Home > Storage > PowerMax and VMAX > Mainframe > Dell PowerMax and DLm: Cyber Security for Mainframe Storage > CloudIQ
Dell CloudIQ combines proactive monitoring, machine learning, and predictive analytics to identify risks and anomalies in the storage environment so customers can take quick action to remediate identified issues. CloudIQ has a Cybersecurity component that provides proactive notifications to customers in the event of an infrastructure security risk. CloudIQ simplifies operations of your on-premises infrastructure and data protection in the cloud.
The Cybersecurity feature in CloudIQ constantly compares the configuration of the PowerMax array to a set of customer-selected security-related evaluation tests. Upon identifying a deviation, CloudIQ proactively notifies customers of the violation and provides remediation steps to correct the issue.
Based on NIST 800-53 R5 standards and Dell Technologies best practices, Cybersecurity in CloudIQ quickly and automatically ensures that the configuration of the storage infrastructure is secure. The Security Advisories section of the Cybersecurity feature provides users with relevant Dell and VMware Security Advisories. Users quickly see a summary of vulnerabilities specific to their systems and code levels along with links to remediation details.
CloudIQ extends its monitoring capabilities to raise customer awareness for potential cyberattack. If you have a PowerMax with Unisphere and have enabled CloudIQ, Anomaly Detection in CloudIQ will begin focusing on Data Entropy, whereas CloudIQ scans for dataset reducibility. Changes in dataset reducibility might indicate a cyberattack.
While PowerMax reduces data, a learning phase occurs within CloudIQ to understand the reducible data within a Storage Group. Once the learning phase is completed, CloudIQ collects and calculates the amount of reducible data written in 5-minute intervals. If the reducible data decreases between 5-minute intervals, a determination is made that more data may be encrypted. This behavior raises an alert so that the customer can investigate. Upon investigation, if the customer deems the reducible data decrease is not a cyber event and that it is acceptable, the customer can acknowledge the CloudIQ alert. Acknowledging the alert creates a new reducible data decrease baseline for the Storage Group in which CloudIQ will trigger off that new value.
For more information about CloudIQ, see the following white paper: Dell CloudIQ: A Detailed Review.