Evergreen//One: Cyber Resiliency SLA Report

Evergreen//One

Audience
Public
Product
Evergreen > Evergreen//One
Evergreen
Source Type
Documentation

How to Create the Report

Everpure in early 2024 announced an upgraded add-on for Evergreen//One subscription - Cyber Recovery and Resilience SLA. It is a paid add-on, and includes two SLAs. The Cyber Resilience SLA portion of the add-on provides periodic preventative measures to maximize the security and recover-ability of the customer service environment. Specifically, it includes:

  • Quarterly Cyber Resilience Reports: These in-depth Evergreen//One Cyber Resilience SLA Reports provide valuable insights and are reviewed with customers by Customer Success Managers (CSMs.)

    • Each report covers the performance of arrays licensed under the SLA, evaluated across 17 measures. Customers receive a detailed analysis of the current state, changes from the previous quarter, and remediation recommendations, equipping them with essential insights to strengthen their security posture and boost cyber resilience.

  • Remediation Services: Pure Security Architects offer tailored remediation services for any flagged concerns, giving customers a pathway to enhanced resilience.

Steps to Generate the Report

  1. Navigate to Pure1 Reports.

  2. Look for Evergreen//One Cyber Resilience SLA report, then select the blue Generate button on the right-hand side to download the report or have it sent by email.

  3. Once you click on Generate, you will be asked for your report delivery preference. Your two options are to download it, (this will download the report to your local computer), or it can be sent to you via email.

Note: The report information will be populated once a quarter. It will look the same on the 1st and the 30th of the month.

Sample Report

This is an example of the Evergreen//One Cyber Resilience SLA report:

How to Understand the Report

The report comprises of the following sections -

  1. Executive Summary -

    • This section gives an overview of overall security score, issues detected, and proposed next steps/resolutions.

  2. Current Status -

    • Gaps - Critical concerns and warnings

    • Tests that passed successfully

  3. Next Steps -

    • This section gives specific actions to be taken, to address the concerns and improve the score.

  4. Appendix -

    • This section enlists the endpoints that are covered under the Cyber Resilience SLA and those not covered.

  5. Changes from Last Quarter (From Jan 2025 onward)

    • This section would highlight the changes from the previous quarter. This is not currently available and would be available from Jan 2025 onward.

Assessments Covered in the Report

# Item Description
1 Data at Rest Encryption Disabled Data at Rest Encryption - Disabled: Indicates if encryption is not enabled for data stored at rest. Note that regional regulations may apply.
2 End-of-Life Purity Version in Use End-of-Life Purity Version in Use: Flags any appliances running unsupported versions of the Purity operating environment. End-of-life versions are a security risk as well as supportability risk.
3 Purity Optimizations Available Purity Optimizations Available: Shows if there are available optimizations for Purity. Purity optimizations are software patches recommended for good appliance health and improved security.
4 Remote Access Control Not Enabled Access Control - Remote (LDAP, SAML, AD): Checks if remote access control mechanisms are enabled and configured, such as LDAP, SAML, or AD. Using a centralized user identity management platform for authentication and access control is a recommended best practice to ensure traceability and observability.
5 NTP Server Not Enabled NTP Server - Configured and Synchronized: Verifies if the Network Time Protocol (NTP) server is configured and in sync. Using NTP for system clock synchronization is a recommended best practice for logging, troubleshooting, and security reasons.
6 Rapid Data Locking Not Enabled Rapid Data Locking (RDL) Enabled: Indicates if rapid data locking is enabled for enhanced security. Rapid Data Locking is a feature that provides an additional layer of data security by requiring a user-controllable cryptographic key to unlock and decrypt the flash modules when the appliance is powered on. Without access to this key, the flash modules are locked and data on the appliance cannot be read or written.
7 Default Password in Use Default Password in Use: Flags if the default user (pureuser) is configured to still use a well-known factory default password. Such passwords should be updated to a new password immediately for any existing or new appliance.
8 Public or Open Access to Buckets Public or Open Access to Buckets: Detects any buckets with open or public access permissions.
9 Remote Assist Activity Detected (> 8 hours) Remote Assist Activity Detected (> 8 hrs): Identifies any remote assist sessions open for more than 8 hours. Any such remote assist sessions should be reviewed.
10 Open Critical Alerts Detected Open Critical Alerts: Lists critical alerts that need immediate attention. Such alerts may signify a problem with the appliance
11 Optimizable Data Protection Policies Optimizable Data Protection Policies: Indicates if data protection policies and features such as snapshots, SafeMode and replication are not configured according to the best practices recommended by Everpure. Click the arrow link icon to check the Data Protection Assessment, review and, to enhance the overall cyber resiliency, improve your data protection.
12 DRR Anomalies Detected DRR Anomaly: A significant drop in Data Reduction Ratio (DRR) is detected.
13 Latency Write Anomalies Detected Latency Write Anomaly: Anomalies in write latency are identified when the total write latency, which includes SAN, service, and queue latency, shows significant deviations from historical data.
14 Latency Read Anomalies Detected Latency Read Anomaly: Anomalies in read latency are detected when the total read latency, which includes SAN, service, and queue latency, significantly deviates from historical norms.
15 Object Count Volume Anomalies Detected Object Count Volume Anomaly: An anomaly is flagged when there is a drop in the number of volumes.
16 Snapshot Object Count Anomalies Detected Snapshot Count Anomaly: An anomaly is detected when there is a significant drop in the number of snapshots.
17 Appliance Not Phoning Home When an appliance is not phoning home, it means that the device is not able to upload logs, diagnostics, or other telemetry data.