Rubrik builds its own ransomware threat hunter

Rubrik has updated its data protection software with an in-house ransomware threat hunter, a Cloud Vault SaaS archival service built on Azure, extended source data coverage, and faster backups and recoveries.

Threat hunting software scans backup files looking for ransomware attack patterns or signatures to identify corrupted backups, and suppliers such as Check Point Software Technologies offer it. Rubrik has developed its own threat-hunting capability and its announcement says it enables customers to “more accurately identify the last known clean copy of data in order to prevent reinfection during and after recovery.” 

Dan Rogers, president of Rubrik, said in a statement: “Ransomware attacks pose an increased danger to every business around the world, regardless of industry. [Cloud Vault] is a key milestone in our commitment to integrate Rubrik Data Security capabilities with Microsoft to deliver Zero Trust Data Security to global enterprise customers.” 

Rubrik’s threat hunting capabilities integrate with Palo Alto Networks’ Cortex XSOAR threat hunting playbooks for easier identification of compromised data within backup snapshots. This should help in post-incident reviews and reporting to external regulatory agencies. 

A set of Rubrik blogs discuss this winter software update.

The new software release also includes:

  • Globally-enforced multi-factor authentication (MFA) across the software to repel unauthorised users. 
  • An expanded Sensitive Data Discovery service to include some 60 pre-defined analysers that automatically identify and classify more data types, including certain types of Personal Identifiable Information (PII).
  • Protection for Azure SQL with Fully-Managed SaaS Support — Expanded Rubrik coverage in Azure cloud ensures Azure SQL can be secured alongside other cloud and on-premises workloads for unified visibility and streamlined policy management. Cloud Vault enables customers to survive cyber-attacks and avoid ransom payments by maintaining both immutable and instantly recoverable copies of critical data in a secured and isolated cloud location, using Azure Blob storage, fully-managed by Rubrik.
  • Reduced Blast Radius with Archives for AWS S3 — In the event of an AWS production account being compromised by ransomware, cloud data can be recovered through a bunkered account with new credentials and limited access and deletion rights. 
  • Low-cost daily snapshots for Azure VMs and AWS EC2 instances can save customers up to 40 per cent in cloud fees.
  • Expanded protection for Microsoft 365 with up to 100,000 users, and restores for Exchange contacts and calendars, SharePoint lists and Teams channel posts.
  • Protection for SAP/HANA Databases on IBM Power Systems, reducing a need for manual scripting and job scheduling across on-premises and the cloud. 
  • Faster recovery of Oracle and Microsoft SQL databases with a large number of files. SQL customers can see up to 3x improvement in restores and Oracle customers can see up to 25 per cent improvement for database recoveries.
  • Quicker backups for Nutanix AHV by excluding selected non-critical individual disks from a backup to free up time and storage. The entire Nutanix AHV backup can be sent over a separate and isolated iSCSI Data Services network to optimise network bandwidth and provide an extra security layer. 

Rubrik Cloud Vault will be generally available globally in the coming months on the Azure Marketplace. Rubrik’s latest release is expected to become available in the coming months through its partner network. The integration with Cortex XSOAR will also be available through the Cortex XSOAR Marketplace.