Corporate IT shops that battle ransomware need every tool in their quiver to help appraise their environments and identify potential vulnerabilities.
To that end, Druva, a cloud backup service provider, has expanded its cyber resilience portfolio to give backup admins a more granular look at data and security risks and tools to monitor unusual behavior in changes or access. Druva also added the ability to roll back or restore critical data compromised by someone with administrative access. The company also said it plans to provide users with expanded best practices.
Ransomware is a concern for both the cybersecurity side and the data protection and backup side of IT, said Frank Dickson, an analyst at IDC, a Framingham, Mass., market research firm. "One of the things that we found with ransomware is that it's not the ransom that is the expensive part," Dickson said. "It's the impact that you have on operations."
Alleviating pains through better posture
Druva's expanded capabilities may help customers see gaps in their data protection and provide them with ways to spot configuration problems and identify common issues. The idea is to make management and reporting easy and actionable, said Brent Ellis, a senior analyst at Forrester Research.
Ellis said this may be helpful to customers, but focusing on just backup data is not enough to address a company's overall security posture. The biggest benefit is bidirectional communication with security information and event management products that collect ransomware event data. The bidirectional support enables security teams to address issues faster.
"This gives a way to communicate anomalies to security analysts on a platform that they're actually looking at, so there's a chance to limit the blast radius [of an attack] faster," Ellis said.
Looking at backups to paint a secure picture
Backup is one of the few components of customer environments that can view all the data that highlights potential exposures, said Stephen Manley, chief technology officer at Druva, which is based in Santa Clara, Calif. This gives customers a holistic picture of their posture. Since Druva is SaaS, it can get an aggregate view of telemetry from its customers and pull best practices from all.
This isn't making automatic corrections for customers, like Rubrik said it would with its Security Cloud, Forrester's Ellis said. Instead, Druva gathers information from customers and then shares proactive information.
Some customers want or need a certain level of control, and having automatic changes takes that away, Ellis said. The changes Rubrik makes are slight, versus getting suggestions for changes from Druva. This difference won't sway potential customers one way or another, as the two companies are in less direct competition than Metallic and Druva or Cohesity and Druva, Ellis added.
Observability and rollback into recovery
Druva has enhanced its observability, making it more granular, which gives users better visibility into what happens during backups, according to the company. This makes the information more readily available for forensics. Working through several ransomware recoveries, Druva learned it needed to extend certain capabilities, such as log information and retention periods.
In cases where there are compromised admin credentials or a malicious event that occurs from within, there is the ability to restore to a time before a harmful change happened. Druva's help desk can restore files up to 30 days, according to the company.
"The worst thing in the world would be, 'I'm going to recover this VM; hey, look, I reinfected the business,'" Manley said. The line between security and data protection stays, but it's blurry
Druva provides data resiliency, which includes data protection such as backup and disaster recovery. For added security, the company partners with others, such as Palo Alto Networks or FireEye, which are cybersecurity vendors focused on preventing ransomware.
Data protection and data security both add value, but each is unique, IDC's Dickson said. Security blocks and prevents and data protection aids in recovery following an event.
"I think the more that we keep those lines clear, [the more] it helps everybody," Dickson said.
As noted in Forrester's recent report "Top Seven Components of Data Resilience in a Multicloud World," backup vendors need to be more security-aware, Ellis said. These vendors need to add security functionality to the backup system, such as zero-trust architecture, he said, pointing to Commvault's deception technology with the TrapX acquisition and Rubrik with its limited threat hunting.
"It is not that suddenly backups are the responsibility of security professionals," Ellis said. "They are part of the security posture of the organization and a way to recover from a cyber threat that gets past the detection and response measure of security."