Virtualization Technology News and Information
Data Governance and Ransomware Detection in the NetApp Cloud

By Martin Phan, Solutions Architect, Catalogic Software

NetApp is certainly doing their best to make their customers' lives easier by extending their product portfolio and data footprint to the cloud. By providing innovative technologies like ONTAP Select (NetApp's operating system, Data ONTAP, running as a virtual appliance in the cloud) or Cloud Volumes ONTAP (CVO) which allows users to seamlessly extend Data ONTAP volume functionality to a NetApp volume hosted in the cloud, customers are easily able to migrate workloads to the cloud without losing the familiarity of NetApp technologies. As NetApp continues to innovate and help drive the migration of data to the public cloud, some questions may arise in the minds of users:

  • "How do I protect the data on my cloud from unauthorized access or Ransomware attack?"
  • "How do I audit my data to see how often it is being accessed and by whom?"
  • "How can I control what is being written to my storage (i.e. only Word and Excel documents are permitted)?"


While there is the desire to adopting storage workloads in the cloud, you certainly don't want to shell out $$$ to house someone's music collection or run the risk of Ransomware being introduced to your internal environment via cloud storage. So how do you expand your footprint into the cloud and take advantage of the awesome potential of limitless storage, while auditing exactly what is happening to ensure that you are making the most of your investment?

This is where tools such as CryptoSpike and RestoreManager can help you keep a close eye on your NetApp data residing in the Data Center or in the cloud. Let us look at how CryptoSpike's real-time monitoring can prevent unauthorized data or Ransomware from ever landing in your environment.

CryptoSpike now available for NetApp Cloud

CryptoSpike operates by monitoring the file transactions that are occurring within NetApp volumes. By intercepting all the SMB transactions that are occurring on your storage, from either on-premise and/or cloud, you are able to audit the activity that occurs on the storage volumes directly.

CryptoSpike can automatically take action when known ransomware signatures or restricted files (controlled by a blacklist) are encountered or rejecting all files from being written/modified, etc. with the exception of only a certain file type (controlled by a whitelist).

This auditing can occur as CryptoSpike communicates with the underlying NetApp storage technology, be it a physical controller running NetApp's Data ONTAP OS or a virtualized controller/container object running on NetApp ONTAP Select or Cloud Volumes ONTAP. The flexibility to audit your filesystem activity, regardless of where the data resides, is possible through CryptoSpike.

Once CryptoSpike determines a violation, it can flag or block the user entirely and automatically revert the changes made from the user, using the latest NetApp snapshot (without having to restore all the data from the snapshot.)

Below are screenshots on the granularity of the auditing. CryptoSpike is monitoring nearly everything, from the type of request, where it is coming from, from whom, the time these operations are taking place, etc. This information can be charted and graphed to allow IT administrators to visualize and compare their data center vs. cloud storage and apply their investments where they can receive the most return.


     Screenshot 1 - Reviewing filesystem activity for users using CryptoSpike reports.


     Screenshot 2 - SMB / NFS transactions over defined window of time. SMB transactions from create, delete, read, write, rename, etc. can be recorded.

For customers looking for this level of auditing and data governance, Catalogic Software is certain CryptoSpike can fulfill your needs for auditing NetApp file storage on-prem or in the cloud. For a live demo - check Catalogic's website or YouTube Channel.


Note: CryptoSpike and RestoreManager are licensed by subscription. When working with physical NetApp controllers, the license is per controller and when working with cloud storage, i.e. ONTAP Select or CVO, the license is based on capacity. For further details – contact your local Catalogic Sales representative to get started on a free 30-day trial.  

About the Author

Martin Phan Catalogic 

Martin Phan takes pride in leveraging his 20+ years of experience in the software-industry supporting, developing, implementing and selling enterprise software and data protection solutions to help customer solve their backup and recovery challenges.

Published Wednesday, August 19, 2020 7:39 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2020>