Back

NetApp and Cisco Launch SOAR Playbook to Combat Ransomware Threats

Severity: Medium (Score: 57.8)

Sources: Simplywall.St, cts.businesswire.com, Za.Investing, Markets.Ft

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: netapp, cisco, playbook, ransomware, attacks, soar, ntap

Severity indicators: pla, ransomware, ransomware attack

Summary

On June 3, 2026, NetApp and Cisco announced the release of a new Security Orchestration, Automation, and Response (SOAR) playbook aimed at enhancing ransomware resilience. This playbook integrates with Splunk Enterprise Security, allowing automated incident response actions directly on NetApp ONTAP storage systems. The collaboration is designed to help organizations respond swiftly to ransomware attacks by blocking suspicious users, creating data snapshots, and taking data volumes offline. Sandeep Singh from NetApp emphasized the urgency of acting immediately upon threat detection, given the increasing sophistication of cyberattacks. The playbook aims to improve security metrics like mean time to contain (MTTC) and reduce the manual effort required for data protection. This initiative reflects a growing focus on integrating storage and security operations to enhance data resilience in large IT environments. Key Points: • NetApp and Cisco's new SOAR playbook automates responses to ransomware threats. • The playbook integrates with Splunk Enterprise Security for real-time incident response. • Automated actions include blocking users and taking data volumes offline to prevent infections.

Detailed Analysis

**Impact** Enterprises using NetApp ONTAP storage systems integrated with Splunk Enterprise Security and Cisco security solutions are the primary affected group. The playbook targets ransomware attacks that threaten critical data stored in these environments, aiming to reduce data loss and operational disruption. The collaboration impacts sectors reliant on large-scale data infrastructure across North America, Europe, and Asia-Pacific, where NetApp and Cisco have significant market presence. No specific incident metrics or affected organization counts were provided. **Technical Details** The playbook automates response actions within the security orchestration, automation, and response (SOAR) framework, triggered by ransomware detection signals from Splunk Enterprise Security. It enables direct actions on NetApp ONTAP storage, including blocking suspicious users, snapshot creation, and taking data volumes offline to contain infection spread. No malware names, CVEs, or specific attack vectors were disclosed. The integration operates primarily at the incident response and containment stages of the kill chain. **Recommended Response** Organizations should deploy the NetApp Splunk SOAR playbook within their existing Splunk Enterprise Security environments to automate ransomware containment at the storage layer. Security teams must configure automated workflows to immediately isolate compromised data volumes and block suspicious user activity upon detection. Monitoring should focus on ransomware detection signals from Splunk and storage health metrics from NetApp ONTAP. No patching or CVE mitigation details were provided.

Source articles (6)

  • NetApp and Cisco Collaboration Strengthens Defense-in — Markets.Ft · 2026-06-03
    New NetApp Splunk SOAR playbook helps contain ransomware attacks and limit data loss SAN JOSE, Calif. --(BUSINESS WIRE)--Jun. 3, 2026-- NetApp ® (NASDAQ: NTAP), the Intelligent Data Infrastructure com…
  • NetApp and Cisco launch SOAR playbook to combat ransomware attacks By Investing.com — Za.Investing · 2026-06-04
    NetApp ( NTAP ) and Cisco ( CSCO ) announced the release of a new security playbook designed to help organizations respond to ransomware attacks through automated storage-level protections. The NetApp…
  • NetApp Cisco Splunk SOAR Link Puts Ransomware Resilience In Focus — Simplywall.St · 2026-06-04
    For investors tracking data infrastructure, this move sits at the intersection of storage, cybersecurity, and observability software. NetApp is best known for enterprise storage and data management, w…
  • Aligning Storage and Security to Strengthen Cyber Resilience — cts.businesswire.com · 2026-06-03
  • Cyber Resilience: The Most Secure Storage on the Planet — cts.businesswire.com · 2026-06-03
  • Ransomware Resilience: Ransomware Protection Using AI-Based Detection — cts.businesswire.com · 2026-06-03

Timeline

  • 2026-06-03 — NetApp and Cisco announce SOAR playbook: The new playbook aims to enhance ransomware resilience through automated storage-level protections.
  • 2026-06-04 — Investors react to SOAR playbook launch: The collaboration is seen as a significant step in addressing ransomware risks in IT environments.
  • 2026-06-04 — Details of SOAR playbook functionality revealed: The playbook allows automated actions like blocking users and creating data snapshots during threats.

Related entities

  • Ransomware (Attack Type)
  • Canada (Country)
  • United States (Country)
  • businesswire.com (Domain)
  • investing.com (Domain)
  • netapp.com (Domain)
  • simplywallst.com (Domain)
  • [email protected] (Email)
  • [email protected] (Email)
  • [email protected] (Email)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed