CINXE.COM
AI-assisted malware resistance, response and recovery • The Register
<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>AI-assisted malware resistance, response and recovery • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta property="og:image" content="https://regmedia.co.uk/2015/11/09/security_675646345634563456.jpg"/> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/" /> <meta property="og:title" content="AI-assisted malware resistance, response and recovery" /> <meta property="og:description" content="How visibility into the life of an IO all the way from the storage controller to the flash media aids cyber protection" /> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@TheRegister"> <script type="application/ld+json"> { "@context":"http://schema.org", "@type":"NewsArticle", "mainEntityOfPage":{"@type":"WebPage","@id":"https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/"}, "headline":"AI-assisted malware resistance, response and recovery", "datePublished":"2024-10-01T07:43:15Z", "dateModified":"2024-09-24T13:43:09Z", "image":{"@type":"ImageObject","url":"https://regmedia.co.uk/2015/11/09/security_675646345634563456.jpg","width":"648","height":"429"}, "author":{"@type":"Person","name":"Chris Mellor"}, "publisher":{"@type":"Organization","name":"The Register","url":"https://www.theregister.com/","logo":{"@type":"ImageObject","url":"https://www.theregister.com/design_picker/1fea2ae01c5036112a295123c3cc9c56eb28836a/graphics/std/red_logo_sans_strapline.png","width":330,"height":55}} } </script> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Story'; var RegTruePageType = 'www story'; </script> <link rel="canonical" href="https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/"> <link rel="amphtml" href="https://www.theregister.com/AMP/2024/10/01/aiassisted_malware_resistance_response_and/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <script> var RegArticle={id:236362,pf:0,af:0,bms:0,sec:'on_prem/storage',cat:'sponsored_by',ec:[],kw:[["pure storage",'Pure Storage']],kwp:[],short_url:'https://reg.cx/4ewJ',cp:0,noads:[],ads:['purestorage-21645-sf'],author:'Chris Mellor'} </script> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/design.css"> <style> #nav-on_prem, #nav-on_prem-storage { text-decoration: underline !important; } </style> <link rel='stylesheet' type='text/css' href='/css/e5c206ed408f082870465a2c478e657ff0db3937/story_only.css'> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/on_prem/storage/headlines.atom" title="The Register: Storage section"> <script> var RegCR = false; </script> <script src="/design_picker/14513432720673f1c1ee02761ba265b674b7bee1/javascript/_.js"></script> <script> RegGPT('reg_onprem/storage','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"><!-- 32×32 --> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"><!-- 180×180 --> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Story' data-iebrowser='7' data-pagenum="0"> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" id="logo"> <img src="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.png" srcset="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg" width="190" height="35" alt="The Register® — Biting the hand that feeds IT"> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/blackhat_and_defcon">Blackhat and DEF CON</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> <a href="https://www.theregister.com/special_features/malware_month">Malware Month</a> <a href="https://www.theregister.com/special_features/the_reg_in_space">The Reg in Space</a> <a href="https://www.theregister.com/special_features/spotlight_on_rsa">Spotlight on RSA</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_vonage/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_vonage"> Vonage </a> <a href="https://www.theregister.com/VendorVoice/aws_amdocs/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_amdocs"> Amdocs </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws"> Siemens and AWS Gen AI </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws_itot/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws_itot"> Siemens and AWS IT/OT </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_solutions/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_solutions"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/ddn/" class="subnav_elem" id="nav-tag-vendor-voice-vv_ddn"> DDN </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <a href="https://www.theregister.com/VendorVoice/hpe_greenlake/" class="subnav_elem" id="nav-tag-vendor-voice-vv_hpe_greenlake"> Hewlett Packard Enterprise: Edge-to-Cloud Platform </a> <a href="https://www.theregister.com/VendorVoice/intelvpro/" class="subnav_elem" id="nav-tag-vendor-voice-vv_intelvpro"> Intel vPro </a> <a href="https://www.theregister.com/VendorVoice/vmware/" class="subnav_elem" id="nav-tag-vendor-voice-vv_vmware"> VMware </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",fluid,superleaderboard,billboard,leaderboard," data-xxlg=",fluid,superleaderboard,billboard,brandwidth,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <article> <div id=top-col-story> <div class="header_left"> <div class="cat_header"> <h4 class="dcl"> <a href="/on_prem/storage/" aria-label="Storage">Storage</a> </h4> </div> <div class="comments_wrap mobile_only"> </div> </div> <div class="header_right"> <h1>AI-assisted malware resistance, response and recovery</h1> </div> <div class="header_left"> <div class="comments_wrap desktop_only"> </div> </div> <div class="header_right"> <h2>How visibility into the life of an IO all the way from the storage controller to the flash media aids cyber protection</h2> <div class="byline_and_dateline_and_share_and_comments"> <div class="byline_wrap"> <a class="byline" href="/Author/Chris-Mellor" title="Read more by this author"> Chris Mellor </a> </div> <div class="dateline_wrap"> <span class="dateline"> Tue 1 Oct 2024 <span class="slashes"> // </span> 07:43 UTC </span> </div> </div> </div> </div> <div id=main-col> <div id="article-wrapper" class="article_wrap"> <div class="left_col"> <div class="floating_bar"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_2"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery&url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery&summary=How%20visibility%20into%20the%20life%20of%20an%20IO%20all%20the%20way%20from%20the%20storage%20controller%20to%20the%20flash%20media%20aids%20cyber%20protection" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> <div class="promo_advert"> </div> </div> <div class="centre_col"> <div id="article"> <div id="body"> <p><span class="label">Sponsored Feature</span> It's the job of a storage array to be a data service, to store and serve data to its users. If that data is corrupted or stolen then the array is not doing its job.</p> <p>Storage array suppliers have increasingly emphasized cyber-resilience measures to safeguard the data they hold. An example of this Pure Storage adding a generative AI Copilot to help storage admin teams with security issues as well as performance investigations and fleet management.</p> <p>Now the epidemic of malware assailing virtually every organization is <a href="https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools" rel="nofollow">getting worse</a>, with AI-assisted malware being more and more effective at opening and passing through doorways into IT systems and setting them up for data extraction and encryption. <a href="https://www.theregister.com/2024/05/31/cyber_cops_plead_for_info/">Emotet</a> and <a href="https://www.theregister.com/2024/01/25/trickbot_malware_dev_sentenced/">TrickBot</a> are examples of AI-assisted malware.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <p>This form of malware will be more effective at gaining entry to target systems. Organizations can themselves take advantage of AI to strengthen their attack response posture. Andy Stone, CTO for the Americas at Pure Storage, has written a 3-part blog looking at the before-, during -, and after-attack phases and how organizations can organize themselves to resist, respond and recover.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xmd=",fluid,mpu,leaderboard," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <div class="adun_eagle_desktop_story_wrapper"> <div aria-hidden="true" class="adun" data-pos="mid" data-raptor="eagle" data-xxlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> </div> <p>Malware businesses are businesses; not short-sighted groups of disaffected hackers; teenagers in a basement. They can be strong, efficient, well-organized and determined. Pure VP R&D Customer Engineering, Shawn Rosemarin, commented on "the level of corporate maturity in some of these companies, like they are run by CEOs and CFOs they have fundamental formal support plans. You can even purchase extensive support contracts allowing you to call and get support with their tools if you're having trouble getting them to do what you need them to do. In fact, some of them even offer "as-a-service" campaigns where they'll take a piece of what it is that you are able to get access to, or even charge you on the amount of positive responses, or essentially the amount of breach that you're able to cause."</p> <p>All of this suggests that target organizations, meaning any organization, need to have the same kind of approach to incoming malware. That means a well thought through and informed stance.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p> <strong>Start wtih data hygiene</strong> </p> <p>This starts with being prepared for an attack by maintaining a high standard of data hygiene, looking for active threats and having a rehearsed attack response plan. In a pre-attack or reconnaissance phase, attackers reconnoiter systems, initiate an attack plan, and try to gain entry through social engineering phishing techniques. It is during this pre-attack phase that AI-assisted malware can be most effective, crafting more sophisticated phishing approaches, extensive port log scanning, and also polymorphic signatures.</p> <p>With port scanning, Rosemarin said: "If I can get into a port and I can start to sniff that port and look at what's happening, the ability for AI to actually filter and analyze what is potentially millions or hundreds of millions of logs makes it significantly easier. Finding vulnerabilities within those logs becomes easier with AI, because AI is very good at looking at massive amounts of information, finding something that's interesting."</p> <div aria-hidden="true" class="adun" id="story_eagle_xsm_sm_md_xmd_lg_xlg" data-pos="mid" data-raptor="eagle" data-xsm=",mpu,dmpu," data-sm=",mpu,dmpu," data-md=",mpu,dmpu," data-xmd=",mpu,dmpu," data-lg=",mpu,dmpu," data-xlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/storage&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LkH-8-7pcEO11KTVW24wAAAJQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>AI can also help improve social engineering phishing: If the attacker can find out even a little bit about an employee or officer of an organization and the way they behave, their access patterns they can more effectively pretend to be that officer or employee, and that person.</p> <p>Once an employee has been duped and malware code installed then, in Rosemarin's view: "AI is changing the way these threats behave. You can call this concept 'shape-shifting', which you know is really probably a comic book or animation cartoon concept until now. What AI is allowing these threats to do is shape-shift and change their activity, on-the-fly. So if I see it in one place, it looks like this, but by the time I go to get rid of it, it's changed its signature. it's changed its behavior, which makes it significantly harder to identify and deal with." Such polymorphic viruses are harder to detect and remediate.</p> <p>It is quite possible that, right now, there is malware lurking in your IT system, being used to scan and map out your system's overall architecture so that vulnerabilities and targets can be identified.</p> <p>Rosemarin said: "Ultimately the attacks will come in, and they'll come in from an application or user device, and they'll find a way to move through your environment, either north, south or east, west, depending on how they can and where they'll find the most valuable or the biggest payload is, 'honey pot' as it's called in the industry. And they'll dwell undetected until the timing is right to attack that particular honey pot."</p> <p>Once malware code is dwelling in a system it can watch what staff do in a typical day. It can watch for 45 days, 60 days, or even longer and detect that, say, every Tuesday at 8pm the employee does some sort of download. Rosemarin suggested: "That would be the time for me to move my malware to these particular systems, because that would not be considered out of the ordinary."</p> <p>He said: "I can arm the malware to attack against the latest CVEs (Common Vulnerabilities and Exposures), what are often zero day attacks. Because, in a large environment, it currently can take a few weeks, days or weeks to get CVEs actioned due to change control and outage windows. CVEs provide excellent entry points allowing malware to assess your data estate, and assess the appropriate payload to release."</p> <p> <strong>Where Pure Storage can help</strong> </p> <p>What can Pure Storage do to better detect these attacks? Rosemarin told us: "The opportunity for us that's unique is that, unlike our competitors, we have visibility into the life of an IO all the way from the storage controller through to the flash media. Specifically, we are able to follow the particular command set that's coming from the app through the storage controller down to the flash, allowing us to see exactly what's happening to that IO at every element of the storage stack. We leverage this full telemetry, as well as the metadata management associated with it, to make it easier for us to spot potential anomalies."</p> <p>"This is already in use today within Pure1's ransomware detection mechanisms learning what's normal in the life of an IO all the way down to the flash level." He says no other storage array supplier can do this due to their reliance on third party SSDs and the disparate firmware therein.</p> <p>Pure also has ransomware detection built in now to Pure1. Customers can go in and turn on the feature to look through recorded logs and alert them within the Pure1 console.</p> <p>At a higher level, Pure works with security companies like Palo Alto Networks allowing them to use this information: "There's a standard called Open Telemetry, which is essentially taking my metrics and converting them to a format that is easily integrated into third party systems," says Rosemarin. "Today, we use telemetry from infrastructure in the open telemetry standard, and then we put this data directly into SecOps workflows so that customers can gain visibility all the way down to their storage level."</p> <p>That means it can be correlated with what's happening at the user authentication schema level; for example who's logged into which systems, and play a role at the SIEM, SOAR, and security operations center level.</p> <p>But there's more: "As we find these particular signatures or patterns within the telemetry, we take automated action to protect the data that's within it."</p> <p>Pure's malware security infrastructure also features automated action scripts. Rosemarin said these "integrate with SIEM, SOAR and XDR (Extended Detection and Response) so that if we natively find a threat, or if the SecOps workflow finds a threat, we engage certain capabilities like SafeMode snaps that would protect that particular volume in the case of an anomaly detection without human intervention."</p> <p>This automated execution is a major advantage, as opposed to an alert says Rosemarin. When someone gets an email or a page or a text alert, they then have to go in and do something, which takes time. As Pure's system has complete storage telemetry visibility and automated script actions, it has the capabilities to lock down that storage instantly. That can be a huge benefit in damage limitation to its customers.</p> <p> <strong>Safemode for resilience and space efficiency</strong> </p> <p>In addition, a feature of Pure's volume snapshotting is its "SafeMode" immutability, notable not only for its resilience but also its space-efficiency. Rosemarin says: "The easiest way to restore a data set is a snap," and Pure has: "the most space-efficient snapshot technology in the industry." With other suppliers: "snapshot technology can consume a significant amount of space. Cyber criminals know that the average organization only does snaps for 60 days, say, because they don't want to consume a ton of expensive space, and so they'll let the malware dwell for 65 days, knowing that now it's taken you to the point where your only restoration mechanism is from backups."</p> <p>"And not only is that slower and more kludgy, it also represents all sorts of additional risks, I have to restore the applications, then I have to replay logs, because transactions have occurred since the last full backup. And if I'm in banking or in insurance or any kind of institution, I could potentially lose valuable transactions. People made deposits, they took withdrawals. Equipment moved. Customers placed orders." It all adds up and can make restoring from backup painful and risky.</p> <p>The benefit, he explains, is that "with Pure I can get more space-efficient snapshots, which allows me to have more days of protection for the same amount of potential use of the storage capacity. And those snapshots will be immutable to the point where, even if the credentials are phished to Pure1, the attackers will not be able to go in and encrypt my snaps. SafeMode immutability is protected beyond access credentials with named users and secondary passcodes. Snapshot strategy is so important, because, in the event of an attack, I'm just going to use my snaps to instantly restore myself to a period pre-breach."</p> <p>Once an attack is detected the affected systems have to be identified, locked down, disconnected from the network and quarantined. Rosemarin said: "The array is put into solitary confinement."</p> <p>Attack detection should trigger a SecOps response plan: "This is no different than any element of your DR plan. Ultimately it should not be that the phone rings at 2am or someone gets paged, and now everybody's got to come in and figure out what they're going to do."</p> <p>"This is part of the SecOps playbook, part of the SecOps mandate. Most organizations now have a SecOps organization, and it's not necessarily a full-time job function. It's individuals from specific groups that have been pulled into SecOps to not only build but practice and execute this plan in the event of an attack.</p> <p>"But it's also not just the company itself. It includes their cyber-insurers, potentially law enforcement, and even government organizations like the CIA and FBI who get engaged in these pursuits. There is an established process, an 'In case of emergency, break glass' type of book that spells out the process and the people involved."</p> <p>"This is a formal team, a little bit like what we had back with Y2K. This team has to practice. It has to know what processes they're going to follow. If you just leave this to your network and system administrators it's usually ineffective. It requires business leadership, critical partners. It might involve your legal teams, external law enforcement as well as your cyber insurance providers."</p> <p> <strong>Time for data restoration and recovery</strong> </p> <p>Once the attack is halted, and in the initial post-attack stage, this is where data restoration and recovery take place. The affected data must be identified and restored to fresh and clean systems. This requires replacement clean hardware as the attacked system hardware is now corrupt and quarantined. It may be required for forensic analysis use which can take appreciable time; days and weeks.</p> <p>Rosemarin again: "You'll have a recovery environment, whether off-site, on-site, rented, leased or as-a-service. And that'll give you line of sight to new hardware. In many cases we deal with this at Pure through Evergreen/One. We actually offer a ransomware recovery SLA and we take care of it. We guarantee the shipment of equipment, we guarantee the migration of the data and the restoration of the systems, and we actually ensure that the systems are up and running."</p> <p>The attack recovery process is complex. Rosemarin told us: "You want to update your credentials and passwords. You want to make sure that you know if any information was posted on your site by the attackers. You remove it. You contact the search engines to clear the cache, so that any kind of breach fallout is minimized. Then you have to mobilize your emergency response team, which gets us back to SecOps.</p> <p>Rosemarin thinks attacked organizations should share their attack data. They "should consider publicizing these attacks and the activity to help their peers deal with similar attacks. They can do that either anonymously through case studies or cybersecurity forums. Some of the biggest are the Information Sharing and Analysis Center (ISACs) in financial services and healthcare.</p> <p>"Some of these are protected in that you need to be a member of a given organization and you need to be vetted. But there's also less formal clearinghouse called the Information Sharing and Analysis Organizations (ISOs). They're similar, but they're more flexible in terms of membership."</p> <p>He said that "What this does is give companies the ability to have collective defense community support, the concept of "you give to get."</p> <p>Rosemarin thinks that: "As humans, we are the largest weakness in the security chain. And the good news is, when I look at AI, the ability for AI to augment our systems to protect us against these threats is the way forward. That augmentation is going to come on the back of clear and present visibility, and I think that organizations who have the ability to most effectively gather that telemetry and connect it, will be in the best position to deal with attacks."</p> <p> <i>Sponsored by Pure Storage.</i> </p> </div> <div class="article_body_btm mobile_only"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_3"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery&url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery&summary=How%20visibility%20into%20the%20life%20of%20an%20IO%20all%20the%20way%20from%20the%20storage%20controller%20to%20the%20flash%20media%20aids%20cyber%20protection" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="right_col desktop_only"> <div class="similar_topics"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Pure%20Storage/" > <span class="keyword_name"> Pure Storage </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Pure%20Storage/" > <span class="keyword_name"> Pure Storage </span> </a> </li> </ul> </div> </div> </div> </div> </div> <div class="right_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> </div> </div> <div class="left_col main_content"> <div class="sharing_block"> <div class=article_body_btm> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_4"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery&url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=AI-assisted%20malware%20resistance%2c%20response%20and%20recovery&summary=How%20visibility%20into%20the%20life%20of%20an%20IO%20all%20the%20way%20from%20the%20storage%20controller%20to%20the%20flash%20media%20aids%20cyber%20protection" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/01/aiassisted_malware_resistance_response_and/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="centre_col main_content"> </div> <div class="hidden_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Pure%20Storage/" > <span class="keyword_name"> Pure Storage </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Pure%20Storage/" > <span class="keyword_name"> Pure Storage </span> </a> </li> </ul> </div> </div> </div> </div> <div class="right_col main_content"> <div class="tip_off_widget"> <h4>TIP US OFF</h4> <p><a href="https://www.theregister.com/Profile/contact/" target="_blank">Send us news</a></p> </div> </div> </div> </div> </article> <hr id=story_section_break> <div id=story-bot-col> </div><div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2024 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_onprem/storage','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(420) }); </script> </div> <!--[if IE]> <p id=unsupported_browser>The Register does not support such an old IE version. Please upgrade your browser. <img src="https://go.theregister.com/k/abb_oldie> </p> <![endif]--></div> </body> </html>