Back

NetApp and Cisco Launch SOAR Playbook to Combat Ransomware Attacks

Severity: Medium (Score: 42.9)

Sources: cts.businesswire.com, Za.Investing, Markets.Ft

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: netapp, cisco, playbook, ransomware, attacks, soar, ntap

Severity indicators: pla, ransomware, ransomware attack

Summary

On June 3, 2026, NetApp and Cisco announced the release of the NetApp Splunk Security Orchestration, Automation, and Response (SOAR) playbook. This playbook is designed to help organizations automate responses to ransomware attacks at the storage level. It integrates with Splunk Enterprise Security to enable direct actions on NetApp ONTAP storage systems, such as blocking suspicious users and creating data snapshots. The collaboration aims to enhance incident response capabilities and limit data loss during cyberattacks. Sandeep Singh from NetApp emphasized the urgency of acting quickly against threats, as AI accelerates the sophistication of cyberattacks. The playbook is part of a broader effort to strengthen defense-in-depth strategies for customers. It builds on existing integrations between Splunk and NetApp Ransomware Resilience, providing analytics from the data layer. The playbook is now available for download from SplunkBase. Key Points: • NetApp and Cisco launched a SOAR playbook to automate ransomware attack responses. • The playbook integrates with Splunk Enterprise Security for direct actions on storage systems. • Automating responses aims to improve security metrics and reduce manual efforts.

Detailed Analysis

**Impact** Enterprises using NetApp ONTAP storage systems integrated with Splunk Enterprise Security are the primary beneficiaries of the new SOAR playbook. The playbook aims to reduce ransomware impact by containing attacks at the storage layer, limiting data loss and operational downtime. This affects sectors reliant on secure data storage and rapid incident response, with no specific geographies or numbers provided. The automation reduces manual effort and shortens mean time to contain (MTTC), improving overall cyber resilience. **Technical Details** The playbook automates incident response actions triggered by ransomware detection signals from Splunk Enterprise Security and NetApp Ransomware Resilience analytics. Actions include blocking suspicious users, creating data snapshots, and taking data volumes offline directly on NetApp ONTAP storage. The integration enhances defense-in-depth by incorporating storage-level containment into the kill chain’s containment and eradication stages. No specific malware, CVEs, or IOCs are mentioned in the articles. **Recommended Response** Organizations using NetApp ONTAP and Splunk Enterprise Security should deploy the NetApp Splunk SOAR playbook available on SplunkBase to automate ransomware containment actions. Security teams should configure workflows to leverage storage-level incident responses such as user blocking and volume isolation. Monitoring should focus on ransomware detection signals within Splunk and ensure integration with NetApp storage is active and properly configured. No patching or specific CVE mitigations are detailed in the sources.

Source articles (5)

  • NetApp and Cisco Collaboration Strengthens Defense-in — Markets.Ft · 2026-06-03
    New NetApp Splunk SOAR playbook helps contain ransomware attacks and limit data loss SAN JOSE, Calif. --(BUSINESS WIRE)--Jun. 3, 2026-- NetApp ® (NASDAQ: NTAP), the Intelligent Data Infrastructure com…
  • NetApp and Cisco launch SOAR playbook to combat ransomware attacks By Investing.com — Za.Investing · 2026-06-04
    NetApp ( NTAP ) and Cisco ( CSCO ) announced the release of a new security playbook designed to help organizations respond to ransomware attacks through automated storage-level protections. The NetApp…
  • Aligning Storage and Security to Strengthen Cyber Resilience — cts.businesswire.com · 2026-06-03
  • Cyber Resilience: The Most Secure Storage on the Planet — cts.businesswire.com · 2026-06-03
  • Ransomware Resilience: Ransomware Protection Using AI-Based Detection — cts.businesswire.com · 2026-06-03

Timeline

  • 2026-06-03 — NetApp and Cisco announce SOAR playbook: The new playbook automates responses to ransomware attacks, integrating with Splunk for direct actions on ONTAP storage.
  • 2026-06-04 — SOAR playbook details released: The playbook enables automated actions like blocking users and taking data volumes offline to prevent infection.

Related entities

  • Ransomware (Attack Type)
  • businesswire.com (Domain)
  • investing.com (Domain)
  • netapp.com (Domain)
  • [email protected] (Email)
  • [email protected] (Email)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed