Air-Gapped Security Architecture
This demonstration showcases how the Nutanix Cloud Platform addresses cyber resilience challenges in completely disconnected environments, such as those found in national security agencies. The platform implements multiple layers of protection starting with STIG-compliant infrastructure, extending through Flow Virtual Private Clouds (VPCs) for isolated routing domains, and incorporating Flow Network Security Next Generation for microsegmentation. The architecture enables organizations to nest security policies within VPCs, creating scalable protection that extends to both applications and storage. This layered approach addresses the fundamental challenge of protecting dark sites where traditional internet-connected security tools cannot operate.
Automated Ransomware Detection and Response
The platform demonstrates automated incident response through integration between DataLens ransomware detection and Prism Central orchestration. When malicious activity is detected on file shares, DataLens automatically blocks the compromised user account and IP address, then triggers a webhook to Prism Central. This initiates an automated playbook that quarantines the affected production environment and simultaneously recovers a forensic copy to an isolated bunker site using immutable object snapshots created with Multicloud Snapshot Technology (MST). The entire response workflow executes without manual intervention, reducing response time from days to minutes while maintaining complete isolation for forensic investigation.
Forensic Investigation and Recovery
The bunker site recovery creates a completely isolated environment protected by both VPC routing isolation and Flow Network Security policies that prevent even east-west traffic between VMs. Security teams can examine cloned workloads, review network security logs, and analyze DataLens incident data to identify the attack timeline and determine known-good recovery points. Once the investigation identifies compromised components, recovery proceeds through DataLens snapshot restoration for file shares and VM reversion to pre-attack states. The demonstration emphasizes that all components—production workloads, object storage, and forensic environments—can run on the same Nutanix hardware, eliminating the need for separate infrastructure for disaster recovery scenarios.
