ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

nicholsongc
‎2024-04-02 05:37 AM
1,523 Views

My Security & Risk Oversight Director is asking how we can "install" Crowdstrike on NetApp - knowing that is not realistically  possible.  But the true ask here is, how do we protect the NetApp OS (ONTAP/Free BSD) using established Endpoint Detect & Response (EDR) or Managed Detect & Response (MDR) solutions?

 

Our organization uses CrowdStrike Falcon. So I'm being asked to check with NetApp and other relevant vendors if they allow for the installation of EDR tools like CrowdStrike Falcon or are there established solutions to meet this need?

 

Thank you in advance!

0 Kudos
1 ACCEPTED SOLUTION

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2024-04-02 11:46 PM
1,431 Views

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

 

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no). 

View solution in original post

6 REPLIES 6

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2024-04-02 11:46 PM
1,432 Views

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

 

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no). 

cedric_renauld
‎2024-04-03 05:37 AM
1,386 Views

Hello,

Alex is right ... Ontap cannot support EDR  on there OS, but you have many solution to "sucure" the system :

- ARP : Autonomous Ransomware Proection

- MAV: Muti Admin validation, Ask two persons to do an action, like a volume delete for exemple

- Anitvirus, an external engine, can be connected to Ontap to analyse in live the write on filesyste, like Trend, kaspersky, symantec ...

With all this points you can demonstrate the good level of security of your Ontap environnement

nicholsongc
‎2024-04-03 06:42 AM
1,374 Views

Thank you @cedric_renauld and @AlexDawson for the quick and informative responses!

0 Kudos

nicholsongc
‎2024-04-03 11:23 AM
1,334 Views

@AlexDawson , is there a white paper or tech sheet/article that would address my question with your response.  My management would like to be able to present an "official NetApp document" as well as the responses from this group.  Thank you again for your contribution!

0 Kudos

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2024-04-03 05:49 PM
In response to nicholsongc
1,290 Views

Hi there, you'd probably be best opening a ticket with Crowdstrike asking them about it - their negative would probably placate your management more than ours 🙂

0 Kudos
All Community Forums
Public