International Business Machines Corporation (IBM) Earnings Call Transcript & Summary

Hi, everyone. Good morning, and good afternoon. Thanks for joining with us today for today's IBM tech company webinar. I am Peter from IBM [indiscernible] storage marketing team. Today, we will discuss the very, very important topic that is more cyber resilience in store with IBM Storage. And how to discover certain threats before they happen? Yes, how to build data storage environment that can involve and scale retail business to the ever-changing ransomware threat landscape is very, very important. And your customer questioning the safety of their data that is related to your data storage can have a huge impact on your business. So how to use AI, how to use the changing machine learning models to detect threats just before they happen is crucial not only to very crucial for protecting your data and also your business. So today, we are so happy to invite [indiscernible] expert, Tan Long Siau as our speaker and Tan Long today will address on 3 key points. The first is how IBM storage can deliver ransomware threat detection by using IBM technology; and the second, how to protect, how to discover and how to recover from ransomware threat faster by using AI and machine learning model. And finally, Tan Long will share their more use cases and some offering for you to take away. Of course, there will be a Q&A session at the end of the event. So please feel free to poll your question in the chat panel, later we'll answer for you. So now without further ado, let's welcome our speaker, Tan Long Siau. Hey, Tang Long hand over to you.

Thanks, Peter. Thanks. So good afternoon, everyone. This is Tan Long here. I'm the STS technical specialist covering the ASEANZK regions. I'm going to give you a brief overview of what is IBM Storage Defender, and how we can work with the flash systems in a very comprehensive manner to help. So why is data resilience so important? So in the past, when we back up our applications, we are more concerned about the performance of the backup, how fast we can back up 10 servers, 100 VMs, 100 VMs database, backing up the [ DDRBLOCK ] things like that. We don't really care how fast we can restore the applications from our backup as most of the time, we'll be doing file level restorations, right, or even the directory of files, a single VM or single machine restoration. But today, cyberattack is becoming very common. So the frequency of cyberattack is increasing 2x in 2022 and 2.5x in 2023. We hear news about companies being attacked, data being compromised every day. Almost 50% of these cyber attacks are ransomware based. So companies -- if the companies don't have a data resilience strategy, so you can typically take up to 23 days for them to recover. Some may be saying that I might also pay the ransom when I hit right? Well, we've got to think twice, only 50% of affected customers could actually recover their data, so 85% could not, okay. So this is based on statistics. And most of these threats are not detected by our security tools as ransomware could actually stay [ down ] attacking us or the organization sometimes later when we are least prepared. So impact of ransomware can be massive, affecting many servers at the same time. And research has shown that companies that have not -- have implemented a data resilience solutions could actually help them to identify and contain the bridge up to 108 days faster. So let's take a look at the business impact of cyberattacks. So base -- again, based on statistics, the average annual cost of cyberattack is about $5 million, and this will definitely increase the overall cost to the business in the long run, right? It's a very basic principle when the cost of running a business increase, it's very natural that the business will pass the increase in the cost to the consumer, their products or their services, right? So what if we choose not to do anything, right? This is even worse. For example, in Europe, the cost to do nothing is even more. So we are seeing regulations such as the DORA [indiscernible] actually being proposed. In fact, some of them are going to be implemented or endorsed in the following years. So these regulations actually requires companies to prove that they can withstand a cyberattack. So if they fail to do so, criminal penalties will be imposed on the management. You can define up to $10 million or 5% of their annual revenue. And Trustee Savings Bank is one of the first that has been recorded to be able to fined $48 million for failing to comply to these regulations. Many vendors try to combine force to provide a total data resilience solutions, but none can meet the 100% coverage like us. Now to build a data resilience solutions, there are 5 key capabilities that we have identified. So these capacities can be implemented in any order. So first, we need to have a foundational security and data protection. So this would typically be using our existing endpoint security tools or backup software that we have. After we have back up, we need to make sure that it can be locked so that's -- to prevent any unauthorized users or program to delete our back up, right? And next, we also need to have the capabilities to find out when we are attacked as soon as possible, it can be using malware scanner to scan our backup or detecting a major change in the data pattern. So in the event that we are attacked -- when we are attacked, we should have the capabilities to recover our business as fast as possible. So the fastest recovery is, of course, from using our snapshots in our storage array as the fastest storage that is available. This is expensive. We can't back up everything in our storage array. Therefore, we need to define what is our minimum data company. So a minimum data companies to, for example, to an online web store, it means their web servers, their application servers and their database that is supporting these applications, okay? And all these capabilities need to be coordinated and automated in a simplified manner. So we need to have some form of orchestration. You do not want to be logging on to multiple dashboard in the event when you're trying to do a recovery and all that, right? And all these capabilities can be provided in IBM Storage Defender. So together, we work together with your existing cybersecurity tools to meet your comprehensive solutions. So what is IBM Storage Defender. IBM Storage Defender is a very comprehensive data resilience solutions that actually helps to orchestrate the resilience capabilities across your primary storage, your backup environment, your recovery environment. So the idea is that we're going to bring all of them together in an automated fashion so that we can recover fast. So besides the 5 key capabilities that we talk about, we do have some additional optional capabilities that is listed over here. I'm not going to go through all of them. So because we do not have to use all of them, customers can actually pick and choose which one they need and they can actually change when they need it, okay, so flexible, no licenses. Now here, we're going to show you how IBM hardware and software can actually work together to provide the complete of data resilience solutions. So 2 IBM products, our storage [indiscernible] systems and the Storage Defender, okay, providing 5 capabilities starting from active trap detection. We have our in-line data corruption detection that is available in our FlashCore Modules for today. We can take a secure copy of the data using our safeguarded copy and fast recovery from safeguarded copy. And of course, with Defender clean room, we can actually restore snapshots or back up into an isolated clean room to check for dormant track slowly, okay? And as for Storage Defender, we do have defender sensors, we shall talk more about it in the subsequent slides that helps to detect ransomware at the file system level, and we can also take secure copy using our defender data protect where we can actually make it immutable as well -- as well as a recovery or fast recovery. We have our instant result. Then we have -- now here is architectural overview of IBM Storage Defender. So once you have logged into IBM Storage Defender, we have 2 key modules in Defender. We have the DRS, the Data Resiliency Service and the DMS or the data management service. The DMS is where you can actually connect multiple instances of storage protect servers or your data protect servers to this dashboard. So this will be your control play. It actually helps to control all instances. You can define policies everything from this dashboard. As for the DRS or data resiliency service, this is where we can actually do the recovery orchestrations as well as to deploy the sensors. So as you know, it's not practical to actually do a full malware scanning on a live system. So this is where DRS can help. The control plane again is in the cloud, the DRS control plane. At the bottom you can see we have connection management. So this is where we actually deploy virtual appliance in customers' existing environments, they can help to do deployment of the sensors, to do the orchestrations and all that. So let's talk about the defender sensors. This is -- for example, if you have like a VMware firm, you have lots of VM, you do not have to deploy the sensors in all the VMs, thus you need to define your recovery group. So one is the recovery group. It basically means that you want -- you are trying to create a logical grouping, okay? For example, you have the web stores that I talk about, you have like 3 web servers, so you may want to put that as a recovery group. So from there, you can choose whether you want to deploy the defender sensors. So in this particular case, we're going to deploy the sensors. And the sensors is going to do a near real-time scanning, okay, using a 3 layer analysis with encryption detection, machine learning based pattern recognition and positive reductions. So it's going to send the data to DRS module, okay, to an updated trust index. So with the trust index, we will increase the numbers, okay, when everything is okay, okay, give us something drop when things go bad, okay? There's a [ heart beat ] that will actually send to the DRS module most every 30 seconds, okay? So just for example, if 2 of them has been affected, 2 VMs has been affected or corrupted, it will start to feedback in the next 30 seconds. So it basically adds an additional layer of detection. So it's actually an agent-based installation as a host, okay? We applied our IBM patented and trade secret techniques rectifying corruption layer that is extremely fast, low overheats, okay? Key differentiators listed over here. I think the most important thing is that we are the first in the market. We can do detections in minutes instead of hours as compared to other typical ransomware scanners that is available in the marketplace. So a quick recap of the recency workflow in DRS. First, we define the recovery groups, okay, in terms of selecting the VMs, putting them in the group, we set the protection level, okay, how often will we take snapshots whether we want to enable real-time scanning, which basically means to deploy the defender sensors. How often we are going to do backup. And then how often we want to test the backup so we can set a schedule to say that every day, we're going to restore the back up into the clean room and do a full malware scanning in the clean room, okay? So we have the status update and everything will be orchestrated in the DRS module. On the next module, we're going to talk about the Defender Data Protect. So this basically our backup offering, okay? We support basically all types of systems. As you can see from here, many systems that we support from database, hypervisors, your applications and even NAS or even Hadoop trust us, okay? We do have 2 backup software in our offering. We have our traditional storage protect or TSM. So this is actually extremely good for traditional workload. And for the newer workload, the hypervisors, the VMware, the Hyper-V type of workload will be leading the data protect, okay? They do have some shared capabilities, okay? So we can see that the shared capabilities are listed in the center. Okay. For example, if you want to back up Microsoft SQL servers, you have the options to use either Defender Data Protect or Storage Protect, okay, as well as the Oracle database and others. So Defender Data Protect is our key backup offering for virtual machines, okay? It's actually a Gartner Magic Quadrant leader that's in-class for backup. This solution is actually built from ground up specific to have fast recovery. So back up is likely the [ after thoughts ] of this. So data protect is actually built from the ground up and you can -- immutable backup. So in each policy, you can actually enable the immutable features very easily, okay? It has industry leading de-duplication and compression. So it will help to deliver significant lower TCO. I'm going to start by talking about a POC case study for our customer in the financial sector. So using their existing backup software, it will take about 4 weeks for them to actually recover 1,000 VMs, okay? So they set a goal. They wanted to recover a thousands of VMs in 24 hours, okay? They open up a tender, several vendors actually participated in this. So we actually managed to show them that we are able to recover 2,200 VMs, okay, in 47 minutes using our Instant Messaging Restore feature at no cost. There will be a background process that actually do the complete the rest of the data transfers and that completes in about 4 hours only. So this is an overview part of our Data Protect in term of the architecture-wise. Defender Data Protect is different from traditional backup software. Traditional backup software will use a multilayer architectures, whereby you have like a master node, some data movers, a dedicated storage systems for that or even multiple storage systems. Data protect is actually a hyperconverged infrastructure, okay? It's -- you can think of it where -- think of it as a scale-out systems. We were building NAS in it. And of course, the backup software is embedded, okay. It's easy to scale up once you have form a cluster of all, you can easily add nodes to increase the performance of the backup as well as to add additional capacity. It is incremental, however, it features deduplication, [indiscernible] and friction and compression, all these typical standards in our modern backup software. It's policy-based backup. We do have reporting as well. So in fact, later on, I will show you a big demo of how this works. So you can use this to protect different workloads, DMs, DBs, NAS and all that. So once it's in backup in our Data Protect, you can choose to replicate it to a DR site with [indiscernible] DP clusters or you can choose to archive the backup data into a compatible S3 storage, NFS or [indiscernible]. We have various deployment options for Data Protect. You can deploy owner's physical servers on-premise. You can deploy it in the cloud. In fact, all the major popular public clouds are supported. This is a virtual or robot deployment options where you basically just deploy it. But typically, we do recommend that you do not keep the data in a virtual or a global deployment. So the easiest way to start off is to use our IBM Storage Ready Nodes or IBM Storage Defender. So these are nodes that we have tested and has been sized properly, so you can actually just pick the different capacity models for your workload, okay? It's easy for you in terms of just to have a single vendor to call for both the hardware and the software. We can do instant recovery, instant recovery from any backup snapshots. In fact, when we do back up e-records is full or an incremental backup, we actually keep the fully hybrid snapshots inside Data Protect, okay? So the savings that we get is because in the power system itself, we do have the deduplication and compression built in. So we get the savings from there. In the event of a recovery of VMs, all we need to do is just to present an NFS mount point to the center has created new data sources. So the VMs could be powered up almost instantly from there. And then, of course, at the back end, we can do a storage Vmotion, leveraging the hypervisors capabilities to do a back-end transfers of data. We can do cloud tiering, so to keep the data protect cluster small. You can tier the data to the cloud because we do cloud. We also do proper hiding where you actually need to have a local copy over here as well as another copy in the cloud. So the cloud equip means an S3 compatible storage of your existing NFS server. There's also another options for cloud archive direct. So this is a very special use case. Just imagine that if you are using Data Protect to back up a NAS, to back up Hadoop cluster, which is extremely huge. We do not want to keep the backup in Data Protect, you want to copy everything to S3 so you can use these options. So local data will not be kept in software data protect clusters, only the index and metadata will be stored in Data Protect. And we also have ransomware detection. So this is actually the DMS dashboard. So at one glance, you can see which are the instance have actually reported ransomware, okay. So we do have -- we do understand that safeguarded copies good, but then how do you keep it for long term. So this is where Data Protect can help. We can actually do a backup of the safeguarded copies storage in data product clusters for long-term retention. We have safe integrations. So if you wish to [indiscernible] data today, you can just prepare an instance of storage protect servers and connect your tape library to your storage protect servers and [indiscernible] API, we can actually archive the data today directly from DP. Our Data Protect supports rolling software upgrades across the clusters. So we will do a node by node upgrade. And because we have obvious mechanisms, we can also use this for upgrade refresh easily, okay. We do support auto healing and rebalancing as in the case of a typical MAS architecture. So in the event that if one node is down, you will start to reprotect and none of that will happen. Now let's take a look at the demo. So this is our Storage Defender dashboard. Once I have logged in, I will be able to see all my DP instance and storage protect instance. If you have provided the location information, we will actually present it in the map. So over here, I can see my -- the instances that I have and DP, Data Protect clusters, my storage protect clusters. I can also look at the cloud utilization, how much I have utilized over here. We can look at the trend. We can even look at the reports, protection activity reports. So these are dynamic reports. You can see that we can download the copy in PDF, Excel or CSD for further processing. I'm going to download, I'm going to generate a PDF copy and download it. I can even schedule this reporting. I can zoom in, these are interactive reports, I can choose the period. And of course, I can also click. For example, these are the problematic backup activities. I can zoom into that just by clicking and then look at the list of our events that's happened. And I can even zoom in further and take action. We can also take a look at the storage consumption by the systems. Okay. The report has been generated. So this is a PDF file. You can see that everything is very similar to what you see in the web dashboard. Storage consumption by systems. I can look at the entire or the cluster view. I can even zoom in to a particular clusters. This is a summary view. This is a data protection view, the various jobs, All these are interactive. I can click and check the status of this particular job. So this is the one that has a problem. I can actually zoom in to this particular job and check out the error message from here. A quick view of the architecture. I have S3 linked to this instance. This is the data protection view. So over here, you can see the SOA, so if you are missing the backup, it will turn red or it will change the color. If you do replicate it to another site, you will see that it's reflected in the icon over here. So these are Microsoft SQL servers back up. I can look at the settings, to look at the policies in a daily backup, some retry operations, the log back up, things like that or the consumption for this particular data base. The trend I can even trigger back up directly from the dashboard over here. Of course this is not what typically we'll be doing, but just as part of the demonstration. We can just kickstart one back here. Our FlashSystem's backup -- there is backup targets that we support. So you can see that I do have FlashSystem backup configured to one particular volume in FlashSystem that are configured to do backup. I can look at the consumption and trends and other. Currently it is connected to the FlashSystem using the [indiscernible] protocol. We do support our FC as well. So we can do a recovery as well. So in terms of we're going to do a quick demo of [indiscernible] So for example, I want to recover particular files, I can just key in the name of the files and do a search. I can choose to download it over here or I can choose to restore it directly into the machine. It's a quick file recovery. I know that's one of the most common things that we use. So in term of VMs, we can select the VMs and we want to recover, [indiscernible] group to VMS,so in this particular case, I can actually select a particular group of VMs, VM backup. So we have 112 VMs in this particular group. I can choose to recover the original location to do an instant recovery or copy recovery. I have just triggered an instant mass recovery of VMs is recovering 112 VMs on the fly. So you can see that at this moment, Data Protect, all it's doing is that it's just presenting the NFS mount point to ESX servers. And that's going to take a while to initialize while waiting for that, I'm going to just show you the rest of the issues that we have. We can do a test and development result, a clone of the settings. This is a 14 node data protection cluster capacity predictions, so this is the ED utilizations to kind of like give you a hint of when you need to start to add additional nodes or capacity into the cluster. The various backup policies. The sauce VMware, FlashSystem, Oracle DB. Okay. Now back to the instant mass recovery, the 112 VMs that we are [indiscernible] the restoration over here. So you can see that there are actually 2 columns. One is the instant mass recovery. We can see that it has started the recovery activities. So on the right-hand side, you can see the percentage status. So you can see that we have 112 VMs, the instant recovery status and the data store migration status. So in a few minutes time, you will see that the instant recovery status will be completed for the 112 VMs. Then at the back end, it's going to do a data store migration using the V motion. And when the instant recovery is completed, it basically means that the user can start to power up the VM, you can open up and run your applications directly from the data protect cluster. You can see that instant recovery is completed of many of the VMs. Even more completed now. So once the instant recovery phase has been completed, you will start to do the data migration. 12%. Just bear with me for a while because this video is not edited, okay? It's the exact coming that we're observing. 13%. No, I think we should have completed the first phase, instant recovery by now. Okay I can see that migration job has started. In case you're wondering why not all of them are doing the migration at the same time because there's actually limits in ESX server, so actually do a certain number of Vmotion at a time. Okay. I think we have demonstrated instant recovery, so I'm going to stop this recovery at this moment because once instant recovery is completed, we can actually power up and do our testing, okay? With that, we have come to the end of the demo. We do have a few design patterns that we would like to share. So this is a very typical deployment pattern where we have data protect clusters deploy on-premise, protecting various different workloads, managing and using the DNS service that is in the cloud. And of course, to keep the clusters lean, we can hide of the long-term data into a cloud or any compatible S3 or NFS storage. Another typical design patterns for 2-site deployment. We can actually configure the app with data project clusters where we can actually replicate selected data based on your requirement to a DR site. And of course, in case you do not want to upload your data to a public S3, you can actually leverage the S3 capabilities or even take capabilities in storage protect servers. It just set up an instance of storage protect servers and you can actually [indiscernible] some data today. This is a summary chart to summarize the key features in Data Protect. This is for your reference. Okay. This is the last part of my presentation. So I'm going to show you how a typical storage defender workflow would look like when we put everything together. So this is the last [indiscernible] how a coordinated data resilience solutions could actually address all your needs. So we do have the primary workloads, the secondary workloads defined. We can actually -- of course, we have our first layer of resiliencies, which is leveraging the existing foundational security and the data protection features that you have. Then in terms of immutability, we can actually take secure immutable copies or safeguarded copies if you're using our FlashSystem for short-term data retention and for rapid recovery as well. For the secondary workloads, we can be leveraging our data protect or storage protect servers to back up and storage or archive it to S3 or tape for long term. And we also have the isolated or the clean room okay? So this could be on-premise on the cloud depending on customer's requirements, okay, where we can do the augmented testing with our DRS services. So in terms of discovery, we have early track detection at every single layer of the technology, of the infrastructure stack, starting from the VMs at a file system level, we have Defender sensors that will do the ransomware detection for you. We have real time anomaly detection, which is leveraging our FlashCore Modules as well as anomaly scans in the FlashSystem. Anomaly scans or ransomware detection in data protect and storage protect clusters. Now in the -- and of course, we can do the automated scanning of the backup data using our DRS, leveraging your existing malware scanners in the clean room. And data recovery, in the event that if your are attacked, you can actually do a recovery, a final recovery of the data because at this point in time, through the DRS, you would know that which copy is actually a clean copy because you will do update the malware scanners on a periodic basis. So subsequent scanning, will detect even more malwares. So can you do a final check by recovering into your clean room. For final test and check make sure that everything is okay before you actually restore that to the production environment for a safe recovery. Now all these will be complex and tedious task. So we need to automate it using storage defender for you. Plus storage defender also integrate with your existing security operations center so that you can have a single dashboard in term of data securities from the storage perspective. So Defender will be your single data resilience solutions from a storage perspective for early threat detection, safe recovery as well as integration with your existing security operation center. And we aim to be on your unified management for data resiliency across all storage as well as for all the workloads that we have. That come to the end of the presentation. I do encourage you to register for our cyber resiliency assessment workshop, You can scan this QR code and find out more about our FlashSystem as well as our Storage Defender.

Yes. Thank you, Thank you, Tan Long. Actually, okay, yes, I encourage you to scan the QR code so there you can get it. It's not cost, free. Let's start receiving assessment for your organization. So Tan Long, we do have a couple of questions in the chat panel. And the first question is, we operate in hybrid car architecture. Do you support the cyber resilience capability on-premise in public accounts, for example, we have [indiscernible] public cloud, et cetera? So please answer.

So as I have shown earlier, our data-protect cluster could be deployed in the public cloud. In fact, all the major public cloud, AWS, Azure and Google, we do support that. So it's a hybrid architectures. And in fact, the storage Defender dashboard itself is residing in a public cloud, in [indiscernible] IBM cloud.

Okay. And another question is from customers. Talking about because you just mentioned your storage solution, including cloud and also software. So the question is, can IBM data resilience can support for other storage brand, for example, EMD, [indiscernible] or HP, something like that?

Yes. Yes, of course, through our storage virtualized software, we can give virtualized third-party storage systems. In fact, we do support about 500 third-party storage arrays. So once we have virtualized them our -- we can -- the third-party storage array will be able to leverage the features and functionalities in our storage FlashSystem.

Okay. Great. That's nice. Okay. The other question comes from a customer is talking about, you just mentioned about we can support for a more workload. Can you elaborate more about that? What kind of workload that IBM storage can support from the data resilience capability, okay?

Yes. We do support VMware, okay, Hyper-V, and of course, all the major popular database like Microsoft SQL servers, Oracle, and if you have containers, the latest thing in town, we are running OpenShift, we do have support for backing up containers in OpenShift as well.

Okay. That's great. So almost all the popular workloads, I'm [indiscernible] the probably get support. So I think that's a good solution for us to further study. So all right. Okay. So is there any other question. All right. Okay. Okay. Thanks. So everyone who joined with us today to spend almost 43 minutes with us. So I think later, we will send to you, Thank You letter, and in Thank You letter, you can see the replay of the webinar and also if you are interested for Tan Long's presentation that, of course, you can see the downloading from the Thank You email. So thank you, everybody, for joining with us today, and have a good day. Thank you.

Thank you.

Bye-bye. See you soon.

Bye.