A new feature from Druva helps ensure customers have a ready, ransomware-free snapshot to recover from.
The backup-as-a-service vendor's Curated Recovery capability became generally available Tuesday. Curated Recovery scans data from a group of snapshots within a user-defined span of time to create a "curated" snapshot. This serves as a clean version to recover from and contains the most up-to-date files that haven't been tampered with, minimizing data loss.
Druva Curated Recovery works via an automated process that runs a statistical algorithm against the data in each snapshot. It looks across previous recovery points to identify what files have been encrypted and changed. Users set how far back in time Curated Recovery will look -- ideally, to when they suspect a malware intrusion first took place.
Prem AnanthakrishnanVice president of products, Druva
Recovering via snapshots is usually an "all-or-nothing" situation in which a system is rolled back in time and all changes to the data between now and then, legitimate or not, are lost, said Prem Ananthakrishnan, vice president of products at Druva. It is possible for users to comb through more recent snapshots to bring the data back up to date, but it's a "cumbersome, manual recovery process" that can take weeks to complete, he added.
"[Curated Recovery] solves the pain point of getting the latest files across multiple snapshots," Ananthakrishnan said.
Automation important for fast ransomware recovery
Curated Recovery is part of Druva's Accelerated Ransomware Recovery module, an add-on to the vendor's core cloud data protection product. Druva Accelerated Ransomware Recovery subscribers will have access to the Curated Recovery feature at no additional cost.
Accelerated Ransomware Recovery is a set of anti-ransomware tools that includes air-gapped and immutable backups, malware scanning, multi-factor authentication and access controls. Its focus is to protect backups against malicious deletion and to speed up the recovery process via automation.
Druva Curated Recovery is a unique feature that can potentially save companies from a lot of downtime, said Phil Goodwin, research vice president at IDC. Most data protection products recover systems to a point in time fully, so customers would lose perfectly fine data after that point. Curated Recovery is the first time he's seen a way to automatically keep that good data.
Ransomware attacks have become more sophisticated, and most ransomware encrypts slowly to avoid detection, Goodwin said. This type of "slow burn" attack can't be fixed with a simple rollback upon first discovery, because it's likely the initial infiltration happened long before that point. Rolling all the way back to a point before first intrusion would remove the malware, but then customers would have to bring all the files that weren't compromised back up to date.
"To do this on an element-by-element basis would be laborious," Goodwin said.
Although Curated Recovery addresses this particular ransomware recovery use case, organizations should have a wide variety of recovery options in their kit, Goodwin said. No tool is perfect; snapshots are fast but aren't portable, backups can be stored off-site but are slower than snapshots and tape backup provides a physical air gap but has the longest recovery point with data that could be a day or a week old.
A successful ransomware defense means using the right tool for the right situation, Goodwin said.
"It's not a situation where organizations should rely on a silver bullet. They need good processes and the right technology," Goodwin said.
Johnny Yu covers enterprise data protection news for TechTarget's Storage sites SearchDataBackup and SearchDisasterRecovery. Before joining TechTarget in June 2018, he wrote for USA Today's consumer product review site, Reviewed.com.