NetApp (NASDAQ:NTAP) and Cisco (NASDAQ:CSCO) have unveiled a new security orchestration playbook designed to help organizations accelerate their response to ransomware incidents through automated actions at the storage infrastructure level.
The solution combines NetApp’s storage technologies with Cisco-owned Splunk’s security platform, enabling organizations to react more quickly when threats are detected and reduce the risk of widespread data compromise.
New SOAR Playbook Automates Critical Response Actions
The NetApp Splunk Security Orchestration, Automation, and Response (SOAR) playbook integrates directly with existing Splunk Enterprise Security environments and connects incident response workflows to NetApp ONTAP storage systems.
When suspicious activity is identified, the platform can automatically initiate a range of protective measures, including blocking potentially malicious users, generating storage snapshots, and isolating affected data volumes to limit the spread of an attack.
AI-Driven Threats Increase Need for Faster Response
NetApp highlighted the growing challenges posed by increasingly sophisticated cyberattacks, particularly as artificial intelligence enables faster and more complex attack methods.
“With AI accelerating both the speed and sophistication of cyberattacks, the window to respond has never been smaller,” said Sandeep Singh, Senior Vice President and General Manager, Platform at NetApp. “To limit the cost and impact of ransomware, organizations must act the moment a threat is detected, which means extending security automation into the storage layer where data lives.”
Expanding Existing Security Integration
The new playbook builds on the companies’ existing collaboration between Splunk Enterprise Security and NetApp Ransomware Resilience, which already provides visibility and analytics from the data layer.
With the latest release, organizations can move beyond threat detection and analytics by enabling automated actions directly within storage environments as part of broader security operations workflows.
Storage Systems Become Active Participants in Cyber Defense
Cisco emphasized that effective cybersecurity requires coordination across all layers of enterprise technology infrastructure, including data storage platforms.
“Effective security strategies require visibility and action across the entire technology stack, including the data layer,” said David Dalling, GVP, Splunk Security at Cisco. “With the new NetApp Splunk SOAR playbook, ONTAP storage becomes an active participant in the security ecosystem.”
Designed to Improve Security Efficiency
According to the companies, automating incident response actions can help organizations shorten the time required to contain threats while reducing the manual workload placed on security teams.
The objective is to improve key cybersecurity performance metrics, including mean time to contain incidents, while strengthening data protection against ransomware attacks.
The playbook is available through SplunkBase and represents the latest step in the ongoing partnership between NetApp and Cisco to integrate storage infrastructure more deeply into enterprise security operations.