| CPC G06F 21/554 (2013.01) [G06F 21/56 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A method for use in a storage system, comprising:
detecting a first event, the first event being a cyber threat (CT) event, the first event being generated, at least in part, by using security software that is executed in the storage system;
in response to the first event, identifying a secure snapshot of the storage system and performing a first modification of a first retention period of a protection policy that controls an ability to automatically delete the secure snapshot, the first modification being performed by causing the first retention period to have an indefinite duration, the first retention period being a period for whose duration the secure snapshot is prohibited from being deleted by nodes in the storage system;
detecting a second event, the second event being detected after the first modification is performed; and
performing a second modification of the first retention period in response to the second event, wherein performing the second modification includes causing the first retention period to have a definite duration,
wherein the secure snapshot is further associated with a retention lock that also controls the ability to delete the secure snapshot such that the secure snapshot is permitted to be deleted by nodes in the storage system only when the retention lock is released, the retention lock being associated with a second retention period, the second retention period being a period for whose duration the retention lock is prohibited from being released by nodes in the storage system, the second retention period having a fixed maximum duration,
wherein the protection policy is part of a first mechanism for preventing the snapshot from being deleted, and the retention lock is part of a second mechanism for preventing the secure snapshot from being deleted, the first mechanism being provided concurrently with the second mechanism in the storage system.
|