Network-attached storage devices like NetApp contain volumes of data which are vital to business operations. With broad access available to so many users, protecting NetApp storage from malware is critical to operational stability and integrity. Organizations worldwide face increasingly sophisticated threat actors. AI-powered threat detection can level the playing field, protect business data, and stop attacks before they begin. With Threat Detection for NetApp, SentinelOne brings proven AI-powered malware protection to NetApp storage.
Legacy AV solutions have long dominated storage security for NetApp. However, security innovation has not kept pace with other sectors like EDR and cloud security, even as threat actors have rapidly evolved. Modern threats from hackers for hire or state-sponsored threat actors easily evade signature-based legacy antivirus. Yes, signatures are useful for identifying known or commodity malware, but they are incapable of detecting novel malware.
Beyond ease of evasion, signatures can create administrative nightmares. Storage security admins can become bogged down in a relentless spiral, making sure their blocklists are always updated with the latest signatures.
Another challenging factor is broad access to the data stored on NetApp arrays. Businesses rely upon ready access to this data to function. Considering the wide access, and the ease with which malicious files can evade signature-based detection, one can readily appreciate how securing the NetApp storage is vital to business continuity.
In addition to business continuity and brand reputation, an additional concern is regulatory compliance. While exact compliance details vary by framework, organizations in various industries are often required to regularly scan their network attached storage for malware. Although regulatory frameworks generally do not specify how this is accomplished, more forward thinking frameworks such as GDPR do stipulate that organizations follow the principle of “data protection by design and by default,” and that data protection measures take into account the technological “state of the art.”
To help organizations better provide for continuous security of their data on NetApp storage arrays, and to reduce the risk of business disruption due to advanced malware which evades signature-based alternatives, SentinelOne introduced Threat Detection for NetApp (TD4NA). Generally available in the Singularity Cloud Data Security product line, TD4NA delivers AI-powered cloud data security that protects NetApp arrays from malware. High-performance, low-latency inline file scanning delivers verdicts in milliseconds.
When considering state-of-the-art solutions for securing your NetApp arrays, here are some factors which set SentinelOne and TD4NA apart from alternatives.
TD4NA delivers verdicts in milliseconds, allowing user access to their data without performance bottlenecks and without compromising security. When a file is judged to be malicious, it is automatically encrypted and quarantined, to stop the potential for spread before it even has a chance to begin.
Alternatives which rely upon signatures are easily circumvented. A threat actor can simply pad a malware sample, recompile, and the malware has a new signature not found in any blocklist. In stark contrast, SentinelOne’s proprietary AI deeply analyzes a file’s characteristics for indicators of malicious intent – no signature required. All files are scanned locally. No sensitive data ever leaves your network. For some organizations, this is an important regulatory compliance consideration.
The SentinelOne TD4NA agent is installed on a “Vscan server” which, according to the NetApp ONTAP architecture, is dedicated to malware scanning. System requirements for the Vscan server are documented in the SentinelOne knowledge base. It is possible to configure more than one TD4NA agent on a single Vscan server, depending upon customer requirements for redundancy or IOPS performance.
When a user submits a file put/access request, the NetApp array automatically submits a scan request via ONTAP protocol to the Vscan server. The TD4NA solution then works as follows:
Upon scan completion, the NetApp array grants or denies the user request, depending upon the scan verdict. If the file verdict is not malware, the user is granted access.
If the file verdict is judged by the AI to be malware, the user request is denied and the file is automatically encrypted and quarantined by the solution. The quarantine directory is specified beforehand by the security admin. At their discretion, security admins may access the malicious file via 1-click file fetch for further analysis and sandboxing.
All file scans are local and inline. Local file scanning occurs on the Vscan server. Inline file scanning holds the file until scanning is complete. The solution is optimized for performance, so file scans complete within milliseconds for a low latency user experience.
With SentinelOne’s AI-powered Threat Detection for NetApp, malware is identified and mitigated in real time, thereby minimizing dwell time and downstream data risk. All files are scanned locally so that no sensitive data leaves your network, and TD4NA is managed from the same Singularity Platform that SentinelOne customers know well.
To learn more about Threat Detection for NetApp, visit our Cloud Data Security webpage. There you will find datasheets, customer case studies, and more. And whenever you are ready for a personalized demo, you may connect with one of our cloud security experts.
Singularity™ Cloud Data Security AI-Powered Malware Scanning
Elevate your defenses with adaptive, scalable, and AI-powered SentinelOne solutions for Amazon S3 and NetApp.