IBM's new Power11 server chips are focused on two things: AI and ransomware
The company says the new servers can detect ransomware attacks within a minute of their start.
It can be easy to forget that x86, Arm, and RISC-V aren't the only instruction set architectures on the planet. IBM today offered its periodic reminder that its Power ISA exists with the announcement of new Power11 hardware that, among other things, promises to help minimize disruptions related to attempted ransomware attacks.
"Power11 is designed to be the most resilient server in the history of the IBM Power platform, with 99.9999% of uptime," IBM said. "Together with zero planned downtime for system maintenance and less than one-minute guaranteed ransomware threat detection with IBM Power Cyber Vault, Power11 sets a new bar for business continuity, addressing both planned and cyber-incident-related downtime."
There is a caveat: IBM said in a footnote that "this guarantee covers only the displaying of an alert in less then one minute" and that "remediation is in the form of drive replacement up to the cost of the Covered Product." (The same "terms and conditions apply" disclaimer used by pretty much every company on Earth is also present.) It's up to IBM's customers to act on that alert before the ransomware attack continues.
But that doesn't mean they'll be left in the lurch. IBM said that its Power Cyber Vault feature also provides "protection against cyberattacks such as data corruption and encryption with proactive immutable snapshots that are automatically captured, stored, and tested on a custom-defined schedule."
This is a critical aspect of responding to ransomware attacks. There are times when ransomware is straight-up destructive, whether it's because the "ransom" aspect is simply cover for a nation-state's intentional sabotage or because the group deploying the ransomware unintentionally caused more damage than expected, but these attacks typically focus on denying an organization's access to critical information.
That means organizations can mitigate the potential impact of a ransomware attack by having reliable backups they can use to restore critical data without figuring out how to buy the cryptocurrency du jour and transfer it to whoever's extorting them. But establishing a reliable backup infrastructure is easier said than done--especially when it has to be set up in a way that doesn't allow the ransomware to affect the backups too.
Cyber Vault essentially lays the groundwork for a ransomware-resistant network. Notifying an organization of an ongoing attack within a minute is critical; Splunk said in 2022 that "the median ransomware variant can encrypt nearly 100,000 files totalling 53.93GB in forty two minutes and fifty-two seconds." New variants are probably even faster, so it's critical for defenders to be alerted to an attack as soon as possible.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
IBM said its new Power11 servers, including the E1180, E1150, S1124, and S1122, will be available starting July 25. Prices start at "if you need to ask, you can't afford it," and additional information is available via the company's website. More details about Cyber Vault can also be found in a pair of presentations (PDFs) from 2020 and 2025.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.
-
Marlin1975 Seems its more an updated Power10 than a new design. Still built on Samsungs 7nm and many other parts, of what's known, is similar.Reply
So still way behind everything else and IBM still not putting much money into it. -
bit_user Reply
Back when Intel bought McAfee, they made some announcements about it automatically detecting hackers/malware/etc. However, the problem with any sort of automated detection is that there will always be false positives. So, what you can actually do about it is quite limited, because you don't want to be randomly halting or killing programs that aren't true positives.FunSurfer said:Well its about time AI starts fighting ransomware.
As the article says, this is the true weakness in IBM's scheme. They state that it will detect ransomware, but then actually doing anything about it is left up to the operator. That means you basically need skilled 24/7 operations staff that are capable of assessing the threat and taking the appropriate action, or else the feature isn't so useful. Also, the false-positive rate needs to be exceedingly low, or else the feature will be likewise virtually unusable.
So, I'd put almost no stock in such a feature. At the very least, it needs to be independently tested, including deployment at scale.
What's more interesting is their data vaulting system. However, that's really just software and nothing fundamental to their CPUs. So, you could potentially use similar solutions from other vendors (or, for all I know, maybe even comparable open source solutions exist). -
DS426 Reply
Not really any good business reason for IBM to put much money into it. Whether the hardware is right there with the rest of the greatest and biggest players in the industry or not, customers aren't that concerned as stability is the biggest advantage of the platform. POWER and IBM i need to be reliable more than anything as many big financial institutions rely on it to just work. IBM specifically mentioned "guaranteed" six nines of uptime and inferred hot failovers on the mention of zero downtime for system maintenance. Not saying these specs aren't available outside of IBM, but the POWER platform is probably staying just good enough for customers to remain onboard as they're probably already running semi-custom or custom software, so switching to a new ISA is massive lift.Marlin1975 said:Seems its more an updated Power10 than a new design. Still built on Samsungs 7nm and many other parts, of what's known, is similar.
So still way behind everything else and IBM still not putting much money into it.
Very mature platform to say the least.
Our ERP provider had an IBM POWER architect at their business conference recently. Sounds like integrating Watson with POWER 11 and i 7.6 is one of their main headlines. Something branded like Watsonx.
You probably already know this but wanted to point this out as THN probably has a lot of younger readers that aren't very familiar with anything IBM besides knowing that IBM essentially established the PC. -
DS426 Reply
Even more dangerous is security solutions missing true positives. IBM -- like virtually any security software company around -- will make it sound like detections are practically guaranteed. No one has a 100% detection rate, otherwise we'd finally have the silver bullet.bit_user said:Back when Intel bought McAfee, they made some announcements about it automatically detecting hackers/malware/etc. However, the problem with any sort of automated detection is that there will always be false positives. So, what you can actually do about it is quite limited, because you don't want to be randomly halting or killing programs that aren't true positives.
As the article says, this is the true weakness in IBM's scheme. They state that it will detect ransomware, but then actually doing anything about it is left up to the operator. That means you basically need skilled 24/7 operations staff that are capable of assessing the threat and taking the appropriate action, or else the feature isn't so useful. Also, the false-positive rate needs to be exceedingly low, or else the feature will be likewise virtually unusable.
So, I'd put almost no stock in such a feature. At the very least, it needs to be independently tested, including deployment at scale.
What's more interesting is their data vaulting system. However, that's really just software and nothing fundamental to their CPUs. So, you could potentially use similar solutions from other vendors (or, for all I know, maybe even comparable open source solutions exist).
I also wouldn't put much stock in this feature. It might make for a nice-to-have feature that's iterated in as a new feature for this generation of POWER, but certainly not additional-cost module, add-on, or what have you.
Speaking of data vaulting, our ERP provider writes to LTO tape and keeps copies offsite, so yes, solid data backup strategies can and should already be in place; IBM is potentially just making hot and warm backups more robust, resulting in less downtime in the event of successful data encryption or destruction. Even so, yep, there are probably existing 3rd party solutions. -
DS426 ReplyCyber Vault essentially lays the groundwork for a ransomware-resistant network. Notifying an organization of an ongoing attack within a minute is critical; Splunk said in 2022 that "the median ransomware variant can encrypt nearly 100,000 files totalling 53.93GB in forty two minutes and fifty-two seconds." New variants are probably even faster, so it's critical for defenders to be alerted to an attack as soon as possible.
Yes, new variants are even faster, particularly when they utilize partial encryption. Then again, partial encryption is weaker as it's easier to reverse engineer and effectively generate new private keys to reverse the encryption. I don't know which is worse, but I'd probably prefer partial-encryption ransomware if I had a choice between the two.
Obviously storage performance will make a big difference on encryption speed.