Druva strengthens ransomware protection

Druva has improved its SaaS data protection services to better fend off ransomware attacks against vulnerable businesses.

The company supplies data protection through its Data Resiliency Cloud, covering on-premises endpoints, remote offices, datacenters, and cloud-delivered services such as Amazon EC2 and Salesforce.

It has announced an enhanced set of capabilities based around telemetry from thousands of businesses of varying sizes and spanning many vertical industries. Druva uses this stream of data to identify local and global trends then tells customers what they could do to combat the threats that have been revealed. 

Druva Data Resiliency Cloud

Druva CTO Stephen Manley said: “Despite spending more money for products and people to secure their data, organizations are continuing to fall victim to cyber attacks and pay ransoms at an alarming rate…. With the addition of today’s capabilities to Druva’s… SaaS data resiliency platform, customers can prepare for and respond to security incidents across their entire environment.”

The new capabilities include:

  • Security command center: Using the global data telemetry, organizations gain a centralized view of data and security risks across the workloads in their backup environment
  • Security posture: Customized suggestions to help improve security posture based on an organization’s deployment
  • Data observability: Granular visibility into data changes, access and permissions, as well as admin activities and policy changes to help incident response and recovery
  • Rollback critical changes: Address credential compromise and insider threats by restoring critical data even if it was deleted using administrative credentials
  • 100 percent immutability: A new data lock feature that allows administrators to lock data, making it impossible to alter, with the ability to retrieve it at a later date for compliance purposes through Druva support

This list gave us pause for thought and we asked Druva some questions about it.

Druva Security Command Center
Druva Security Command Center

Blocks & Files: Could Druva provide examples of “Customized suggestions to help improve security posture based on an organization’s deployment”?

Druva: Much like a credit score that gives you suggestions for how to improve your credit based on your specific credit history (such as getting credit cards below 30 percent usage, building new lines of credit, etc.), the Druva security command center provides customized suggestions on how to improve your security posture based on your specific deployment. For example, if a customer has a high number of users designated as Druva admins, we would provide suggestions on best practices for Role Based Access Control. If they did not have MFA enabled, we would provide a clear guide on how to implement that protection. These functionalities will continue to expand so we can help customers identify critical data and ensure it is marked immutable etc.

Blocks & Files: How is the new data lock feature different from the previous data lock feature?

Druva: Data lock is a new feature for Druva in addition to our built-in data protection. The idea of marking data immutable has been around for a while, but Druva is taking a novel SaaS-based approach. Here’s some more info: 

Druva Data Lock

Blocks & Files: Does this – “restoring critical data even if it was deleted using administrative credentials” – mean that when a Druva user with administrative credentials deletes data it is not actually deleted? What is the thinking here? How does data get deleted?

Druva: Once data is deleted by a Druva user with administrative credentials, we delay compaction, meaning the data is retained for a set period of time before final deletion. The standard window is seven days, but customers can set longer retention periods if desired. After that period expires, the data is permanently deleted from the Druva cloud. 

Comment

Data protectors like Druva are building up sophisticated and capable security features. It seems to us that there will be some kind of integration developed with general security offerings for businesses, ones not designed specifically with protection of backup data sets in mind. We’re thinking of Security Information and Event Management (SIEM) technology suppliers and general cybersecurity suppliers such as Palo Alto Networks.