Secure disk access control

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

• receive, at a disk access security agent, a request from a security tool, the request relating to an event involving data records in a particular one of a plurality of storage devices, wherein each of the plurality of storage devices possesses local secure storage functionality and the disk access security agent has protected access to a common application programming interface (API) to interface with any one of the plurality of storage devices and invoke, through the common API, any one of a set of secure storage operations to be performed locally at the respective storage device, wherein the set of secure storage operations are defined through the common API;
  
  use the common API to interface with secure storage functionality of the particular storage device to invoke a particular one of the set of secure storage operations at the particular storage device based at least in part on the request, wherein the set of secure storage operations comprises a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation,wherein the copy-on-write operation comprises identifying an attempted write operation of a particular one of the data records and, prior to allowing the attempted write operation, copying data of the one or more data records to a copy-on-write backup location, andwherein the save-attempted-write operation comprises disallowing an attempted write operation on a first record, causing the write operation to be instead performed on a save-attempted-write (SAW) record, and causing a response to be generated to a read-back request of the particular data record with a false data read incorporating contents of the written-to SAW record.