demonstrated live and explained in detail
• The quarantine mechanism helps to reduce false positives
• An external system can be used to address false negatives

The speaker demonstrates the code for checking whether a bucket is quarantined and explains how the entropy calculation works. They also discuss the importance of tuning the threshold and algorithm for better results. The speaker suggests using an external system to address false negatives and explains that the quarantine mechanism reduces the impact of false positives.

Ransomware poses a massive threat to organizations and individuals. However, detecting and protecting from it is a huge challenge. Don’t worry, cloud-native storage is here to save the day! This talk presents a ransomware detection and quarantine solution based on Ceph Object Store (Ceph RGW) that Rook orchestrates. The solution’s performance impact is mitigated by the Vertical Pod Autoscaler (VPA) for partial inline processing, while the more heavy lifting is offloaded to a serverless function managed by KEDA. Ceph RGW is often used to store and backup data for organizations, or for individuals using cloud storage providers. This solution detects changes in the entropy of the objects as they are uploaded. Detection is done by comparing them to the entropy of past uploaded objects. If an abnormality is detected, they are quarantined.