Today, at their NetApp INSIGHT 2025 event, NetApp announced new industry-leading cyber resilience capabilities that further strengthen their data services portfolio, specifically around ransomware. The newly enhanced and renamed NetApp Ransomware Resilience service lets customers make their data infrastructure a leading part of their comprehensive security strategy with integrated AI-powered ransomware detection and two new capabilities. One of them is a first-in-the-industry ability for enterprise storage to detect data breaches. The other is isolated recovery environments to enable safe and clean recovery of mission-critical data.
As enterprises face their most pressing challenges – AI innovation, data modernization, cyber resilience, and cloud transformation – they need a secure, reliable, and efficient data infrastructure. While investments in AI are creating unprecedented opportunity for enterprises, they are also expanding their attack surfaces. NetApp makes data infrastructure a critical part of enterprise security strategy, leveraging AI to protect enterprise data and eliminate operational disruption.
“To effectively protect your data from a cyberattack, you need to know it happened as early as possible to take action,” said Gagan Gulati, Senior Vice President and General Manager, Data Services at NetApp. “With new AI-powered capabilities to detect early indicators of data exfiltration attempts on top of our existing leading capabilities to detect ransomware attacks on both structured and unstructured data, we’re making enterprise data even safer. Storage is the last line of defense to protect our customers’ most valuable asset – data – and we are constantly innovating on top of the most secure storage on the planet.”
While by itself, the rebranding of the service does not change it, NetApp believes that the name change is representative of the overall strengthening of the offering.
“We’ve had as you know, a data services portfolio for some time now, and, specifically one in particular, that is, that has had a lot of success with customers is around ransomware protection,” said Eric Schou, VP of Marketing at NetApp. So for INSIGHT, we are renaming this offering to Ransomware Resilience, really because we’re adding more and more capabilities, and it’s just much more of a comprehensive offering than we’ve had, previously, covering real-time detection, protection, response, and malware-free recovery.”
Formerly called the NetApp Ransomware Protection service, NetApp Ransomware Resilience makes protecting and recovering ONTAP workloads from ransomware attacks easier, faster, and more effective without requiring deep security expertise or training. The newly enhanced Ransomware Resilience service helps drive comprehensive, orchestrated, workload-centric ransomware defense across file and block storage all through a single control plane.
“One of the features in ransomware resilience that I wanted to call out, that is new, is around data breach detection,” Schou said. Discovering indicators of potential data exfiltration attempts, which we’re obviously seeing a lot more in market today, and exfiltration is a big concern for organizations.”
NetApp’s data breach detection is an AI-driven capability that identifies anomalous user and file system behaviors that are early indicators of potential data exfiltration and thus a breach attempt. Upon identification, Ransomware Resilience automatically alerts the customer via their security information and event management (SIEM) solution, arming them with forensics to enable decisive and swift action. By proactively identifying breaches, NetApp customers can block further unauthorized transfer of sensitive data, stopping cyber threats before they can cause extensive unauthorized data exposure.
“It provides very in-depth forensic data so that you can act fast and block potentially suspicious users,” Schou stated. “It also detects possible encryption and mass deletion attempts. And all this can be automatically alerted through a customer’s SIEM or SIM of choice, through an open API.”
NetApp Ransomware Resilience is also introducing isolated recovery environments to ensure safe and malware-free workload recovery. An isolated recovery environment utilizes deep and proprietary AI-powered scanning to precisely identify maliciously impacted data and the point at which it was modified. Ransomware Resilience then guides the customer through the workload restoration process for a fast and easy malware-free recovery of the most recent safe data, preventing reinfection.
These enhancements complement existing NetApp capabilities such as AI-powered detection built directly into ONTAP. NetApp ONTAP Autonomous Ransomware Protection with Artificial Intelligence (ARP/AI) – which now fully supports data stored in both file and block protocols – has demonstrated 99% detection of tested, advanced full-file encryption ransomware attacks with zero false positives in external testing and validation, indicating a strong ability to operate in a business context without contributing to alert fatigue.
“NetApp embraces a secure-by-design approach that positions its storage solutions not just as a last line of defense against cyber threats, but also as an early line of defense,” said Philip Bues, Sr. Research Manager, Cloud Security and Confidential Computing at IDC. “As malicious actors continue to evolve, adding techniques such as double extortion to their ransomware attack patterns, today’s announcements show that NetApp is keeping pace to back up its claim as one of the industry’s most secure storage platforms. The new data breach detection capability gives enterprises a critical advance warning enabling them to stop and respond to cyber threats before they impact the business. It demonstrates that NetApp is more than a storage company, it is an invested, trusted partner that is addressing the most pressing priorities of its customers.”