topic Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon) in ONTAP Discussions

How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

nicholsongc — Tue, 02 Apr 2024 12:37:36 GMT

My Security & Risk Oversight Director is asking how we can "install" Crowdstrike on NetApp - knowing that is not realistically possible. But the true ask here is, how do we protect the NetApp OS (ONTAP/Free BSD) using established Endpoint Detect & Response (EDR) or Managed Detect & Response (MDR) solutions?

Our organization uses CrowdStrike Falcon. So I'm being asked to check with NetApp and other relevant vendors if they allow for the installation of EDR tools like CrowdStrike Falcon or are there established solutions to meet this need?

Thank you in advance!

Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

AlexDawson — Wed, 03 Apr 2024 06:46:07 GMT

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no).

Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

cedric_renauld — Wed, 03 Apr 2024 12:37:19 GMT

Hello,

Alex is right ... Ontap cannot support EDR on there OS, but you have many solution to "sucure" the system :

- ARP : Autonomous Ransomware Proection

- MAV: Muti Admin validation, Ask two persons to do an action, like a volume delete for exemple

- Anitvirus, an external engine, can be connected to Ontap to analyse in live the write on filesyste, like Trend, kaspersky, symantec ...

With all this points you can demonstrate the good level of security of your Ontap environnement

Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

nicholsongc — Wed, 03 Apr 2024 13:42:22 GMT

Thank you @cedric_renauld and @AlexDawson for the quick and informative responses!

Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

nicholsongc — Wed, 03 Apr 2024 18:23:29 GMT

@AlexDawson , is there a white paper or tech sheet/article that would address my question with your response. My management would like to be able to present an "official NetApp document" as well as the responses from this group. Thank you again for your contribution!

Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

AlexDawson — Thu, 04 Apr 2024 00:49:21 GMT

Hi there, you'd probably be best opening a ticket with Crowdstrike asking them about it - their negative would probably placate your management more than ours 🙂

Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

paul_stejskal — Tue, 23 Jul 2024 14:24:04 GMT

https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Is_it_possible_to_install_another_software_in_ONTAP%3F