FPolicy file blocking
FPolicy blocks unwanted files from being stored on your enterprise-grade storage appliance. FPolicy also gives you a way to block known ransomware file extensions. A user still has full access permissions to the home folder, but FPolicy doesn't allow a user to store files your administrator marks as blocked. It doesn't matter if those files are MP3 files or known ransomware file extensions.
Block malicious files with FPolicy native mode
NetApp FPolicy native mode (an evolution of the name, File Policy) is a file-extension blocking framework that allows you to block unwanted file extensions from ever entering your environment. It has been part of ONTAP for over a decade and is incredibly useful in helping you protect against ransomware. This Zero Trust engine is valuable because you get extra security measures beyond access control list (ACL) permissions.
In ONTAP System Manager and BlueXP, a list of over 3000 file extensions is available for reference.
Some extensions might be legitimate in your environment and blocking them can lead to unexpected issues. Create your own list that is appropriate for your environment before configuring native FPolicy. |
FPolicy native mode is included in all ONTAP licenses.
Enable user and entity behavior analytics (UEBA) with FPolicy external mode
FPolicy external mode is a file activity notification and control framework that provides visibility of file and user activity. These notifications can be used by an external solution to perform AI-based analytics to detect malicious behavior.
FPolicy external mode can also be configured to wait for approval from the FPolicy server before allowing specific activities to go through. Multiple policies like this can be configured on a cluster, giving you great flexibility.
FPolicy servers must be responsive to FPolicy requests if configured to provide approval; otherwise, storage system performance might be negatively impacted. |
FPolicy external mode is included in all ONTAP licenses.