Arsgera - Fotolia

Rubrik Forward highlights ransomware recovery features

Rubrik's virtual Forward conference featured AppFlows and several data security features aimed at identifying and rapidly recovering from ransomware attacks.

Rubrik is rolling out new features to help customers quickly restore their data after a ransomware attack.

The data protection vendor introduced several data security features at its Rubrik Forward virtual conference. New capabilities coming to Rubrik's platform include automated mass recovery for applications, and integration with ServiceNow's and Palo Alto Networks' workflow software for IT and security teams, along with two-factor authentication and a user behavior-based risk analysis feature in Rubrik's Sonar Polaris tool.

These new features help reduce the time to recover from a ransomware attacks in various ways. Sonar's ability would help IT teams pinpoint when suspicious access or deletion occurred and find the last known clean copy of backup data. Automated mass recovery accelerates the task of restoring all the applications affected by a ransomware attack. Lastly, integration with Palo Alto Networks Cortex Xsoar and ServiceNow Incident Response tightens collaboration between security and IT teams.

The incident response today is splintered. There's security doing forensics, there's a recovery team trying to recover, and they're not talking to each other.
Vasu MurthyVice president of products, Rubrik

"The incident response today is splintered," said Vasu Murthy, vice president of products at Rubrik. "There's security doing forensics, there's a recovery team trying to recover, and they're not talking to each other."

Streamlining the activities of both teams during a ransomware attack is key to a quick recovery, Murthy added.

Rubrik also introduced AppFlows, a new disaster recovery (DR) tool. From the Polaris interface, customers can create recovery blueprints based on VMs under Rubrik's protection, which Rubrik automatically follows during a failover or failback scenario. AppFlows can fail over VMware applications to a secondary site or VMware Cloud on AWS. The tool also allows automated recovery testing of the blueprints.

Lastly, Rubrik unveiled extended support for a slew of modern workloads. Rubrik completed its Microsoft 365 coverage by adding SharePoint and Teams and added backup capabilities for Kubernetes workloads, SAP HANA, NetApp SnapMirror, Nutanix, Cassandra databases and vSphere Metro Storage Cluster. Rubrik also introduced NAS Cloud Direct, which integrates technology from its Igneous Systems acquisition in December to provide petabyte-scale indexing for unstructured data through the Polaris interface.

Many of the features showcased at Rubrik Forward are in beta and will get full releases over the next several months, Murthy said.

Screenshot of Rubrik Polaris Sonar
Rubrik Polaris Sonar now detects suspicious user behavior.

Even though DR plays a role in ransomware recovery, ransomware is a logical disaster rather than a natural one and requires a different approach and workflow, said Christophe Bertrand, senior analyst at Enterprise Strategy Group, a division of TechTarget. Dell goes as far as drawing a distinction between traditional DR and what it calls "cyber recovery," but Bertrand described cyberattacks as more of a variation of a typical DR scenario.

Rubrik's latest features address some of the extra steps required for recovering from cyberattacks, Bertrand said. The ability to get a full scope of the entire data estate and identify the exact threat the customer is fighting against, then engineer a coordinated response from security and IT -- those aren't needed to recover from a hurricane or a fire, he added.

"Recovery in place, air-gapping and immutability are all important extra steps you have to take for cyber resilience. Ransomware really is the gift that keeps on taking," Bertrand said.

Dig Deeper on Data backup and recovery software

Disaster Recovery