News IBM's new cloud AI enabled SSDs identify and treat ransomware in under a minute

[Admin]

IBM uses AI-enhanced FlashCore Module (FCM) technology to increase data resilience against cyberattacks by detecting and addressing malware near-instantly.

IBM's new cloud AI enabled SSDs identify and treat ransomware in under a minute : Read more

 

[garrett040]

Yea thats what i want, ai in my ssd that can hallucinate a virus and delete my data, perfect.

 

[jeremyj_83]

Yea thats what i want, ai in my ssd that can hallucinate a virus and delete my data, perfect.

I'd rather have that happen in an enterprise environment than ransomware. There are ways to recover lost data quite easily. Recovering from ransomware can take a long time and be excessively expensive.

 

[TheyCallMeContra]

Yea thats what i want, ai in my ssd that can hallucinate a virus and delete my data, perfect.

Trust me, friend: this piece pre-editing was even less kind to "generative AI" than you're being right now. However, these are very different applications of the technology— something that truly only helps people, not some automated tool for trying to skip the work involved in creating anything meaningful. There is no reason to expect this to "hallucinate a virus", particularly not with IBM's pedigree in mind.

 

[kyzarvs]

Having survived a customers' ransomware attack with a 15-second command, I'm going to say just use version control? Nextcloud / 1Drive / Google / Alfresco have all supported it for years. "Oh no, everything has been encrypted" = clean the virus off the infected machine then roll all affected files (easily identifiable by date / time altered) back by one version. Sounds like a way to make SSD's more expensive so they do a job that's already under control elsewhere.

 

[TheyCallMeContra]

Having survived a customers' ransomware attack with a 15-second command, I'm going to say just use version control? Nextcloud / 1Drive / Google / Alfresco have all supported it for years. "Oh no, everything has been encrypted" = clean the virus off the infected machine then roll all affected files (easily identifiable by date / time altered) back by one version. Sounds like a way to make SSD's more expensive so they do a job that's already under control elsewhere.

Fair point, though I don't think anybody's arguing this is somehow the only way to solve the problem. I certainly didn't mean to imply as such. That said, automating the process you describe would ideally free up time for IT staff to be put to work elsewhere. And IBM's software solution also seems to be quite capable of version control.

 

[Sleepy_Hollowed]

Ah, yes, how will this prevent data loss from actual enterprise software encryption, for example?

No thanks.

 

[Findecanor]

Intuitively, this felt a bit weird at first. However, after reading the previous article about AI-driven disk protection, I think it made more sense.
Organisations are often very bad at protecting against ransomware attack, but when they succeed, it is not just the organisation itself that is affected.

Technically seems to me somewhat like a versioning system, below the file system. But how well would it interact with an actual versioning file system?

 

[Zaranthos]

Let the AI arms race begin. AI powered defensive tools, AI powered malware, AI powered viruses, AI powered tech support, and AI powered therapists to smooth it all over when it goes wrong. Haha. It will get interesting. Ultimately I expect technology will leap forward quite a bit as humans continue to decline in health and skill. We can continue to binge more Netflix, eat more junk food, spend more time indoors, and let AI do its best to prolong our rapid decline into poor health. At least the people who don't figure out we're being played by captured institutions looking out for corporate profit more than our actual health and well being. Not even a pessimistic view, just an honest view of what's actually happening as technology advances, life expectancy declines, fertility rates decline, and modern diseases get worse faster than medical technology can apply big pharma band-aids at taxpayer expense.

 

[HaninTH]

Is this any worse that SMART and sector relocation on spinners? This might even extend the service life of spinners and SSDs as they're able to detect issues that would affect device longevity long before the user detects it. That is not what this particular iteration appears to be set for, but it is not a far stretch to include them or change the priority of the scheme to focus on it.

"Intelligence" as a protection mechanism can and should be part and parcel of any device/system meant to be resilient and reliable. My question is, how does this fit in to the Scheduled Obsolesce that everything seems to be going through?

 

[NinoPino]

Yea thats what i want, ai in my ssd that can hallucinate a virus and delete my data, perfect.

You can say everything of IBM but not that their systems are unreliable. I bet with such systems you not loose a single bit.

 

[NinoPino]

Having survived a customers' ransomware attack with a 15-second command, I'm going to say just use version control? Nextcloud / 1Drive / Google / Alfresco have all supported it for years. "Oh no, everything has been encrypted" = clean the virus off the infected machine then roll all affected files (easily identifiable by date / time altered) back by one version. Sounds like a way to make SSD's more expensive so they do a job that's already under control elsewhere.

If you manage a huge amount of data for a consistent number of users, every downtime is a problem.
If you have to recover from a backup you must be sure to not recover the ransomware and recover the very last copy of all affected files.
Not very easy and for sure not fast.

 

[TheyCallMeContra]

You can say everything of IBM but not that their systems are unreliable. I bet with such systems you not loose a single bit.

yeah, there's a world of difference in technical skill, overall competence, likeability, and historical value between the likes of IBM and organizations like OpenAI, etc.

the modern PC landscape simply does not exist without IBM's contributions, and they've maintained their status as a reputable player (particularly in enterprise) in the decades since they stepped back from their own PC and OS-making.

meanwhile I'm pretty sure workers in any industry being impacted by the plight of generative AI stealing everyone's work without pay or attribution don't need me to tell them just how much better off we would be without people like OpenAI's Sam Altman, who wants gen AI to "replace the median human". nevermind that the entire point of artistic work is supposed to be that some actual human(s) created it to share their vision, or anything.

 

[digitalgriffin]

Having survived a customers' ransomware attack with a 15-second command, I'm going to say just use version control? Nextcloud / 1Drive / Google / Alfresco have all supported it for years. "Oh no, everything has been encrypted" = clean the virus off the infected machine then roll all affected files (easily identifiable by date / time altered) back by one version. Sounds like a way to make SSD's more expensive so they do a job that's already under control elsewhere.

BitDefender and Android, Windows Backup, One Drive, google one, etc... also have protected areas. You mark those areas as protected, and anything trying to overwrite the files there creates an auto archive of your previous files.

That said I'm worried this might affect utilities that wipe SSD's for security purposes. For example, I upload scans of all my tax paperwork + passport + drivers license + social security + checks to accounts (pages upon pages upon pages) then engage a random overwrite and delete (ie: Bit Defender Shredder or Heidi's Eraser). Would the drive pick that up as a false positive?

 

[Integr8d]

Yea thats what i want, ai in my ssd that can hallucinate a virus and delete my data, perfect.

If you think that’s cool, wait till it can start rewriting your data to make it more equitable and inclusive. Not that AI has been accused of doing that recently or anything.

 

[HaninTH]

BitDefender and Android, Windows Backup, One Drive, google one, etc... also have protected areas. You mark those areas as protected, and anything trying to overwrite the files there creates an auto archive of your previous files.

That said I'm worried this might affect utilities that wipe SSD's for security purposes. For example, I upload scans of all my tax paperwork + passport + drivers license + social security + checks to accounts (pages upon pages upon pages) then engage a random overwrite and delete (ie: Bit Defender Shredder or Heidi's Eraser). Would the drive pick that up as a false positive?

If you mean wiping the drive with an overwriting scheme, then possibly. But it would make sense that the AI would detect the source/trigger of the erase action and determine if it was user activated or automatic. Shouldn't be hard to get that issue worked out.

If you mean wiping the drive using hardware TCG SED systems, it just forgets the currently assigned password that it auto generates for the drive. All the data is practically irretrievable as it's encrypted with a key no one would know. The next time the hardware SED is reactivated, it will generate a new key, which is used to encrypt all new data put to the drive. This is not perfect, as some attacks have been shown to work, if the attacker has physical access to the drive. Which is why it should not be the only encryption used for securing data on a drive.

Just my $0.02.

 

[jeremyj_83]

Having survived a customers' ransomware attack with a 15-second command, I'm going to say just use version control? Nextcloud / 1Drive / Google / Alfresco have all supported it for years. "Oh no, everything has been encrypted" = clean the virus off the infected machine then roll all affected files (easily identifiable by date / time altered) back by one version. Sounds like a way to make SSD's more expensive so they do a job that's already under control elsewhere.

That could still affect your SLAs which can cost $thousands.

 

[bit_user]

There is no reason to expect this to "hallucinate a virus", particularly not with IBM's pedigree in mind.

I haven't heard of an AI classifier that truly has a false-positive rate of zero, on any population of sufficiently complex data that use of AI was really warranted in the first place.

What's even more worrisome is that it's trying to protect against a target that's not static. For instance, cyber criminals could buy some of these drives and use it to help train their malware to evade the drive's protection. In that case, relying on such a drive can provide a false sense of security, possibly convincing the user that more basic precautions aren't necessary.

 

[bit_user]

I'm going to say just use version control?

We do something like that. We have one server which backs up another. Each time rsync completes, a new snapshot is taken. Snapshots are atomic and light weight, so long as the differences between successive snapshots are small. The advantage is that if we discover data was corrupted only at a later date, we've still got old snapshots we can revert to, for part or all of the backup.

This is possible because the backup server uses a copy-on-write (CoW) filesystem. I wouldn't trust CoW to save your bacon if it's mounted on a machine that itself has become infected, since good malware could also attack your snapshots.

 

[hotaru251]

Previous generations of FCM are already capable of scanning all incoming data without impacting performance

i find it hard to believe active scanning doesn't impact performance at all..

 

[bit_user]

i find it hard to believe active scanning doesn't impact performance at all..

Maybe they have some dedicated hardware engine for it?

If not performance, then certainly energy-efficiency. Considering the impact of scanning should mostly be on writing, it might be a non-issue. I assume they're intending this to be used mostly for client machines, where workloads tend not to be very write-intensive.

 

[jeremyj_83]

Maybe they have some dedicated hardware engine for it?

If not performance, then certainly energy-efficiency. Considering the impact of scanning should mostly be on writing, it might be a non-issue. I assume they're intending this to be used mostly for client machines, where workloads tend not to be very write-intensive.

I think it would be more prudent to have it on the SAN side.