Druva Inc. announced a series of new capabilities designed to help organizations strengthen their business resiliency. As ransomware attacks surge, occurring as frequently as every 15 seconds and causing more than $11 billion in damages annually, Druva's new cyber resiliency capabilities are designed to identify, respond and recover from malicious attacks with agility and confidence.

As digitization continues to accelerate, the risk of ransomware only rises, so organizations must take a three-step approach to minimize such risks - detection, resilience, and recovery. In fact, according to Gartner, more than 50% of breaches are undetected for multiple months, which can lead to unrecoverable data corruption.* As the number of threats targeting data and applications continue to grow, reliance on prevention measures alone are insufficient. With the introduction of Druva's new ransomware recovery features, customers have new and improved ways to prepare for and respond to incidents, including better visibility, automation and orchestration. When integrated with existing security information and event management (SIEM) and security orchestration, automation and response (SOAR) tools, Druva's air-gapped backups become the foundation for rapidly and securely recovering from ransomware attacks with enhanced capabilities.

"Ransomware has become more sophisticated, evolving from encrypting data to deleting backups to now extracting copies of data, which increases the potential damage to your organization," said Stephen Manley, Chief Technology Officer, Druva. "Combating these new malicious attacks requires a comprehensive solution. Now, customers can leverage multi-layered ransomware protection and recovery to defend against data loss, accelerate incident response, and simplify recovery, so they can reduce downtime."

To help businesses better secure their data, Druva's new multi-layered ransomware capabilities include:

• Visibility and detection
  • Access insights to gain visibility into and mitigate any unauthorized or non-compliant administrative access into the backup environment
  • Unusual data activity alerts that leverage machine learning to detect potential ransomware activity and identify last known good snapshots for ransomware recovery

• Action
  • Search and delete malicious files across all endpoint backups in your organization to prevent re-infection, including bulk scanning for IOCs
  • SOAR integration for centralized response and recovery via ransomware recovery playbooks

• Recovery
  • Scanning for malware during recovery to prevent re-infection from hidden malware files
  • Enhanced recovery features that enable orchestrated recovery, with flexible recovery options
  • Automatically creates a recovery snapshot from the last known good snapshots at the backup and file level

Over the last several months, Druva has developed a series of technology integrations designed to help customers strengthen their cyber resilience and overall security posture. In June, Druva announced an API integration with FireEye, extending visibility and control over endpoint backup data to monitor, analyze, detect and respond to data breaches. The company has also introduced security orchestration, automation and response integrations category leader Palo Alto Networks, releasing a recovery playbook to automate recovery operations with Cortex XSOAR to ensure rapid recovery from malware attacks.

Availability

Ransomware recovery will be generally available in the first half of 2021.