Insider attacks and unauthorized activities stemming from events such as stolen credentials or hacked systems are often marked by an attacker’s focus on destroying as much data as possible, including data archives. Such attacks, if not caught early, can significantly impact an organization’s backup copies, and in turn, its ability to restore data or environments successfully. Other solutions offer minimal deletion prevention which can be overridden with the correct administrator credentials or require outside service providers, weakening safeguards. For Druva customers, backups purged during mass deletion events are automatically placed into temporary, tamper-proof storage for up to seven days, while Druva’s continuous monitoring team alerts administrators to the unusual activity. Together, these actions are designed to thwart bad actors who may be trying to destroy large amounts of data quickly, helping administrators ensure data is not being deleted accidentally or maliciously.
“Inside actors and criminals stealing credentials have become incredibly sophisticated and are bypassing security measures to initiate unauthorized activities and data deletions,” said Prem Ananthakrishnan, Vice President of Products, Druva. “By creating temporary storage to automatically capture and hold mass deleted data, customers can easily view and roll back the potential impact of these incidents. Dozens of Druva customers have already benefited from this feature over the last year, and we know customers will benefit from having this ability easily accessible within the Druva Data Resiliency Cloud.”
In the case of credential misuse where a bad actor may maliciously remove endpoints, users, virtual machines, NAS or file shares or even databases, Druva Rollback Actions will allow administrators to quickly recover not only the data from deleted backups but also environmental objects as well. In addition, customers can safeguard against accidental or unintended deletions, providing the administrator the ability to revert the unintended action without any loss of data and restoring productivity rapidly.
Available in the coming months through a self-service function, Druva Rollback Actions will be enabled by default for all users and administrators and will be able to temporarily store data from 24 hours to up to seven days. Only administrators will have the ability to recover the data, and these users will also have access to full audit trails to review the deletion activity by each user.
Learn more about Druva Rollback Actions at the Cyber Resilience Virtual Summit on Oct. 13. Attendees will have the opportunity to hear from thought leaders and peers about how organizations are fighting back against increasingly sophisticated cyberattacks and leave with actionable information on emerging best practices that span data protection and recovery and how to integrate modern security and backup technologies.
Druva’s Multi-Layer Defense Framework
Druva offers customers the industry’s most expansive data resiliency platform, offering data integrity, operational security and accelerated ransomware recovery as well as pre-built Integrations with Security Monitoring (SIEM) and Security Orchestration (SOAR) Tools. In addition to Druva Rollback Actions, Druva’s multi-layered defense includes:
● Data Integrity and Availability: Ensures customers always have safe backup data available for recovery with features including air-gapped backups, Amazon S3 multi-availability zone AZ durability, cloud-based disaster recovery and multi-factor authentication.
● Operational Security: Delivers 24x7x365 fully-managed DevSecOps, including vulnerability scans, common vulnerabilities and exposure (CVE) patching and upgrades, regular penetration testing, continuous monitoring and no root access to backup environment.
● Accelerated Recovery: Contains ransomware spread, quickly recovers clean and comprehensive data sets with capabilities including quarantine, Druva Curated Recovery, unusual data activity alerts and malicious file scans.