Get in touch
Get in touch

SnapGuard for NetApp ONTAP

Next-gen Ransomware Protection

Why you should protect NetApp Data ONTAP with SnapGuard

When endpoint security fails, shared data stored on your NetApp Data ONTAP systems is at risk and ransomware may freely jeopardize your valuable data. SnapGuard not only helps you to protect your assets, but can also help if your system has already been attacked.

Next-gen Ransomware Protection

The generic file damage detection is based on an online background mechanism (absolutely no impact on client latency) and very reliable. Don’t believe the fuss about using machine learning to detect ransomware patterns: our next-gen approach does not rely on any kind of obscure or incomprehensible client access patterns evaluation, the only thing that matters is whether clients are corrupting data or not.

SnapGuard provides you with peace of mind by protecting your data fabric from malicious accesses. SnapGuard has been designed specifically to integrate into NetApp ONTAP storage systems (the enterprise edition features the world’s first combined FPolicy and EVTX monitoring) and is therefore the ideal software for corporations already running on or planning to run on NetApp.

FPolicy & EVTX Firewall

Cleondris is not only the first company that came up with the idea of implementing active ransomware detection and automatic defense using NetApp’s built-in FPolicy mechanism. We are also the first to offer a combined FPolicy + EVTX (NetApp file service audit) processing to even better protect your data. Our firewall is able to run in-band, malicious behaviour can be stopped on the spot.


Observe CIFS and NFS client activity in real-time. Thanks to SnapGuard’s live view, administrators can immediately see all ongoing operations on a NetApp volume and clients showing suspicious behavior can be put on a block list with a single click. The live view is completely agent-less and can be attached to any ONTAP volume in real-time.

Scalability & Security with DMT

The optional Data Manager Tools (DMT) allow the off-loading of firewall functionality to computers in different security zones. This approach makes SnapGuard ideal for service providers: it only communicates inside the secure management network over the NetApp ZAPI, NDMP and SnapDiff APIs with the nodes and the cluster admin vserver (or 7-Mode vfiler0) of Data ONTAP. Only for FPolicy communication access to the ONTAP data interfaces in the customer zone is needed – thanks to DMT, this can be properly separated from the management network.

Differential Restore

No matter what protective measures you take, it is still possible that data from clients is corrupted by malicious software operating with currently still unknown approaches. Restoring a whole volume with SnapRestore to an earlier snapshot is often no option, as good and bad changes are reverted at the same time. be. The unique differential restore in SnapGuard allows you to repair defective data only – at the same time, good modifications are left as-is.

Volume Analyzer

If you suspect that a NetApp flexible volume has been damaged by ransomware, the SnapGuard integrated volume analyzer let’s you efficiently generate a metadata break-down, including overview of all used file-extensions and their location/distribution in the file system. Thanks to Data ONTAP SnapDiff and NDMP functionality, the analysis does not need any CIFS connectivity. Based on the results, you can then initiate a differential restore.

To learn more about how we can help your business
Contact us today