NetApp and Cisco Launch SOAR Playbook to Combat Ransomware Threats

On June 3, 2026, NetApp and Cisco announced the release of a new Security Orchestration, Automation, and Response (SOAR) playbook aimed at enhancing ransomware resilience. This playbook integrates with Splunk Enterprise Security, allowing automated incident response actions directly on NetApp ONTAP storage systems. The collaboration is designed to help organizations respond swiftly to ransomware attacks by blocking suspicious users, creating data snapshots, and taking data volumes offline. Sandeep Singh from NetApp emphasized the urgency of acting immediately upon threat detection, given the increasing sophistication of cyberattacks. The playbook aims to improve security metrics like mean time to contain (MTTC) and reduce the manual effort required for data protection. This initiative reflects a growing focus on integrating storage and security operations to enhance data resilience in large IT environments.

Key Points: • NetApp and Cisco's new SOAR playbook automates responses to ransomware threats. • The playbook integrates with Splunk Enterprise Security for real-time incident response. • Automated actions include blocking users and taking data volumes offline to prevent infections.