Automatic retention lock extensions

The invention claimed is: 1 . A method for use in a storage system, comprising: detecting a first event, the first event being a cyber threat (CT) event, the first event being generated, at least in part, by using security software that is executed in the storage system; in response to the first event, identifying a secure snapshot of the storage system and performing a first modification of a first retention period of a protection policy that controls an ability to automatically delete the secure snapshot, the first modification being performed by causing the first retention period to have an indefinite duration, the first retention period being a period for whose duration the secure snapshot is prohibited from being deleted by nodes in the storage system; detecting a second event, the second event being detected after the first modification is performed; and performing a second modification of the first retention period in response to the second event, wherein performing the second modification includes causing the first retention period to have a definite duration, wherein the secure snapshot is further associated with a retention lock that also controls the ability to delete the secure snapshot such that the secure snapshot is permitted to be deleted by nodes in the storage system only when the retention lock is released, the retention lock being associated with a second retention period, the second retention period being a period for whose duration the retention lock is prohibited from being released by nodes in the storage system, the second retention period having a fixed maximum duration, wherein the protection policy is part of a first mechanism for preventing the snapshot from being deleted, and the retention lock is part of a second mechanism for preventing the secure snapshot from being deleted, the first mechanism being provided concurrently with the second mechanism in the storage system. 2 . The method of claim 1 , wherein the first retention period and the second retention period are implemented by using a same set of metadata. 3 . The method of claim 1 , wherein the second event includes an addressed cyber threat (ACT) event. 4 . The method of claim 1 , wherein the first modification and the second modification are performed only when the protection policy is enabled. 5 . The method of claim 1 , wherein the first retention period and the second retention period are implemented by using different sets of metadata. 6 . The method of claim 1 , wherein the security software includes antivirus software and/or intrusion detection software. 7 . The method of claim 1 , wherein the storage system is configured to allow deletion of the secure snapshot only when both the protection policy and the retention lock permit deleting the secure snapshot. 8 . A system, comprising: a memory; and at least one processor that is operatively coupled to the memory, the at least one processor being configured to perform the operations of: detecting a first event, the first event being a cyber threat (CT) event, the first event being generated, at least in part, by using security software that is executed in a storage system; in response to the first event, identifying a secure snapshot of the storage system and performing a first modification of a first retention period of a protection policy that controls an ability to automatically delete the secure snapshot, the first modification being performed by causing the first retention period to have an indefinite duration, the first retention period being a period for whose duration the secure snapshot is prohibited from being deleted by nodes in the storage system; detecting a second event, the second event being detected after the first modification is performed; and performing a second modification of the first retention period in response to the second event, wherein performing the second modification includes causing the first retention period to have a definite duration, wherein the secure snapshot is further associated with a retention lock that also controls the ability to delete the secure snapshot such that the secure snapshot is permitted to be deleted by nodes in the storage system only when the retention lock is released, the retention lock being associated with a second retention period, the second retention period being a period for whose duration the retention look is prohibited from being released by nodes in the storage system, the second retention period having a fixed maximum duration, wherein the protection policy is part of a first mechanism for preventing the snapshot from being deleted, and the retention lock is part of a second mechanism for preventing the secure snapshot from being deleted, the first mechanism being provided concurrently with the second mechanism in the storage system. 9 . The system of claim 8 , wherein the first retention period and the second retention period are implemented by using a same set of metadata. 10 . The system of claim 8 , wherein the second event includes an addressed cyber threat (ACT) event. 11 . The system of claim 8 , wherein the first modification and the second modification are performed only when the protection policy is enabled. 12 . The system of claim 8 , wherein the first retention period and the second retention period are implemented by using different sets of metadata. 13 . The system of claim 8 , wherein the security software includes antivirus software and/or intrusion detection software. 14 . The system of claim 8 , wherein the storage system is configured to allow deletion of the secure snapshot only when both the protection policy and the retention lock permit deleting the secure snapshot. 15 . A non-transitory computer-readable medium storing one or more processor-executable instructions, which, when executed by at least one processor of a storage system, cause the at least one processor to perform the operations of: detecting a first event, the first event being a cyber threat (CT) event, the first event being generated, at least in part, by using security software that is executed in the storage system; in response to the first event, identifying a secure snapshot of the storage system and performing a first modification of a first retention period of a protection policy that controls an ability to automatically delete the secure snapshot, the first modification being performed by causing the first retention period to have an indefinite duration, the first retention period being a period for whose duration the secure snapshot is prohibited from being deleted by nodes in the storage system; detecting a second event, the second event being detected after the first modification is performed; and performing a second modification of the first retention period in response to the second event, wherein performing the second modification includes causing the first retention period to have a definite duration, wherein the secure snapshot is further associated with a retention lock that also controls the ability to delete the secure snapshot such that the secure snapshot is permitted to be deleted by nodes in the storage system only when the retention lock is released, the retention lock being associated with a second retention period, the second retention period being a period for whose duration the retention lock is prohibited from being released by nodes in the storage system, the second retention period having a fixed maximum duration, wherein the protection policy is part of a first mechanism for preventing the snapshot from being deleted, and the retention lock i