CrytpoSpike is a great tool that monitors your NetApp file environment and protects your file infrastructure from ransomware. It uses both black- and white-list technologies, as well as a "Learner Module" that identifies anomalous user behavior (i.e. a ransomware attack has started) and blocks them within seconds. Any infected files can be identified and rolled back using NetApp snapshots. Licensed per controller with no extra costs for number of files, users or storage expansion.
For more info, check out our two-minute explainer video.
https://catalogicsoftware.com/resources/cryptospike-ransomware-detection-for-netapp-in-two-minutes