Druva Accelerates Ransomware Recovery Using Curated Data
Druva today added Curated Recovery to its Accelerated Ransomware Recovery (ARR) module, delivered via software-as-a-service (SaaS), which makes it simpler to recover data by identifying the latest clean version of each file via the most recent changes made.
Prem Ananthakrishnan, vice president of products for Druva, said Curated Recovery eliminates what is otherwise a resource-intensive process that often spans multiple recovery point objectives (RPOs) for just a single file. It’s not uncommon for it to take weeks for an IT operations team to recover from a ransomware attack, he added.
Druva Curated Recovery enables IT teams to define an uncorrupted, unencrypted and malware-free recovery point before any ransomware attack is ever initiated. That capability is crucial because the malware that is employed to launch a ransomware attack often lies dormant for weeks, noted Ananthakrishnan.
There are also malware variants that are designed specifically to encrypt or delete backup data. Druva Curated Recovery makes it possible to find the most recent clean version of data sets in a way that reduces the amount of time required to enable an organization to recover, he added.
Druva ARR extends existing Druva Cloud Platform capabilities that provide the ability to understand location and identity for all access attempts, define alerts of anomalous activity, quarantine infected systems and snapshots, scan snapshots for known malware and other indicators of compromise before restoring and automatically recover the most recent clean version of every file within a specified time frame.
Druva Cloud Platform also integrates with security information and event management (SIEM) and security orchestration, automation and response (SOAR) platforms.
Ananthakrishnan noted combating the current ransomware scourge will require cybersecurity and IT operations teams to collaborate to a much greater extent than they have in the past.
Cybersecurity teams, understandably, tend to focus most of their time and energy on malware detection and remediation. However, given the simple fact that a ransomware incident is almost inevitable, cybersecurity teams need to craft a strategy with the IT operations teams that accelerates the mean-time-to-recovery (MTTR). The overall goal should be to reduce the economic impact any ransomware attack might have on the organization, he added.
There may one day be a way to completely thwart a ransomware attack, but in the meantime, the best defense against ransomware attacks remains data protection platforms capable of recovering a pristine copy of data. The challenge is that the processes relied on to back up and then recover data are often deeply flawed. Most of the time, no one has tested whether the data that has been backed up can be recovered. In the event of a ransomware attack, instead of a pristine copy of data being available, organizations find their data is corrupted because of one flawed process or another. Sometimes they even discover the malware employed to encrypt their data has already found its way into the backup copies they were counting on to thwart the attack.
Cybersecurity teams clearly need to become a lot more involved in data protection processes to make sure that the most critical files are, first, actually backed up and, secondly, easily recovered.
