Packaged as part of Rubrik Security Cloud, the vendor's new Cyber Recovery functionality gives customers the ability to conduct investigations following ransomware attacks and test for vulnerabilities.
Rubrik Cyber Recovery provides two new capabilities. The first is testing and documenting the strength of customer recovery plans in the event of a cyber attack to ensure customers can meet service-level agreements. This testing capability, which customers can automate, includes cloning snapshots of data in an isolated environment to conduct vulnerability detection and remediation, penetration tests, or attack simulations. Customers can bring any isolated environment of their own, into which Rubrik can mount selected snapshots. Customers define who can access the cloned data and use third-party tools to perform tests on the data.
The second capability is recovering the last known clean copy of data in the event of a cyber attack to allow the company to resume normal operations while also performing forensic investigations of infected snapshots in isolated environments.
Rubrik Cyber Recovery will be available as part of Rubrik Security Cloud, a service that protects and monitors risks to data. Cyber Recovery will begin early access in December and become generally available in early 2023; pricing will be on a per-terabyte, per-month basis.
In a recent survey, 58% of 620 IT and cybersecurity respondents from midmarket and enterprise companies listed data recovery testing among their ongoing ransomware preparedness activities and processes, according to a report from TechTarget's Enterprise Strategy Group. More than half (56%) of survey takers reported that their organization had been the victim of a ransomware attack and paid to regain access to data, applications or systems.
Brent Ellis, analyst at Forrester Research, cited the forensic investigation feature as being especially important. He said that when ransomware strikes, it can cause a "crime scene," requiring a response from security analysts and potentially involving local or federal law enforcement. For companies with compliance requirements, regulators are pushing to see a level of preparedness for quick recovery, he said.
Ellis added that Rubrik's Cyber Recovery service isn't a new concept, but what stands out is the attention to security workflows and optimizing the speed at which customers can return to operations.
"They're making the process of doing all those things easier," Ellis said.
A fast return to operation
Anneka Gupta, chief product officer at Rubrik, said Cyber Recovery's capabilities are focused on helping companies avoid a shutdown caused by a cyber attack while recovering data or performing an investigation.
"To shut down the system, a business could lose potentially millions of dollars," she said. "You can get the flexibility to get back up and running in parallel [to the investigation]."
Vinny Choinski, analyst at Enterprise Strategy Group, said testing a recovery plan is critical and not always easy to do.
"Oftentimes, the same system resources leveraged for backup are also used for recovery," he said. "If a solution does not scale well, and you have a recovery [point objective] for an application of six hours and the backup takes 12, you will never be able to meet your RPO, never mind have time to test."
Choinski added that Rubrik has always had strong automation skills and flexibility of recovery, something that has been part of the company's philosophy for some time.
"I think they're on the right path -- they're looking at the bigger picture," he said. "It seems natural to me that they're bundling this."