NetApp (NASDAQ: NTAP) and Cisco (NASDAQ: CSCO) announced the release of a new security playbook designed to help organizations respond to ransomware attacks through automated storage-level protections.

The NetApp Splunk Security Orchestration, Automation, and Response (SOAR) playbook integrates with existing Splunk Enterprise Security systems to enable automated incident response actions directly on NetApp ONTAP storage systems. When threats are detected, the system can automatically block suspicious users, create data snapshots, and take data volumes offline to prevent further infection.

"With AI accelerating both the speed and sophistication of cyberattacks, the window to respond has never been smaller," said Sandeep Singh, Senior Vice President and General Manager, Platform at NetApp. "To limit the cost and impact of ransomware, organizations must act the moment a threat is detected, which means extending security automation into the storage layer where data lives."

The collaboration builds on an existing integration between Splunk Enterprise Security and NetApp Ransomware Resilience that provides analytics from the data layer. The new playbook extends this capability by enabling direct action on storage systems as part of incident response workflows.

"Effective security strategies require visibility and action across the entire technology stack, including the data layer," said David Dalling, GVP, Splunk Security at Cisco. "With the new NetApp Splunk SOAR playbook, ONTAP storage becomes an active participant in the security ecosystem."

The companies stated that automating response actions aims to improve security metrics including mean time to contain threats while reducing manual effort required to protect data. The playbook is available for download from SplunkBase.

The announcement represents an expansion of the existing collaboration between NetApp and Cisco to integrate storage infrastructure with security operations workflows.