Enhancing Data Analysis and Anomaly Detection with Zerto's API and Grafana Integration

This video is part of the appearance, “Zerto Presents at Cloud Field Day 17“. It was recorded as part of Cloud Field Day 17 at 8:00-9:30 on June 1, 2023.

Watch on YouTube
Watch on Vimeo

Zerto leverages Grafana to visually represent data extracted through its API, allowing for the analysis of various metrics. The API provides valuable insights into logical blocks, encrypted and unencrypted data, enabling the identification of trends and anomalies. By examining SCSI blocks, Zerto’s algorithms can detect abnormal levels of compression and encryption, alerting users to potential issues like increased encrypted traffic. Notably, Zerto prioritizes real-time analysis over data storage, ensuring efficient processing. The 10.0 API further expands data availability, providing statistics at the volume, VM, and VPG levels. While Zerto currently recognizes all SCSI traffic as encrypted if the volume is encrypted, efforts are being made to differentiate between normal and malicious encryption. Zerto’s dedicated team continuously improves machine learning algorithms, keeping pace with security standards and advancements made by VMware.

Justin Paul discusses the capabilities of Grafana and the data obtained from Zerto’s API. By utilizing the API data, it is possible to rebuild Zerto analytics and visualize it through graphs. The data includes the total number of logical blocks, encrypted data, unencrypted logical blocks, and their combined total. Anomalies in encrypted traffic can be identified, even for applications not intended to be encrypted. However, systems using specific encryption methods like Linux file systems or Windows BitLocker may not show anomalies as they are already encrypted. Zerto’s algorithms analyze the data at the block layer to detect compression or encryption, with plans to refine and improve the algorithms over time. The data is not stored for long, as Zerto aims to retrieve data quickly and not hold onto it due to high data rates. The analyzed stats are sent to ZVM, which triggers alerts and tag checkpoints when sufficient evidence of a security issue is found. Zerto aims to be one layer of security among others and provide real-time alerts without the need for analyzing previous backups. The newer 10.0 API provides additional statistics at the volume, VM, and VPG levels. The discussion also touches on the potential differentiation between normal and malicious encryption and Zerto’s commitment to improving its algorithms and keeping up with security standards.

Personnel: Justin Paul

Event Calendar

Latest Links

Modernizing Aging Legacy Systems Without Cost Creep With AMD

TFDx With AMD: More Than Just a Bag of Chips! (Part2)

Rout Intruders With All New VMware NSX+ Network Detection and Response Service

VMware Explore 2023

Adopting a Standard Operating Format in Multi-Cloud With VMware NSX+

Recent Videos

Meeting the Demands of the Modern Datacenter with AMD

Solidigm Introduces D7-P5810 a New Ultra-Fast SSD

Trends in Storage and Data - New Directions for SNIA

AMD Discusses Rack Cooling at Tech Field Day Extra at VMware Explore

Best of Tech Field Day

Veeam Snapshot Hunter

802.11ac: The next generation of Wi-Fi with Mark Denny at Wireless Field Day 3

Cisco 5 - Network Troubleshooting with Wireshark and Mediatrace with Nikhil Sharma

Why do we have Wi-Fi controllers in the enterprise? Airespace co-founder Bob O'Hara explains at WFD1

Enhancing Data Analysis and Anomaly Detection with Zerto’s API and Grafana Integration