Qumulo NeuralProtect uses AI to detect and stop ransomware before encryption

Qumulo has unveiled Qumulo NeuralProtect, a ransomware resilience solution built to protect data at the storage layer by detecting and stopping threats before data is encrypted, corrupted, or lost.

Integrated directly into the Qumulo Data Platform, NeuralProtect inspects every file at the precise point-of-write using a series of AI-driven analysis models to detect both known and zero-day threats, instantly isolating malicious activity and enabling rapid recovery. NeuralProtect shifts ransomware protection from reactive recovery to proactive prevention.

As a native capability of Qumulo Core, Azure Native Qumulo (ANQ), and Cloud Native Qumulo (CNQ) deployments, NeuralProtect protects data consistently across on-premises, hybrid, and cloud-native Qumulo environments. It is even more compelling when combined with Cisco Hypershield and Splunk.

Qumulo NeuralProtect and Cisco Hypershield enable an instant data-to-network response, quarantining malicious actors across the entire network. Operating with an industry-leading false-positive rate of less than 0.01%, this integrated system reduces detection-to-mitigation time to seconds. It isolates compromised systems and instantly notifies Splunk of the specific client, the malware variant, and the exact point of intrusion, preventing further infection and protecting crucial data for forensics and response resolution.

“Ransomware doesn’t target your backups first; it targets your live data. NeuralProtect is the first solution built to stop attacks at exactly that point, at the data layer, before a single file is compromised, avoiding costly and lengthy recoveries,” said Kiran Bhageshpur, Qumulo CTO. “Combined with Cisco Hypershield and Splunk, we’ve built what the industry has long needed: a coordinated cybersecurity architecture that spans storage, infrastructure, and security operations, so enterprises can respond to known and emerging threats without sacrificing business continuity.”

Deep File Inspection: Zero-day prevention at user-space speed

Traditional protection strategies, such as backup platforms, endpoint security, and entropy-based storage detection, remain fundamentally reactive. They rely on indirect anomaly detection rather than guarding live enterprise data where the real risk exists.

NeuralProtect performs Deep File Inspection on every file as it is written, neutralizing threats instantly before data can be lost or encrypted, all without any performance impact. NeuralProtect’s detection engine combines multiple AI models to identify every category of threat including:

• Deterministic AI model: Identifies known ransomware and malware variants with 100% accuracy
• Statistical AI model: Detects zero-day and novel attacks with greater than 95% success
• Temporal AI model: Surfaces stealth campaigns and slow-moving, partial-encryption attacks
• BitDefender Virus Detection Engine: Adds a proven commercial antivirus layer for comprehensive coverage

When a threat is detected, NeuralProtect can respond autonomously and immediately. The offending user session is terminated, the user or IP address is blocked, defensive snapshots are created, and infected data is quarantined thereby stopping the spread of attacks and accelerating recovery to a clean state.

Coordinated storage and network defense with Cisco Hypershield

NeuralProtect is integrated with Cisco Hypershield to extend protection beyond the storage layer into coordinated, enterprise-wide threat containment. When NeuralProtect detects an attack, the joint solution triggers automated network quarantine, distributed enforcement across workloads and clouds, and rapid incident isolation within seconds.

Telemetry from Qumulo and Cisco flows directly into Splunk via OpenTelemetry integration, giving security operations teams unified visibility and faster, more informed incident response across the entire infrastructure stack. Qumulo and Cisco unify storage intelligence and network enforcement to deliver a coordinated ransomware response that no single vendor can provide on its own.