ONTAP Discussions

How to Protect NetApp/ONTAP using Endpoint Detect and Respond Solutions (RE: Crowdstrike Falcon)

nicholsongc
3,345 Views

My Security & Risk Oversight Director is asking how we can "install" Crowdstrike on NetApp - knowing that is not realistically  possible.  But the true ask here is, how do we protect the NetApp OS (ONTAP/Free BSD) using established Endpoint Detect & Response (EDR) or Managed Detect & Response (MDR) solutions?

 

Our organization uses CrowdStrike Falcon. So I'm being asked to check with NetApp and other relevant vendors if they allow for the installation of EDR tools like CrowdStrike Falcon or are there established solutions to meet this need?

 

Thank you in advance!

1 ACCEPTED SOLUTION

AlexDawson
3,253 Views

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

 

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no). 

View solution in original post

6 REPLIES 6

AlexDawson
3,254 Views

ONTAP is an Appliance Model - NetApp supports the entire environment - you should not modify or attempt to modify any portions of the ONTAP distribution, including underlaying OS components, including installing third party software on it. ONTAP does an integrity check at boot and will not boot if modified.

 

You could also ask CrowdStrike if they support running their software on ONTAP controllers (the answer will be no). 

cedric_renauld
3,208 Views

Hello,

Alex is right ... Ontap cannot support EDR  on there OS, but you have many solution to "sucure" the system :

- ARP : Autonomous Ransomware Proection

- MAV: Muti Admin validation, Ask two persons to do an action, like a volume delete for exemple

- Anitvirus, an external engine, can be connected to Ontap to analyse in live the write on filesyste, like Trend, kaspersky, symantec ...

With all this points you can demonstrate the good level of security of your Ontap environnement

nicholsongc
3,196 Views

Thank you @cedric_renauld and @AlexDawson for the quick and informative responses!

nicholsongc
3,156 Views

@AlexDawson , is there a white paper or tech sheet/article that would address my question with your response.  My management would like to be able to present an "official NetApp document" as well as the responses from this group.  Thank you again for your contribution!

AlexDawson
3,112 Views

Hi there, you'd probably be best opening a ticket with Crowdstrike asking them about it - their negative would probably placate your management more than ours 🙂

Public