Accelerate with ATG Webinar: Quantum-Safe SAN Security: Future-Proofing Your IBM Storage Networks with Brocade Gen 7 Security PDF Free Download
1 / 49
/49
100%
© Copyright IBM Corp oration 2025
Accelerate with ATG Webinar:
Quantum-Safe SAN Security: Future-Proofing Your IBM Storage
Networks with Brocade Gen 7 Security
Speakers:
Tim Werts Marketing Manager Brocade Storage Networking, Broadcom
Marcus Thordal Product Management Brocade Storage Networking, Broadcom
Craig Nelson Global Sales Executive Brocade Storage Networking, Broadcom
© Copyright IBM Corp oration 2025
2025 Upcoming Webinars – Register Here!
What's New in IBM Fusion 2.10! - July 10th, 2025
IBM Storage Ceph Deep Dive for NVMe over Fabrics - July 17th, 2025
Content Aware Storage (CAS) with IBM Fusion - July 22nd, 2025
Important Links to Bookmark:
Accelerate with ATG - Click here to access the Accelerate with ATG webinar schedule for 2025, view presentation materials,
and watch past replays dating back two years. https://ibm.biz/BdSUFN
ATG MediaCenter Channel - This channel offers a wealth of additional videos covering a wide range of storage topics, including
IBM Flash, DS8, Tape, Ceph, Fusion, Cyber Resiliency, Cloud Object Storage, and more. https://ibm.biz/BdfEgQ
Accelerate with ATG Technical Webinar Series
Advanced Technology Group experts cover a variety of technical topics.
Audience: Clients who have or are considering acquiring IBM Storage solutions. Business Partners and IBMers are also welcome.
To automatically receive announcements of upcoming Accelerate with ATG webinars - Clients, Business Partners and IBMers are welcome
to send an email request to accelerate-join@hursley.ibm.com.
2
© Copyright IBM Corp oration 2025
➢IBM Storage Scale and Storage Scale System GUI
➢IBM Storage Virtualize Test Drive
➢IBM DS8900F Storage Management Test Drive
➢Managing Copy Services on the DS8000 Using IBM Copy Services
Manager Test Drive
➢IBM DS8900F Safeguarded Copy (SGC) Test Drive
➢IBM Cloud Object Storage Test Drive - (Appliance based)
➢IBM Cloud Object Storage Test Drive - (VMware based)
➢IBM Storage Protect Live Test Drive
➢IBM Storage Ceph Test Drive - (VMware based)
Client Technical Workshops TechZone Test Drive / Demo’s
Offerings
Please reach out to your IBM Representative or Business Partner for more information.
*IMPORTANT* The ATG team serves clients and Business Partners in the Americas, concentrating on North America.
➢Cyber Resilience with IBM Storage Defender: July 16, 2025 (Virtual)
➢IBM Fusion & Ceph: August 6-7, 2025 (Coppell, TX)
➢IBM Storage Scale & Storage Scale Functions: August 20-21 , 2025 (San Jose, CA)
➢IBM DS8000 G10 Advanced Functions: August 26-27, 2025 (Chicago, IL)
➢IBM FlashSystem Deep Dive & Advanced Functions: September 10-11, 2025 (RTP)
3
© Copyright IBM Corporation 2025
Accelerate with ATG Webinar:
Quantum-Safe SAN Security: Future-Proofing Your IBM Storage
Networks with Brocade Gen 7 Security
Speakers:
Tim Werts Marketing Manager Brocade Storage Networking, Broadcom
Marcus Thordal Product Management Brocade Storage Networking, Broadcom
Craig Nelson Global Sales Executive Brocade Storage Networking, Broadcom
© Copyright IBM Corp oration 2025
Meet the Speakers
7
Marcus Thordal, Product Management, Brocade Storage Networking, Broadcom Inc
•25 years of storage industry experience (~10 years at IBM)
•Product management responsibilities include Brocade Fabric OS and Support Link
• Combines clients’ business needs with the latest technology trends to define product
development direction and next generation IT architectures.
•Multiple authorships in the domains of Storage Networking, Storage Virtualization and
Disaster Recovery.
Tim Werts - Global Marketing Manager, Brocade Storage Networking, Broadcom Inc
•3+ decades in the storage industry
•Current Role - Marketing with Sales enablement focus at Broadcom
•Decade of Business Development at Brocade
•Decade of System Engineering at Brocade
•Decade of Qualification Engineering for Tape and Disk Drives at NCR
•Experienced as trainer, presenter, SAN architect, and part-time troubleshooter
© Copyright IBM Corp oration 2025
Meet the Speakers
8
Craig Nelson - Global Sales Executive, Brocade Storage Networking, Broadcom Inc
•Oversees IBM sales across multiple technology divisions
•Includes multiple Broadcom technologies including Brocade, Emulex, and others
•Storage networking expertise since 2000
•Roles at EMC, McDATA, and Brocade (acquired by Broadcom in 2017)
•Worked exclusively with IBM and its Business Partner channel since 2005.
•Frequent presenter at IBM events including Think, Edge, Storage Masters, and TechU.
© Copyright IBM Corp oration 2025
Are you ready for
Q-Day?
9
© Copyright IBM Corp oration 2025
•The Final Brick
Introducing the IBM Gen 7 SAN24B-7
•Threats of Today
Modern cyber risks to your data path
•Threats of Tomorrow
Quantum computing and Q-Day
readiness
•Global Security Readiness
Regulatory and compliance pressures
•Smart SAN Defense
Brocade features that protect and adapt
Todays’ Topics
Protecting Your Data with Quantum-Safe Storage Networking
10
© Copyright IBM Corp oration 2025
What’s New with
IBM b-type Storage
Networking
11
© Copyright IBM Corp oration 2025
IBM End-to-End Storage and SAN Infrastructure Solutions
32G 64G
Global
View
Management
Portal
IBM SANnav Management
SAN42B-R7
SAN18B-6
Storage/Tape Extension Solutions
SAN24B-6
32G
End-to-End Security, Resiliency, and 64G start with your network infrastructure.
FlashSystem DS8000 G10
Enterprise Storage
for Z and Open
TS7700
Virtual Tape Library
for Z, BC-DR
FC-IP Extension
5015/5045 5300 7300 9500
9500R
FlashCore Module 4
SAN Volume Controller (SVC)
C200
NEW
SAN64B-7 SAN128B-7
64G
SAN256B-7
SAN512B-7
SAN24B-7
NEW
12
© Copyright IBM Corp oration 2025
Introducing the IBM SAN24B-7 Entry SAN Switch
Affordable Gen 7 SAN Switch for the on-demand data center
Feature SAN24B-6 Base Switch SAN24B-7 Base Switch
Speed 16G and 32G 32G and 64G
Scalability 8, 16, 24 ports 8, 16, 24 ports
WebTools Integrated Management
Traffic Optimizer Not Available
Fabric Performance Impact Notification Not Available
Extended Fabric Additional License ($$)
Fabric Vision Additional License ($$)
ISL Trunking Additional License ($$)
Integrated FC Routing 16
© Copyright IBM Corp oration 2025
Autonomous SAN: Built-In Optimization & Congestion Control
Gen 7 SAN Builds Hassle-Free Storage Network Infrastructure
Traffic Optimizer
Keeps fast traffic flowing.
Groups traffic by speed or protocol so
slower devices don’t drag down
performance.
SAN Telemetry
Your SAN, now with X-ray vision.
Built-in sensors track I/O behavior and
latency patterns in real time—no extra
tools needed.
Fabric Performance
Impact (FPI) monitoring
Pinpoints the exact source of congestion.
Automatically identifies which device or port
is causing slowdowns—and who’s affected.
Hardware Congestion
Signaling
Stops bottlenecks before they spread.
Instantly detects congestion and alerts
connected devices to reroute or slow
down—automatically.
VM Insight / VMID+
See exactly what each VM is doing.
Tracks I/O performance per virtual
machine—no need for storage-side
support.
FPIN (Fabric Performance
Impact Notification)
Your SAN raises the red flag early.
Warns HBAs and devices when a path is slowing
down—so they can avoid trouble before it hits. 17
© Copyright IBM Corp oration 2025
Cyber Threats
Continue to
Increase
18
© Copyright IBM Corp oration 2025
Challenges
for IT
Maintain
compliance and
mitigate threats
Make fabric
security
responsive and
autonomous
Identify any
security
exposure in
current
operations
Consistently
monitor initiatives
to identify
enhancement
opportunities and
gaps
Proactively
defend against
sophisticated
attacks
Minimize the
organization's
overall attack
surface
Constant Changes in Cyber Threats
Unprecedented challenges
in protecting digital assets
19
© Copyright IBM Corp oration 2025
Constant Changes in Cyber Threats
With automated and
AI-based threats becoming
increasingly prevalent,
protecting data from
cybersecurity vulnerabilities
is a critical part of todays
business strategy
BEWARE OF THE BOTS
20
© Copyright IBM Corp oration 2025
Beware the Bots – Imperva 2025 Bad Bot Report
Bad Bots
Human
Good Bot
Bots coded to the latest CVEs
Common Vulnerabilities & Exposures
2025 Imperva Bad Bot Report: How AI is
Supercharging the Bot Threat
https://www.imperva.com/blog/2025-imperva-bad-bot-report-how-ai-is-supercharging-the-bot-
threat/?utm_source=chatgpt.com
21
Bots never sleep
(
(
© Copyright IBM Corp oration 2025
Hidden Costs
Loss of customer trust,
brand damage, higher
insurance.
These often hurt more—
and last longer.
Cyber Security Threats Can Cost Enterprises Money
Cost of Data Breach 2023(IBM); The Financial Impact of Cyber Breaches on Businesses
$4.88M
Global average total
cost of a data breach
277 days
Average time to identify
and contain a data breach
Direct Costs
Lost revenue,
investigation, and
recovery expenses
22
© Copyright IBM Corp oration 2025
23
Increasing regulations & standards to protect your data
CNSA 2.0
USA
Mandates quantum-safe
crypto by 2030
FISMA
USA
Federal mandate for validated
encryption
NIST PQC
Global (USA-led)
Federal mandate for validated
encryption
DORA
EU
Security compliance for
financial institutions by 2025
NIS2 Directive
EU
Expands Cyber Security for IT
infrastructure 2024
Cyber Resiliency Act
EU
Secure-by-Design rules for
HW & SW in the EU market
UK NCSC Zero Trust
UK
Promotes Zero Trust
Architecture & Encryption
ISO/IEC 27001
GLOBAL
Standard for cybersecurity
and data protection
PCI DSS 4.0
GLOBAL
Encryption and data
segmentation in pay systems
Standards Regulations Frameworks
Regulatory Security Impacts Storage Solutions Globally
CRA
© Copyright IBM Corp oration 2025
New regulations driving security enhancements
Increasing Encryption Requirements
2020
2021
2022
2025 -
2030
CNSA 2.0
Requirements
•Quantum Resistant
Algorithms
•Encryption
Everywhere
Cyber Resilience Act
(CRA)
•Common EU
requirements for
hardware and
software
US Gov. Executive Order
•Improve national
cybersecurity
•Zero Trust Architecture
•CNSA 1.0 specification
UK Issues Guidance
•Intended for Enterprise
Environment to
implement Zero Trust
Architecture
SolarWinds Security
Event
•Equipment spoofed
via rogue firmware
impacting the US
Federal
Government’s data
security
CNSA/ENISA Timeline
•2025: Shipments into US Govt. are
recommended to include CNSA 1.0 or 2.0
components
•2026: ENISA Expects to adopt QR algorithms
•2030: Shipments into US Govt. are required
to include CNSA 2.0 components
NIS2 Adoption (EU) - Network & Information
Security Directive
•2025: Adopt, publish measures Intended to
improve the security of network and
information systems across the EU
DORA (EU) - Digital Operations Resilience Act
•2025: Compliance with legislative act to
improve the IT security of financial
institutions and their third-party service
providers
24
© Copyright IBM Corp oration 2025
Quantum Computers
Expected to break widely used public-key encryption algorithms
used today.
NSA: CNSA and Quantum Computing FAQ
Q-Day is Coming
The projected day when quantum systems can crack today’s
encryption—potentially by 2033, per NSA and NIST.
Q-day is Coming
"Harvest Now, Decrypt Later”
Threat actors may already be storing encrypted data, planning to
decrypt it once quantum power is available.
PQC (Post-Quantum Cryptography)
Algorithms that run on today’s systems but are designed to
resist both classical and quantum attacks.
Quantum Will Threaten Encryption
25
© Copyright IBM Corp oration 2025
•The NSA’s CNSA 2.0 defines new cryptographic
standards to defend against quantum attacks.
•Future compliance will require adoption of
CNSA 2.0 across all systems.
Is Your Storage Network Quantum Safe?
Commercial National Security Algorithm (CNSA) Suite 2.0 security regulation
26
© Copyright IBM Corp oration 2025
CNSA 2.0 Timeline – Are You Ready?
27
© Copyright IBM Corp oration 2025
Securing
the Data Path TODAY
28
Quantum Safe
© Copyright IBM Corp oration 2025
Fibre Channel Storage Networks are Inherently More Secure
29
© Copyright IBM Corp oration 2025
Broadcom Storage Networks are on the Path to Quantum Safe
Encryption matters to be resistant to attacks from quantum computers
Central Data Center
FC MAN
or IP WAN
Broadcom fabrics mitigate threats by securing data
flows with quantum safe, AES 256 encryption
Broadcom encrypts communication within and across
data centers, not data at-rest
1. Server-to-Storage Encryption
–SecureHBA End-to-end encryption
2. Storage-to-Metro Encryption
–Switch-to-switch encryption
3. Storage-to-WAN Encryption
–FCIP IPSec over long-distance WAN links
Switches, Software, HBA implementing Zero Trust
architecture and multi-factor authentication (MFA)
Data Center A
Data Center B
Quantum Safe
Data Path
30
© Copyright IBM Corp oration 2025
Brocade SAN and Emulex HBAs Deliver End-to-End Security
Storage Array
FC Switch
Server
OS FC
HBA
Emulex Emulex
Brocade
FC
HBA
Data Path Security – There can be no Weak Links
APPLICATIONS DATA
31
© Copyright IBM Corp oration 2025
End-to-End In-flight Encryption
Brocade SAN and Emulex HBAs Deliver End-to-End Security
Storage Array
FC Switch
Server
OS FC
HBA
Emulex Emulex
Brocade
FC
HBA
Data Path Security
Silicon Root
of Trust
Silicon Root
of Trust
Silicon Root
of Trust
CPU - HBA
Attestation
(SPDM)
Signed
Drivers Federated
Authentication
(FA)
CPU - HBA
Authentication
(SPDM)
Quantum Safe
Zero
Trust
APPLICATIONS DATA
32
© Copyright IBM Corp oration 2025
End-to-End In-flight Encryption
Brocade SAN and Emulex HBAs Deliver End-to-End Security
Storage Array
FC Switch
Server
OS FC
HBA
Emulex Emulex
Brocade
FC
HBA
Data Path Security
Quantum Safe
Quantum Safe
33
© Copyright IBM Corp oration 2025
Gen 7 Integrated SAN Security Safeguards Critical Data
Minimize risk of malware or hijacking attacks by
hardening FOS and strengthening hardware
Safeguard mission-critical operations by
validating the integrity and security of Gen
7 hardware and software
Reduce vulnerabilities to cyber attacks
and password management burden on IT
with token-based authentication
Automate operations to ensure consistent
security configuration settings across the
fabric
Secure storage traffic through isolated
networks and controlled-access to storage 34
© Copyright IBM Corp oration 2025
Brocade Fabric Vision Feature includes MAPS (Monitoring Alerting Policy Suite)
Enhanced Monitoring, Logging, Alerting for Security and much more
Rule 1
Rule 3
Rule #
Set Rules
Switch Health
Monitored Categories
Port Health
IO Health
Performance
Impact
Security
Violations
Rule 2
Rule 2
FENCE, Email, Syslog …
Take Action
Certification Expiration
Days to Expiration
Authentication Failures
Illegal Commands
Unauthorized Device Login
HTTPS Violations
Logon Violations
Unauthorized Switch
Telnet Violations
Time Server Violations
Specific Parameters
Rule 4
35
© Copyright IBM Corp oration 2025
1. Threat
Continuous failed login attempts on
the switch
IBM Storage
FlashSystem
Brocade
SAN Enterprise
Access
Points
Servers
Host Host
IBM Security QRadar Dashboard
SIEM
1
3
4
Threat
4. Response
Offence registered in SIEM and
handled for further investigation
3. Protect/Recover
SIEM performs predicated response
Example: Insert IP filter to block the
offending IP address(es)
Using API calls to the switch IP filter is
configured
2. Identify/Detect
MAPS detects and sends syslog
server log events to SIEM
Brocade SAN Integrates with QRadar SIEM
Early detection and automated incident response
2
36
© Copyright IBM Corp oration 2025
Optional
Legacy Authentication Continues to Pose Security Challenges
Service accounts used for M2M are considered very vulnerable to cyber attacks
1
2
AAA
Authorization Request
username/password
Access Granted
(upon successful authentication)
1A
1B
End user
Legacy Authentication Model
•User authentication is critical for enterprises, ensuring only the right individuals can access sensitive data
and services
•Legacy authentication models using passwords are a foundation for vulnerabilities
•Relying on static credentials leaves data centers susceptible to phishing attacks and social engineering
tactics, allowing hackers to gain access to corporate data
37
© Copyright IBM Corp oration 2025
Better, secure and automated identity management with token-based authentication
Multi-factor Authentication (MFA)
•Passwords are risky (weak, re-use, sharing)
•MFA adds layers of security
•Requires multi-verification factors:
–something you know (ex: PIN)
–something you have (ex: mobile device)
–something you are (ex: fingerprint)
Federated Authentication (FA)
•Validate through MFA with Identity Provider (IdP)
trusted by Brocade FOS
•The trusted IdP authenticates user
•Secure access token sent by IdP
•Allows user access with associated privileges
Brocade Enables Federated Authentication in FOS v9.2.1
38
© Copyright IBM Corp oration 2025
Simple Steps
for
Data Path
Security
39
© Copyright IBM Corp oration 2025
Network Modernization Matters for Security
Regularly upgrade and patch network devices is the best way to protect a network 40
© Copyright IBM Corp oration 2025
Brocade Gen 5 is 12+ Years Old; Gen 6 is 7+ Years Old
Would you buy a technology (e.g. cell phone or laptop) that is 5+ years old?
Is it time for you to refresh?
2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025
EOL FOS EOA EOS
EOL
41
© Copyright IBM Corp oration 2025
Not Sure If Your SAN Is Outdated?
Brocade SAN Health Diagnostic Tool will show you — Download for Free
Comprehensive
reporting with health
and best practice
checks
Performance graphs
for visualizing activity
Useful topology
diagrams to view
physical layout
© Copyright IBM Corp oration 2025
43- IBM & BP confidential -
Includes two
64-port SAN64B-7
base switches and
24 x 32G SWL SFPs
FlashSystem
7300
Value Bundle
FlashSystem
9500
Value Bundle
Includes two
64-port SAN64B-7
base switches and
24 x 64G SWL SFPs
Includes two
24-port SAN24B-6
base switches and
8 x 32G SWL SFPs
FlashSystem
5300
Value Bundle
Includes two
24-port SAN24B-6
base switches and
8 x 16G SWL SFPs
FlashSystem
5045
Value Bundle
IBM FlashSystem Value Bundles
are better together
•Configured for Optimum Performance
•Allows for SAN Flexibility
•Integrated Safeguarded SAN Features
•Save with up to 20% SAN Discount
© Copyright IBM Corp oration 2025
Security Best Practice Guide
https://docs.broadcom.com/doc/FOS-Security-UG
Brocade Fabric OS Admin Guide
https://techdocs.broadcom.com/us/en/fibre-channel-
networking/fabric-os/fabric-os-administration/9-2-x.html
Brocade Security Training
https://brocade.csod.com/ui/lms-learner-
playlist/PlaylistDetails?playlistId=0adbed3f-36af-471c-
9cc3-af25e31ce46f
Learn More About Security with Brocade Storage Networks
Papers, training and user guides
Secure your
SAN in 30 pages
Deep Dive into
SAN Security
44
© Copyright IBM Corp oration 2025
Accelerate with ATG Survey
BACK UP
46
© Copyright IBM Corp oration 2025
One Storage Family
with
Common HW & SW
47
Powerful Common Hardware & Software from Entry to Enterprise
IBM SAN24B-6
Switch
1U, 8 to 24 x 32G ports
Enterprise bundle or
individual features
licensed separately
IBM Expert Care support
8969-F24
IBM SAN64B-7
Switch
1U, 24 to 64 x 64G ports
2x performance
50% lower latency
Autonomous SAN features
All optional software
licenses included
IBM Expert Care support
8960/8969-P64/R64
IBM SAN128B-7
Switch
2U, 48 to 128 x 64G ports
2x performance
50% lower latency
Autonomous SAN features
All optional software
licenses included
IBM Expert Care support
8969-P96/R96
One Storage Networking Family with Common HW & SW
Common Brocade ASICs + Fabric OS (FOS) + Autonomous SAN Features
IBM SAN24B-7
Switch
1U, 8 to 24 x 64G ports
2x performance
50% lower latency
Autonomous SAN features
All optional software
licenses included
IBM Expert Care support
8969-P24/R24
Greater FlashSystem Density → Greater SAN Performance and Scalability
IBM FlashSystem
1U – 4U
16G / 32G / 64G FC
FlashCore Module 4
NEW
© Copyright IBM Corp oration 2025
Gen 7 64G Real-World Results for Real Workloads while Being Quantum Safe
48
© Copyright IBM Corp oration 2025
Use Cases for the IBM SAN24B-7
Modernizing for Gen 7 Autonomous SAN and Security Features
2 – Performance: You need between 8-24 FC ports and 64G port connectivity at the lowest possible cost.
Consider SAN64B-7 switch if more than 24 ports will be needed (now or in the future).
3 – Lower Cost Advanced Features: You need between 8-24 FC ports and any of these options :
Extended Fabric for long distance FC connectivity, ISL Trunking, Fabric Watch for advanced monitoring and alerting.
SAN24B-7 includes these features in base switch and will be less expensive than SAN24B-6 plus adding features
4 – Standardized on Gen 7 SAN: You need a few ports and currently using Gen 7 features in Data Center:
Traffic Optimizer, FPIN, VM Insight, MAPs, Enhanced Security
1 – Investment Protection: You need between 8-24 FC ports and want greatest features & longevity.
49
© Copyright IBM Corp oration 2025
Gen 7 Traffic Optimizer -- Let the SAN Sort It Out
Runs Itself
No tuning needed to stay fast and efficient.
Groups Traffic by Speed
Keeps NVMe and SCSI from tripping over each other.
Prevents Bottlenecks
Slow devices don’t slow down the rest.
Fixes Mismatches Automatically
Gen 7 sorts out your hybrid SAN mix for you.
Gen 7 sees what’s connected—and makes sure everything moves at the speed it should.
Smart traffic grouping prevents slowdowns before they start
© Copyright IBM Corp oration 2025
Putting it All Together – Operational Resilient Storage Solutions
94% of victims said the attackers
targeted their backups*
59% of organisations were hit by
ransomware in the last year*
70% of attacks resulted
in data encryption*
78% of organisations took more than
a 100 days to recover**
$4.88M average cost of a
breach**
56% pay ransom to
get data back*
* Source: Sophos The State of Ransomware 2024
** Source: IBM Cost of a Data Breach 2024
51
© Copyright IBM Corp oration 2025
Putting it All Together – Quantum Safe Storage Solutions
QUANTUM
SAFE
DATA PATH
52
![Sexual Violence - Issues in Prevention, Treatment, and Policy [Working Title]](https://s3.us-east-1.amazonaws.com/outstation.idea/pdf-mt/2042407259858792448/pdf/6471f84a-cbc5-43ef-af8f-bbc001b2d1ed/imgs/page1.png)
