Multi-layered ransomware protection and tamper-proof audit capabilities for NetApp ONTAP systems.


Are you tired of constantly worrying about the threat of ransomware attacks on your Netapp systems? Are you ready to proactively protect your data from ransomware and other cyberattacks? If yes, then SnapGuard is the perfect solution for you!

Unlike other cybersecurity solutions, SnapGuard is designed specifically for NetApp ONTAP and Amazon FSx for NetApp ONTAP systems and provides the highest level of protection for your data. With features like FPolicy, EVTX Firewall, Differential Restore, Live View, and Volume Analyzer, SnapGuard is the most comprehensive and effective solution. As the first FPolicy ransomware protection for ONTAP, SnapGuard has protected data from malicious software and other cybersecurity attacks since 2016.

Easy and fast protection against ransomware

SnapGuard is easy to install within 10 minutes and works in the background to detect and prevent attacks as they occur. It monitors user behavior, tracks attacks against infected users and devices, and disables accounts automatically to protect your business from harm. In an emergency, it even creates emergency snapshots and puts volumes into read-only mode.

But that's not all! SnapGuard also scans and scans your primary and secondary storage drives, as well as physically backed up AirGap SnapMirror target drives, and repairs corrupted data as needed with just a few clicks from a snapshot on-premises or in the cloud. The solution integrates with existing security information and event management (SIEM) platforms, making it ideal for organizations with stringent security and compliance requirements.

You don't even have to take our word for it - try SnapGuard now for free and discover how it can protect your business.

Key features of SnapGuard

Below is a brief overview of our powerful capabilities, which can be categorized as "prevention" (prevention, detection and mitigation) and "response" (repair, integration, data management, testing and compatibility).

This categorization reflects the phases of the cybersecurity process, with the Prevention category focusing on measures to prevent and proactively detect threats. The Response category focuses on tools and measures to analyze, respond to, and remediate threats as they occur.


Prevent ransomware attacks before they happen with SnapGuard. With features like FPolicy firewall and Live View, you can nip malicious behavior in the bud.

But what happens when an attack slips through the cracks? That's where SnapGuard's detection capabilities come in. With the ability to detect abnormal behavior and automatically disable accounts, you can catch potential threats before they become disasters.

And if the worst does happen, SnapGuard offers features like volume read-only mode and emergency snapshots for damage control.

  • Real-time agentless employee behavior monitoring (FPolicy): SnapGuard monitors employee behavior in real-time without installing agents on endpoints, enabling it to identify potential insider threats and block known ransomware and malicious file types.
  • FPolicy-based firewall: FPolicy-based firewall operates in-band, meaning it can stop malicious behavior instantly and scales up to millions of requests per second.
  • Live View: The Live View feature allows real-time observation of client activity and provides fine-grained permissions to view ongoing operations. It operates completely agentless and can be attached to any ONTAP volume in real-time.
  • Block suspicious clients: The ability to block suspicious clients with a single click adds an additional layer of protection to SnapGuard's ransomware prevention capabilities.
  • Scalability with DMT: SnapGuard can offload firewall functions to computers in different security zones, making it ideal for service providers and large organizations.


But what about the data that gets corrupted? SnapGuard can repair it with features like automated differential recovery.

Plus, SnapGuard integrates seamlessly with other systems like security information and event management (SIEM) platforms. And with data management features like encrypted and off-site logs, as well as the event viewer and analyzer, you can manage your data more effectively.

In addition, SnapGuard's audit features, such as Cleondris CVTX Blockchain and FPolicy integration, create tamper-proof logs of file access and changes, so you don't have to worry. And with compatibility with systems like NetApp ONTAP and Amazon FSx, SnapGuard is the perfect solution for any organization.

SnapGuard provides the ultimate protection option against ransomware attacks. Here's a brief overview of our powerful features that guarantee you the most optimal protection.

  • Differential Recovery: The Differential Recovery feature enables the repair of corrupted data, leaving uncompromised data intact.
  • Volume Analyzer: The Volume Analyzer can efficiently generate a breakdown of metadata, and an overview of all file extensions used and their location/distribution, making it easier to identify changes or anomalies in file behavior.
  • Next-Gen Ransomware Protection: Based on recognized best practices, SnapGuard's Next-Gen Ransomware Protection is designed to prevent ransomware attacks from happening in the first place.
  • Traceability of all file manipulations: Audit logs via the FPolicy mechanism provide traceability of all file manipulations, allowing organizations to quickly identify suspicious behavior and prevent potential attacks.
  • Encrypted and externally stored audit logs: In the near future (in our roadmap), audit logs can be encrypted and stored externally, protecting them from tampering and data loss. The S3 lifecycle policy makes it impossible to modify the log files and ensures the integrity of the data.
  • Blockchain-format audit logs: Blockchain-format audit logs ensure tamper protection and audit compliance, making it easy for organizations to meet the most demanding compliance requirements for logging file access on NetApp ONTAP systems.
  • EVTX Viewer: SnapGuard has a built-in viewer with search capabilities for native NetApp audit log files, enabling users to identify and analyze potential threats quickly.
  • SIEM Support: SnapGuard can forward a subset or all events to an external SIEM system to improve threat analysis and incident response.

SnapGuard is a comprehensive ransomware protection solution that provides both prevention and rapid attack response. With features like FPolicy Firewall and Live View, attacks can be nipped in the bud. If an attack does get through, potential threats can be intercepted with SnapGuard's ability to detect anomalous behavior and automatically disable accounts.

If the worst happens, SnapGuard offers features such as a read-only mode for volumes and emergency snapshots to limit the damage. If data becomes corrupted, SnapGuard can repair it with features like automatic differential recovery. With data management features such as encrypted and externally stored logs and an audit function, SnapGuard provides reliable user activity monitoring and effective data management.

Have you ever wondered how to protect your valuable data on NetApp ONTAP systems even when other security measures fail?

Cybercriminals are using increasingly sophisticated techniques and means to gain access to systems and networks. An employee's wrong mouse click can spread malware from a local computer to a storage device connected to the network.

No human can detect modern threats' incredible complexity and speed in time. That's why it's more important than ever for businesses and government agencies to take proper security precautions and equip themselves with the right tools to protect the data on their NetApp systems as a last line of defense.

Are you sure your backup and disaster recovery are sufficient to protect your business from ransomware attacks? Imagine investing a lot of time and money to restore your primary data, only to find that your backup data has also been infected with ransomware.

Protecting data from ransomware attacks is important, but backups alone are not enough. There can be significant gaps between primary data and backups, recovery can be time-consuming, and cloud-based backups can incur transfer fees.

With SnapGuard, you gain several benefits, including faster recovery, cost-effective and easy-to-use protection and recovery operations, and the ability to continue using primary data even after an attack. With its three-tier protection strategy, SnapGuard can help you protect your data.

SnapGuard offers a three-tier security solution that helps you keep your data safe and secure.

  • The first layer of SnapGuard is active protection. This monitors user behavior and tracks attacks against infected users and devices.The second layer consists of audit log analysis that detects abnormal behavior patterns.Finally, the third layer, backup verification, provides protection for primary and secondary storage drives and physically secured AirGap SnapMirror target drives.

Taken together, these three layers of protection provide comprehensive protection against ransomware attacks, helping to ensure that your data is always safe and secure. So if you're looking for a reliable way to protect your business from ransomware, SnapGuard is the solution you need.

SnapGuard is a powerful tool for protecting Netapp systems from ransomware attacks. Whether you're an SMB, a large enterprise with multiple divisions and locations, or a government agency working with sensitive data, SnapGuard has the features you need to protect your data.

A government agency with strict data security regulations

SnapGuard provides a tamper-proof record of file access and changes that can help an agency comply with its data security regulations. In addition, SnapGuard scans and verifies primary and secondary storage drives, as well as physically backed up AirGap SnapMirror target drives, and enables differential recovery of disks using Snapshot copies, preserving the correct changes and including only the damaged portions.

A medium-sized company with a large amount of customer data

SnapGuard can provide an additional layer of security to a midsize company with customer data stored on its NetApp systems. SnapGuard can detect and prevent ransomware attacks before they happen, ensuring the company's sensitive data is safe and secure. 

In the event of an attack, SnapGuard can automatically disable accounts and place volumes in read-only mode to minimize the attack's impact.

A large company with multiple business units and locations

SnapGuard can monitor user behavior, track attacks against infected users and devices, automatically disable accounts and take emergency snapshots. Large enterprises with multiple business units and locations can thus quickly detect potential attacks and contain malware from a central SnapGuard console to minimize the impact on operations.

The backup verification feature ensures that all data is protected, and the differential recovery feature minimizes downtime in the event of a ransomware attack.

The classic approach to protecting against ransomware is to install intrusion detection systems (IDS) that detect and block attacks on the network and data. But cybersecurity is not just about defending against attacks at the network level because, despite all the security precautions, much of the infrastructure is not immune to ransomware attacks.

It is also about recovering data when it has been corrupted or deleted. Long system downtimes, corrupted backups and complicated, often very long recovery times after a ransomware attack are a horror scenario.

A strategy based only on installing IDS is, therefore, not sufficient. However, relying only on backup software to protect against ransomware is also insufficient. A security architecture must be able to identify access to sensitive data, detect anomalies, isolate data, and stay one step ahead of potential attackers.

Ransomware has become an increasingly popular means of extortion, with attackers demanding ever higher ransom payments for the release of encrypted data. But the cost of recovery resulting from a ransomware attack far exceeds the ransom payments. According to NetApp, by 2025, at least 75% of IT organizations will be affected by one or more attacks, with the average downtime after a ransomware attack exceeding 16 days.

Protect your on-premises, hybrid environments, public clouds, and virtualized workloads with SnapGuard, the most comprehensive cybersecurity solution for NetApp ONTAP and Amazon FSx for ONTAP systems. Protect your data from unauthorized disclosure, theft, or corruption and make your life easier by installing and using SnapGuard.

Are you ready to leave your data to chance?

Ransomware attacks are on the rise and becoming more sophisticated. If your Endpoint Protection fails or fails, your NetApp storage is unprotected and vulnerable.

SnapGuard provides reliable protection by integrating directly with your storage system. With SnapGuard, you can protect your valuable data innovatively. In the event of an attack, you can also refer back to existing NetApp snapshots to determine which files need to be restored and which do not.

Cleondris, a provider of ONTAP add-ons since 2010, develops and manufactures its products exclusively for NetApp and has limited reliance on third-party components. Our ROCK SOLID products are 100% developed in Switzerland and offer you the security you need for your business.

Ask yourself: Can I afford to leave my data to chance? Choose SnapGuard and protect yourself and your data now.

Try SnapGuard for free!

CLEONDRIS®, CDM®, SNAPGUARD® and ULTRAVIRT® are registered trademarks of Cleondris GmbH in Switzerland, the United States, the EU, China, Liechtenstein and/or other jurisdictions. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. NetApp, Data ONTAP, FlexClone, FlexVol, MetroCluster, Network Appliance, ONTAPI, RAID-DP, SnapMirror, SnapVault, vFiler and WAFL are trademarks or registered trademarks of NetApp, Inc. in the U.S. and/or other countries. All other brands or products are trademarks or registered trademarks of their respective holders and should be treated as such.

Please note our General Terms of Use of this Website or read our Privacy Policy. For general inquiries, please refer to our contact information and impress. Thank you for visiting our website.