NetApps ARP

NetApp Anti-Ransomware Protection with FSx for ONTAP (FSxN)

Amazon FSx for NetApp ONTAP (FSxN) combines the power of NetApp’s ONTAP data management software with the scalability and flexibility of AWS. A key security feature in this service is the built-in anti-ransomware protection, which helps detect malicious activity and preserve data integrity using automated snapshots.

Key Features of NetApp Anti-Ransomware Protection

1. Real-time anomaly detection: Monitors I/O patterns to identify ransomware-like behavior.
2. Automatic snapshot creation: Creates read-only snapshots automatically when anomalies are detected.
3. ONTAP CLI management: Allows full control and monitoring via the ONTAP command line interface.

Configuration and Usage via ONTAP CLI

1. Check if Anti-Ransomware is Enabled

vserver show -fields anti-ransomware-state

2. Enable Anti-Ransomware Protection

vserver modify -vserver <SVM_NAME> -anti-ransomware-state enabled

3. Check the Learning Phase Status

vserver show -vserver <SVM_NAME> -fields anti-ransomware-learning-state

4. Monitor Snapshot Activity upon Detection

volume snapshot show -vserver <SVM_NAME> -volume <VOLUME_NAME>

5. Restore from an Anti-Ransomware Snapshot

volume snapshot restore -vserver <SVM_NAME> -volume <VOLUME_NAME> -snapshot <SNAPSHOT_NAME>

Best Practices

• Regularly review snapshot retention policies.
• Integrate monitoring via CloudWatch and ONTAP EMS.
• Combine with AWS Backup or SnapMirror for comprehensive DR.

## Aditional Links