SnapGuard™ gives you peace of mind by protecting your data fabric from malicious software and other cybersecurity attacks. It is designed specifically for NetApp ONTAP based storage systems (on-prem and in the cloud) and is ideal for corporations already running on or planning to run on NetApp ONTAP.

 The original FPolicy ransomware protection for ONTAP (since 2016)

 Next-gen ransomware protection and file verification

 Sophisticated ransomware pattern management

 From the inventors of the differential restore

 Protects environments of any size (100+ ONTAP clusters)

Why you should use SnapGuard to protect NetApp ONTAP

When endpoint security fails, shared data stored on your NetApp ONTAP system is vulnerable to ransomware that could jeopardize your valuable data. SnapGuard not only helps you to protect your assets, but also offers solutions when your system has been attacked.

FPolicy & EVTX Firewall

Ransomware Protection for ONTAP: Cleondris was the first technology provider to realise that active ransomware detection and simultaneous automatic defense could be implemented using NetApp's built-in FPolicy mechanism. We were also the first to offer combined FPolicy and EVTX (NetApp file service audit) processing to provide even better protection for your data. Our firewall is able to run in-band, which means that malicious behavior can be stopped in its tracks.

Differential Restore

SnapGuard's unique differential restore functionality allows you to repair defective data, while leaving your uncompromised data intact. Correct modifications are retained, leaving you to focus only on the corrupted portion. No matter what protective measures you take, it is still possible for data from clients to be corrupted by malicious software using previously-unknown approaches. Restoring a whole volume to an earlier snapshot with NetApp's SnapRestore is often not the best option, as it reverts both wanted and unwanted changes simultaneously.


You can observe CIFS and NFS client activity in real time with SnapGuard's Live View. It is possible to configure fine-grained permissions that allow only administrators or security personnel to see all ongoing operations on a NetApp volume. Clients demonstrating suspicious behavior can be put on a block list with a single click. Live View is completely agentless and can be attached to any ONTAP volume in real time.

Volume Analyzer

SnapGuard's integrated Volume Analyzer lets you efficiently generate a metadata breakdown, including an overview of all used file extensions and their location/distribution in the file system. This is useful when you suspect that a NetApp flexible volume has been damaged by ransomware. The analysis does not need CIFS connectivity, thanks to ONTAP's SnapDiff and NDMP functionality. Based on the results, you can then initiate a differential restore.

Scalability & Security with DMT

Optional data management tools allow you to offload firewall functionality to computers in different security zones. This approach makes SnapGuard ideal for service providers, as it only communicates inside the secure management network over the NetApp Management, NDMP and SnapDiff APIs with the nodes and the cluster admin vserver (or 7-Mode vfiler0) of ONTAP. Access to the ONTAP data interfaces in the customer zone is only needed for FPolicy communication, and the tools allow you to properly separate this from the management network.

Next-gen Ransomware Protection

SnapGuard's ransomware protection is extremely reliable and has absolutely no impact on client latency, as generic file-damage detection is based on an online background mechanism. Don't believe the fuss about using machine learning to detect ransomware patterns: it has no substance and the only thing that really matters is whether clients are corrupting data or not. Our next-gen approach is based on recognized best practices and does not rely on the evaluation of any kind of obscure or incomprehensible client access patterns.

CLEONDRIS®, CDM®, SNAPGUARD® and ULTRAVIRT® are registered trademarks of Cleondris GmbH in Switzerland, the United States, the EU, China, Liechtenstein and/or other jurisdictions. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. NetApp, Data ONTAP, FlexClone, FlexVol, MetroCluster, Network Appliance, ONTAPI, RAID-DP, SnapMirror, SnapVault, vFiler and WAFL are trademarks or registered trademarks of NetApp, Inc. in the U.S. and/or other countries. All other brands or products are trademarks or registered trademarks of their respective holders and should be treated as such.

Please note our General Terms of Use of this Website as well as our Privacy Policy. For general inquiries, please refer to our contact information and impress. Thank your for visiting our website.