NetApp and Cisco expand FlexPod for enterprise AI and ransomware response

NetApp and Cisco have expanded their collaboration with new validated FlexPod architectures for artificial intelligence workloads and a security playbook that can automatically respond to ransomware threats at the storage layer.

The FlexPod designs combine computing, networking and storage systems that have been tested to operate together. They are intended to reduce the work required to deploy AI applications such as retrieval-augmented generation, which connects an AI model with an organisation’s own data, and semantic search, which identifies information by meaning instead of relying only on matching words.

The companies have also introduced a NetApp Splunk Security Orchestration, Automation and Response playbook. It allows Splunk’s security platform to instruct NetApp storage systems to block suspicious users, create snapshots and take affected data volumes offline when an attack is detected.

The two developments address different stages of enterprise AI adoption. FlexPod provides a pre-tested foundation for running AI workloads, while the Splunk playbook is designed to contain threats against the data that supports those applications.

FlexPod adds pre-tested infrastructure for AI workloads

FlexPod combines Cisco computing and networking equipment with NetApp storage. The new configurations extend the platform to support AI deployments in corporate data centres, individual departments and remote locations.

By validating the components as a complete system, NetApp and Cisco aim to reduce the technical work involved in selecting, integrating and testing infrastructure from different suppliers. The designs also allow AI applications to operate close to the data they use, which could limit the need to move large or sensitive datasets between separate environments.

The enterprise configuration includes NetApp AFX, which allows storage performance and capacity to be expanded separately. An organisation could therefore add storage performance without increasing capacity at the same rate, or add capacity independently.

NetApp also plans to add data discovery, preparation and governance through its AI Data Engine. These functions are intended to help organisations find suitable information, prepare it for AI applications and control how it is accessed. The company described them as future capabilities, meaning they are not all available in the announced configurations.

Cisco is contributing networking and security technologies through Cisco Secure AI Factory with NVIDIA. The architecture is designed to apply security controls across the AI environment, including safeguards intended to reduce data exposure, governance gaps and compliance risks.

Cisco’s AI networking infrastructure, including Nexus One, connects storage with AI computing resources. NetApp and Cisco said it is designed to move data consistently across the environment, helping organisations make better use of expensive computing resources and complete workloads more predictably.

The companies have also worked with NVIDIA to base the FlexPod configurations on its reference designs for enterprise AI infrastructure. These designs give organisations a tested starting point instead of requiring them to assemble and validate every component independently.

A smaller configuration supports AI inferencing, the process of using a trained model to generate an answer or prediction, and retrieval-augmented generation for individual teams and departments. It is intended for organisations that want to use internal data with AI applications but lack the budget or specialist staff to design the underlying systems from the ground up.

For remote and edge locations, Cisco Unified Edge can be combined with NetApp storage to run AI inferencing, software containers and virtual machines. Administrators can manage these environments centrally and apply common policies across multiple locations, reducing the need to maintain a separate technology stack at each site.

Splunk playbook automates storage responses to ransomware

The second part of the collaboration focuses on reducing the delay between detecting ransomware and protecting affected data.

Splunk Enterprise Security already collects information from NetApp Ransomware Resilience, giving security teams greater visibility into activity within the storage environment. The new playbook adds the ability to turn those alerts into automated actions.

When suspicious behaviour is detected, Splunk can direct NetApp ONTAP storage to block a user, create a snapshot or take a data volume offline. These actions are intended to restrict an attacker’s access and preserve a recent copy of the data for possible recovery.

The playbook can use alerts from NetApp systems alongside signals from other security products. Organisations can therefore incorporate storage actions into existing incident-response procedures rather than managing them through a separate process.

“Effective security strategies require visibility and action across the entire technology stack, including the data layer,” said David Dalling, GVP, Splunk Security at Cisco. “With the new NetApp Splunk SOAR playbook, ONTAP storage becomes an active participant in the security ecosystem, enabling organisations to contain threats directly targeting enterprise data. By connecting NetApp storage into Splunk SOAR workflows, we’re helping security and storage teams collaborate more seamlessly and respond to incidents with greater speed and confidence.”

Security operations and storage administration are often handled by different teams. Automating agreed responses could reduce the manual coordination required during an attack, when delays may allow ransomware to reach more systems or data.

NetApp and Cisco said the playbook could shorten the average time required to contain an incident and reduce the workload placed on security teams. However, they did not provide customer results or measurements showing how much faster the automated process is compared with a manual response.

The NetApp Splunk SOAR playbook is available through SplunkBase. The companies did not state which product versions, licences or additional services are required to use its full range of functions.