Gorodenkoff - stock.adobe.com

Rubrik's ransomware tools put detection in line with protection

To better protect against ransomware, Rubrik has expanded the capabilities of its core platform and added new features including cyber threat hunting and Rubrik Cloud Vault.

Rubrik ramped up its anti-ransomware protection by expanding the capabilities of its core platform, highlighting data security as well as data protection. It also added a cyber threat hunting tool and released a new vault service, Rubrik Cloud Vault.

At its Data Security Spotlight event this week, Rubrik focused on ransomware preparedness, with data security in the Cloud and SaaS environments and expanded data protection. Rubrik unveiled threat hunting within its backup platform, which enables users to scan backups for compromises and ransomware. The data backup vendor also debuted Rubrik Cloud Vault, a cloud archival service built with Microsoft Azure and embedded multi-factor authentication in every interface as added protection against unauthorized users.

Ransomware is a problem for everyone, said Phil Goodwin, a research vice president at IDC. Both technical and businesspeople understand the risks, he said adding that IDC surveys show ransomware to be the No. 1 concern for business leaders and IT professionals alike.

"Rubrik is a disrupter in the industry right now," Goodwin said. "Rubrik is growing rapidly, generating a lot of interest in the marketplace and moving directly into the ransomware space."

A new data security message

Organizations are frustrated with ransomware attacks, according to Murthy Mathiprakasam, senior director of product marketing at Rubrik. Today, organizations have access to products that can identify security problems and tools to quickly resolve those problems, but there's still a disconnect in the market.

"There's this gap in the market between the kind of storage and traditional legacy backup approach, and the world of security operations," Mathiprakasam said.

Rubrik is looking to fill the gap with its Zero Trust Data Security platform, Mathiprakasam said. This week, it announced an expansion of capabilities to its platform such as tripling the data types it can identify and classify.

Rubik has always supported a variety of workloads including databases, VMs and SaaS workloads, but is now expanding on data protection capabilities to SAP HANA on IBM Power Systems, a faster recovery of Oracle and SQL databases, and faster backup for Nutanix AHV, he said.

The vendor is also adding more cloud support. New cloud capabilities include protection for Azure SQL and scale protection for Microsoft 365, according to a press release. For AWS, Rubrik is reducing the S3 blast radius -- how far back and to what extent a ransomware attack affects an environment, according to Vasu Murthy, vice president of products at Rubrik.

Going from data protection to security to hunting

Rubrik's announcement can be viewed as a deeper shift toward data security, Goodwin said. Data protection can be seen as guarding the back door in case of a disaster, while data security can be seen as guarding the front door -- in this case, ransomware. Rubrik wants its tools to do both, which means providing ways for companies to be proactive.

Part of its approach is the new cyber threat hunting capability. Traditionally, cyber threat hunting is done by a security team looking for patterns and malicious behavior, Mathiprakasam said. But hackers can remove their traces. Rubrik already provided immutable backups to customers, which means data can't be changed. It's now adding its threat hunting tool to suss out dormant ransomware, scanning backups looking for patterns and tracking the possible evolution of an attack, he said.

Rubrik will apply advanced machine learning to the scans to provide insight, he said. It is not a passive environment; the intelligence gathered helps operators execute faster recoveries.

The cyber threat hunting capabilities integrate with products like Palo Alto Networks' Cortex XSOAR threat hunting playbooks via APIs, according to a press release.

Enter Rubrik Cloud Vault

The other major new release, built on the alliance between Microsoft and Rubrik, is Rubrik Cloud Vault, according to Murthy.

Cloud Vault is a fully managed offering for securing customer data. Users can create a logical air-gapped vault of data that Rubik stores on Azure, using the hyperscaler's immutability features and zero trust security stack. The vault is constantly updated with customer data as it continues to change, he said.

Customers can recover data instantly whenever they need it. The data is air gapped and managed by Rubrik. Irrespective of what happens to the customer's environment, the data will be available for them.

Brent Ellis, a senior analyst at Forrester Research, said that while there is value to vault-based or air-gapped technology, they aren't foolproof.

"There's a certain amount of added protection with these technologies," he said. "However, if you have some sort of malware infection that is already archived, then you're just copying it into the vault."

Processes and detection tools around the data are what's important, Ellis said. When the infrastructure connects to the vault to deposit an archive, the active connection created can provide hackers a way in if the backup infrastructure is compromised.

Although built on Azure, non-Azure customers with appropriate products can use Rubrik Cloud Vault. They'll choose a region, and it will automatically provision storage and move their data, he said.

Rubrik Cloud Vault is expected to be available in the Azure Marketplace in the coming months. Although no price has been set, Rubrik expects to base it on the amount of data customer stored -- a fixed price that is not subject to egress charges or API calls.

Next Steps

Rubrik makes ransomware a focus for its cloud backup SaaS

Dig Deeper on Data backup security

Disaster Recovery