SaaS data protector Druva has launched a Threat Hunter service to scan customers’ global data estates for malware signs.
It’s also announcing expanded global availability of its Managed Data Detection and Response (Managed DDR) to monitor customer backups for faster detection of threats and responses to them. Druva says it’s threat hunting and monitoring backups inside a gap between a customer’s security perimeter and their production environment. Because of this, “customers can accelerate incident response, minimize downtime, and prevent data loss.”

Jaspreet Singh, CEO and co-founder of Druva, said in a statement: “With today’s more advanced and persistent threats,we need to go beyond perimeter-based security. Cyber security needs to be complemented with the power of data to handle these risks. Druva’s 100 percent SaaS approach seamlessly consolidates and contextualizes data across all workloads, enabling customers to bolster cyber resilience and accelerate incident response.”
The threat hunting service looks for so-called indicators of compromise (IOCs) – such as specific file extensions or file patterns – and provides contextual data insights throughout incident response (IR) workflows to understand, remediate, and recover from critical incidents. A granular log of data changes and audit trails helps IR teams to analyze incidents. Users can perform analysis to understand if sensitive data has been compromised, and if compliance regulations have been violated.
Its Managed DDR process scans multiple backups to create a curated, clean snapshot and identify the most recent, clean version of each file – minimizing data loss, ensuring secure recovery, and accelerating the recovery process. Druva says that its Managed DDR offering provides:
- 24x7x365 monitoring of backups for early threat detection;
- Expert analysis by Druva incident response to provide data insights for anomalous behavior;
- Pre-built response runbooks and automatic lockdown of backups to safeguard data;
- Expedited support and expert assistance to customer IR teams during cyber recovery.
A threat hunter blog and a separate Managed DDR blog provide background information.
Competitor Rubrik announced its threat hunting capability in December 2021. This scanned backups, not a customer’s data estate, looking for mlalware attack footprints. Cohesity has similar functionality with its CyberScan application on the Cohesity Marketplace, which can uncover cyber exposures and blind spots in a Cohesity production environment by running on-demand and automated scans of backup snapshots against known vulnerabilities.