NetApp Insight 2025: NetApp First to Embed Data Breach Detection into Enterprise Data Storage

NetApp Inc., the intelligent data infrastructure company, announced new industry-leading cyber resilience capabilities that further strengthen the most secure storage on the planet. The newly enhanced and renamed NetApp Ransomware Resilience service enables customers to make their data infrastructure a leading part of their comprehensive security strategy with integrated AI-powered ransomware detection and two new capabilities: a first-in-the-industry ability for enterprise storage to detect data breaches; and isolated recovery environments to enable safe and clean recovery of mission-critical data.

As enterprises face their most pressing challenges-AI innovation, data modernization, cyber resilience, and cloud transformation-they need a secure, reliable, and efficient data infrastructure. While investments in AI are creating unprecedented opportunity for enterprises, they are also expanding their attack surfaces. NetApp makes data infrastructure a critical part of enterprise security strategy, leveraging AI to protect enterprise data and eliminate operational disruption.

“To effectively protect your data from a cyberattack, you need to know it happened as early as possible to take action,” said Gagan Gulati, SVP and GM, Data Services at NetApp. “With new AI-powered capabilities to detect early indicators of data exfiltration attempts on top of our existing leading capabilities to detect ransomware attacks on both structured and unstructured data, we’re making enterprise data even safer. Storage is the last line of defense to protect our customers’ most valuable asset-data-and we are constantly innovating on top of the most secure storage on the planet.”

Click to enlarge

Key cyber-resilience updates from NetApp include:

NetApp Ransomware Resilience: Formerly called the NetApp Ransomware Protection service, NetApp Ransomware Resilience makes protecting and recovering ONTAP workloads from ransomware attacks easier, faster, and more effective without requiring deep security expertise or training. The newly enhanced Ransomware Resilience service helps drive comprehensive, orchestrated, workload-centric ransomware defense across file and block storage all via a single control plane.
Data Breach Detection: NetApp Ransomware Resilience now includes data breach detection, an AI-driven capability that identifies anomalous user and file system behaviors that are early indicators of potential data exfiltration and thus a breach attempt. Upon identification, Ransomware Resilience automatically alerts the customer via their security information and event management (SIEM) solution, arming them with forensics to enable decisive and swift action. By proactively identifying breaches, NetApp customers can block further unauthorized transfer of sensitive data, stopping cyber threats before they can cause extensive unauthorized data exposure.
Isolated Recovery Environments: NetApp Ransomware Resilience is also introducing isolated recovery environments to ensure safe and malware-free workload recovery. An isolated recovery environment utilizes deep and proprietary AI-powered scanning to precisely identify maliciously impacted data and the point at which it was modified. Ransomware Resilience then guides the customer through the workload restoration process for a fast and easy malware-free recovery of the most recent safe data, preventing reinfection.

These enhancements extend NetApp’s existing leadership in cyber resilience, complementing existing capabilities such as AI-powered detection built directly into ONTAP. The award-winning NetApp ONTAP Autonomous Ransomware Protection with Artificial Intelligence (ARP/AI)-which now fully supports data stored in both file and block protocols-has demonstrated 99% detection of tested, advanced full-file encryption ransomware attacks with zero false positives in external testing and validation, indicating a strong ability to operate in a business context without contributing to alert fatigue.

“NetApp embraces a secure-by-design approach that positions its storage solutions not just as a last line of defense vs. cyber threats, but also as an early line of defense,” said Philip Bues, senior research manager, cloud security and confidential computing, IDC. “As malicious actors continue to evolve, adding techniques such as double extortion to their ransomware attack patterns, today’s announcements show that NetApp is keeping pace to backup its claim as one of the industry’s most secure storage platforms. The new data breach detection capability gives enterprises a critical advance warning enabling them to stop and respond to cyber threats before they impact the business. It demonstrates that NetApp is more than a storage company, it is an invested, trusted partner that is addressing the most pressing priorities of its customers.”

Today, NetApp announced other updates across its portfolio including enhanced AI capabilities which deliver on the company’s AI vision by unifying high-performance storage and intelligent data services into a secure and scalable offering.

To learn about these updates and others across the NetApp portfolio, visit: https://www.netapp.com/product-updates.

At NetApp INSIGHT 2025 in Las Vegas, October 14-16, NetApp presents sessions and demos, showcasing how it is driving transformation across industries. Tune in to the keynote sessions at: https://www.netapp.com/insight/.

No ransomware detection or prevention system can completely guarantee safety from a ransomware attack. Although it’s possible that an attack might go undetected, NetApp technology acts as an important additional layer of defense, and our research indicates NetApp technology has resulted in a high degree of detection for certain file encryption-based ransomware attacks.

Additional Resources