croit - CephFS Guard

Stop Malware Before It Stops Your Infrastructure

Real-time CephFS threat detection and protection

Contact us

Automatic activity detection

CephFS Guard provides continuous, real-time monitoring of all file operations in CephFS and detects suspicious behavior - such as ransomware activity - within seconds. When a threat appears, the system automatically isolates compromised users and triggers instant snapshots to protect data integrity.

Why it matters

Rising Ransomware Threats

Ransomware campaigns increasingly target large-scale storage systems and distributed file services. When attackers encrypt files at massive speed, traditional security tools react far too late. CephFS Guard detects these patterns instantly and stops the attack before data is lost.

Human Error & Compromised Accounts

Most storage breaches originate from legitimate users whose credentials were stolen or misused. These incidents are hard to identify with classic monitoring. CephFS Guard analyzes behavior in real time and isolates suspicious accounts automatically to prevent cascading damage.

Protecting Critical Research & HPC Workloads

HPC and scientific environments often process irreplaceable datasets that cannot be recreated. Downtime or corruption can delay entire research pipelines or invalidate results. CephFS Guard ensures continuity and data integrity even under unexpected or malicious events.

Enterprise-Grade Resilience Requirements

Modern enterprises rely on uninterrupted access to shared file services across departments and workloads. Even short disruptions can impact productivity, compliance, and customer-facing operations. CephFS Guard adds an automated protection layer that keeps business-critical data available and secure at all times.

How it works

CephFS Guard continuously processes a real-time stream of CephFS events, including reads, writes, deletes, and metadata changes. Multiple parallel detectors analyze this activity to identify suspicious or abnormal behavior. When a threat is confirmed, CephFS Guard can trigger protective actions within seconds, such as creating a Ceph snapshot, evicting a compromised user, or sending a webhook to a SIEM or incident response system, without disrupting normal cluster operations.

For S3 workloads, this protection can be complemented with immutable object storage using Object Lock and versioning. This enables WORM-like, revisions-safe retention that prevents modification or deletion during defined retention periods.

Protects your infrastructure

Built for HPC, research, and enterprise storage deployments, CephFS Guard integrates seamlessly into croit-managed Ceph clusters without impacting performance. It creates a proactive defense layer that keeps your data safe and your workloads running.

Discover what CephFS Guard can do for your cluster

Talk to an Expert

Only from croit

croit CephFS Guard

CephFS Guard is built on deep technical collaboration with Ceph and our long-standing expertise in managing large-scale Ceph environments. Unlike general-purpose security tools, CephFS Guard operates directly on CephFS-native metadata streams — capabilities only available through our integrated croit stack. This makes croit the only vendor capable of providing real-time, automated malware defense tailored specifically to CephFS.

Built by the Ceph Experts

croit has deployed and operated Ceph clusters in some of the world’s most demanding HPC and enterprise environments. CephFS Guard is the result of years of field experience and deep integration work — not a generic add-on, but a purpose-built protection layer only we can deliver.