Solved: Re: How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

nicholsongc · ‎2024-04-02

My Security & Risk Oversight Director is asking how we can "install" Crowdstrike on NetApp - knowing that is not realistically possible. But the true ask here is, how do we protect the NetApp OS (ONTAP/Free BSD) using established Endpoint Detect & Response (EDR) or Managed Detect & Response (MDR) solutions?

Our organization uses CrowdStrike Falcon. So I'm being asked to check with NetApp and other relevant vendors if they allow for the installation of EDR tools like CrowdStrike Falcon or are there established solutions to meet this need?

Thank you in advance!

AlexDawson · ‎2024-04-02

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no).

View solution in original post

AlexDawson · ‎2024-04-02

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no).

cedric_renauld · ‎2024-04-03

Hello,

Alex is right ... Ontap cannot support EDR on there OS, but you have many solution to "sucure" the system :

- ARP : Autonomous Ransomware Proection

- MAV: Muti Admin validation, Ask two persons to do an action, like a volume delete for exemple

- Anitvirus, an external engine, can be connected to Ontap to analyse in live the write on filesyste, like Trend, kaspersky, symantec ...

With all this points you can demonstrate the good level of security of your Ontap environnement

nicholsongc · ‎2024-04-03

Thank you @cedric_renauld and @AlexDawson for the quick and informative responses!

nicholsongc · ‎2024-04-03

@AlexDawson , is there a white paper or tech sheet/article that would address my question with your response. My management would like to be able to present an "official NetApp document" as well as the responses from this group. Thank you again for your contribution!

AlexDawson · ‎2024-04-03

Hi there, you'd probably be best opening a ticket with Crowdstrike asking them about it - their negative would probably placate your management more than ours 🙂

paul_stejskal · ‎2024-07-23

https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Is_it_possible_to_install_another_software_in_ONTAP%3F

How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

Migrating & protecting enterprise apps by using AI-powered automation in Amazon FSx for NetApp ONTAP

NetApp Ontap deduplication

Possible to create traditional aggregate and volume on Netapp Ontap 9.14?

How to decide which NetApp API to use?

SnapCenter 6.0 Release Coincides with Crowdstrike Outage: A Serendipitous Timing