Vscan or ARP

Geo_19 · ‎2024-04-05

Hello Team,

I have a question how convenient is it to use vscan or ARP [autonomous ransomware protection], I know for licensing for vscan you need to purchase from the antivirus vendor, however, from the ontap ARP perspective, having both makes more secure nas shares or just enough with ARP?

I assume just having one, for example, ARP, since makes a learning mode for 30 days then switches to active, [depending on the workloads, adding too much data, or deleting a lot, etc..], however, having ARP in a learning mode while having vscan server, I'm not sure if is a good idea because, in a certain way, there's a kinda delay while the server is scanning the files to serve data, also, what about the vscan trigger some alerts and the ARP consider as a threat.

darr613 · ‎2024-04-06

Hello Geo_19,

An analogy would be the safety features of a vehicle. You don't rely on a single feature, such as a seatbelt, to completely protect you in an accident. Air bags, anti-lock brakes, and forward-collision warning are all additional safety features that will lead to a much better outcome. Ransomware protection should be viewed in the same way.

On your second topic, any layer of protection based on software that you add is going to use hardware resources. Therefore, adding some delay to the system... it's the nature of software.

Finally, ARP learns patterns so after 30 days it will learn that Vscan sends alerts and won't consider those as a threat.

Regards,