NetApp seals Elastio and Commvault deals for more resilience and less ransomware

NetApp is hooking up with Elastio to add more ransomware checks to its backups, and with Commvault for rapid attack recovery for customers across on-premises and cloud environments. 

Elastio functionality will be used to try to improve the detection of ransomware in ONTAP snapshots, and NetApp is allying with Commvault in a bid to provide better recovery from detected attacks in ONTAP-stored data. 

Gagan Gulati, SVP and GM of Data Services at NetApp, said: "By protecting data where it lives, we make storage a priority to combat cyber threats like ransomware. But the stakes for business resilience and operational continuity are too high to rely on a single layer of defense. By collaborating with Elastio, we’re giving enterprises another tool to protect their most critical asset: data."

Elastio, founded in 2020, produces cloud-native SW running agentless detection, malware scanning of backups, automated recovery testing, and immutable storage to enable rapid, clean restores after malware detection. It has a Model Context Protocol (MCP) Server for agentless ransomware detection and backup validation. This, it says, makes incident response, resilience, and recovery an integrated part of agentic workflows and enables self-healing. Elastio launched a Provable Recovery managed service last year, "delivered and managed by Elastio’s ransomware experts."

NetApp’s Ransomware Resilience Service is built to detect and contain ransomware at the data layer in real time, take immutable snapshots, guide recovery, and continuously assess ransomware posture across ONTAP environments. It says advanced ransomware is engineered to evade prevention tools, moving quietly through tjhe infrastructure, staying below detection thresholds, reaching backup data before any alert is triggered. 

It is now embedding Elastio’s Provable Recovery Control into the NetApp Ransomware Resilience Service as "Powered by Elastio," adding Deep File Inspection of snapshots. This will, it says, detect zero-day ransomware, staged malware, and stealth corruption that evaded perimeter controls. There are no agents and it will continuously identify the last known clean recovery points. There is no separate procurement and no architecture changes for customers.

NetApp and Commvault

Commvault and NetApp say recovery from ransomware and cyber threats must be rapid, automated, and inherently secure. They are unifying Commvault’s resilience, protection, and recovery capabilities with NetApp ONTAP’s built-in intelligence and AI-driven ransomware detection to enhance attack detection and recovery. 

ONTAP has an AI-powered ARP (Autonomous Ransomware Protection) feature in its Ransomware Resilience Service. The pitch is this provides data breach detection at the storage level, and isolated recovery environments – clean rooms – to enable safe and clean recovery. It uses AI-powered scanning to identify corrupted data at the point which it was modified, then guides the user through a workload restoration process of the most recent safe data. 

Pranay Ahlawat, Chief Technology and AI Officer at Commvault, said: "Together Commvault and NetApp detect potential attacks close to the data and make trusted recovery decisions to quickly, cleanly, and completely restore data at scale. Our joint customers will be able to [have] confidence that their data and their business can be resilient in the face of disruption."

NetApp and Commvault say they are delivering closed loop recovery "that combines early ransomware detection signals with an automated, validated recovery workflow at scale. … By integrating NetApp’s AI-powered ARP on primary storage integrated with Commvault’s threat aware backup and Synthetic Recovery, organizations can minimize data loss, accelerate complete recoveries, and regain operational confidence."

Synthetic Recovery combines the last known clean dataset with good data extracted from newer compromized data sets. It has an AI-enabled process which automatically detects threats and removes them during recovery while keeping the good data intact.

The two companies claimed their "joint offering can help customers also realize shorter rollback windows and improved data preservation with a faster return to operations and lower downtime costs." In the future they will use ONTAP restore technology as the target to further reduce data loss and significantly improve recovery speed.

The NetApp Ransomware Resilience Service powered by Elastio is planned for availability in the near future.