Nasuni uses behavioral analytics to watch for signs that ransomware is attacking a company's file storage system, and can automatically quarantine threats, block attacking sources, and alert IT teams in real time. This feature launched in May 2022 and has since been integrated with AI-powered security tools from Microsoft Sentinel — including Azure OpenAI models for attack context — and CrowdStrike's Falcon platform.

Nasuni Ransomware Protection operates at the network edge, monitoring files at the point where they are written rather than after the fact. It cross-references incoming file activity against a library of known ransomware file signatures and watches for unusual behavioral patterns that may indicate a previously unknown attack. An integration with Microsoft Sentinel feeds Nasuni's edge detection events into Microsoft's cloud-native security platform, where analytics rules run every five minutes and trigger incidents on detection. A further integration with Microsoft's Azure OpenAI service — described in a Nasuni blog post from August 2024 — allows security teams to query large language models for additional context about an ongoing attack and suggested recovery steps. A 2025 partnership with CrowdStrike connects Nasuni's detection data into CrowdStrike's Falcon Next-Gen SIEM for broader threat intelligence and incident response automation.