How does Nutanix handle ransomware detection in air-gapped environments without internet connectivity?

Nutanix deploys DataLens on-premises within the same isolated VPC as protected workloads, enabling ransomware detection policies to monitor file shares and object storage for malicious activity entirely disconnected from the internet. When threats are detected, DataLens automatically blocks compromised user accounts and IP addresses, then triggers automated response playbooks via webhooks to Prism Central.

What makes the forensic investigation environment secure during incident response?

The bunker site uses dual isolation layers: Flow VPCs create completely isolated routing domains with only desired routes in and out, while Flow Network Security policies prevent even east-west traffic between forensic VMs. This ensures that cloned workloads used for investigation cannot communicate with production systems or each other, preventing any potential spread of compromise during analysis.

Air-Gapped Cyber Resilience Demo: NSA-Level Security

Name: Air-Gapped Cyber Resilience Demo: NSA-Level Security
Uploaded: 2026-05-08T19:18:59-04:00
Duration: 12 min 38 s
Description: Can your organization recover from a ransomware attack in minutes—without internet access? Live from Nutanix .NEXT 2025 in Washington, DC, this groundbreaking keynote demo simulates an air-gapped environment—modeled after scenarios like the NSA—to show...

Nutanix

05/08/2026

0 (0%)

Report Like Favorite

TL;DR

Nutanix demonstrates comprehensive air-gapped cyber resilience using VPCs, microsegmentation, and DataLens ransomware detection running entirely disconnected from the internet in NSA-style environments
Automated incident response triggers when DataLens detects malicious activity, executing playbooks that quarantine production systems and simultaneously recover forensic copies to isolated bunker sites using immutable MST snapshots
Security teams investigate attacks in completely isolated VPC environments with access to cloned workloads, network logs, and incident data to identify known-good recovery points
Full recovery from ransomware attacks completes in minutes rather than days, with all components—production, backup, and forensics—running on the same Nutanix hardware platform
The platform follows NIST cybersecurity framework principles with STIG-compliant infrastructure, nested security policies, and integration points for SIEM/SOAR tools via webhooks

Air-Gapped Security Architecture

This demonstration showcases how the Nutanix Cloud Platform addresses cyber resilience challenges in completely disconnected environments, such as those found in national security agencies. The platform implements multiple layers of protection starting with STIG-compliant infrastructure, extending through Flow Virtual Private Clouds (VPCs) for isolated routing domains, and incorporating Flow Network Security Next Generation for microsegmentation. The architecture enables organizations to nest security policies within VPCs, creating scalable protection that extends to both applications and storage. This layered approach addresses the fundamental challenge of protecting dark sites where traditional internet-connected security tools cannot operate.

Automated Ransomware Detection and Response

The platform demonstrates automated incident response through integration between DataLens ransomware detection and Prism Central orchestration. When malicious activity is detected on file shares, DataLens automatically blocks the compromised user account and IP address, then triggers a webhook to Prism Central. This initiates an automated playbook that quarantines the affected production environment and simultaneously recovers a forensic copy to an isolated bunker site using immutable object snapshots created with Multicloud Snapshot Technology (MST). The entire response workflow executes without manual intervention, reducing response time from days to minutes while maintaining complete isolation for forensic investigation.

Forensic Investigation and Recovery

The bunker site recovery creates a completely isolated environment protected by both VPC routing isolation and Flow Network Security policies that prevent even east-west traffic between VMs. Security teams can examine cloned workloads, review network security logs, and analyze DataLens incident data to identify the attack timeline and determine known-good recovery points. Once the investigation identifies compromised components, recovery proceeds through DataLens snapshot restoration for file shares and VM reversion to pre-attack states. The demonstration emphasizes that all components—production workloads, object storage, and forensic environments—can run on the same Nutanix hardware, eliminating the need for separate infrastructure for disaster recovery scenarios.

Chapters

0:00 - Introduction: Air-Gapped Security Challenges
1:16 - NIST Framework and Protection Layers
2:14 - Demo Environment Overview
2:55 - Infrastructure and Network Security
5:00 - Data Protection with MST and DataLens
6:27 - Ransomware Attack Simulation
7:12 - Automated Incident Response Playbook
8:14 - Forensic Investigation in Bunker Site
10:06 - Recovery and Restoration Process
11:32 - Recap: Comprehensive Cyber Resilience

Key Quotes

1:19 "Air gap makes everything harder because you're literally disconnected from the Internet. So you have to have all your solutions running disconnected on their own, right? ..."
4:17 "For us, a VPC is your apps, but can be your storage because everything is software. So we can extend the VPC to everything that we care about."
5:31 "MST, we announced last year for the cloud use cases, but can now run on-premises to a Nutanix objects cluster."
8:10 "The beauty of Nutanix, all of this could run on the same hardware that's running your objects cluster. That's very unique."
11:32 "This is very, very hard to do without Nutanix, if not impossible. People spend months planning these things with different products. And here you get almost out of the Box."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/