UPDATED 11:01 EDT / FEBRUARY 07 2017

CLOUD

Druva tackles ransomware with new analytics-powered data recovery

The hardest part of dealing with a ransomware attack often isn’t removing the malicious payload but rather recovering the files lost in the attack, a challenge that Druva Inc. has taken it upon itself to address.

The Sequoia-backed data protection provider is launching a set of new features for its InSync platform today aimed at helping companies restore ransomed records more easily. At the core of the update is a monitoring mechanism that can track track file usage in an organization and understand what constitutes normal user behavior. From there, the algorithms under the hood check every important action against the activity database to detect anomalies that may indicate a breach.

It’s the same basic approach that threat prevention providers such as the recently funded Castle Inc. and Nozomi Networks SA use to detect threats. Looking for activity patterns rather than specific malware makes it possible to identify breaches more accurately while reducing the risk of false positives that unnecessarily inconvenience users.

In practice, this means that Druva’s new monitoring feature can distinguish ransomware from, say, a salespeople merely looking to delete a few old email templates. Positive hits are automatically brought to the attention of information technology personnel via an alerting system that is designed to speed up response times. It’s paired with a diagnosis tool that makes it possible to examine the files, users and other factors involved in a suspected ransomware infection to reveal the full picture.

Once they’ve pinpointed a breach, administrators can use Druva’s existing recovery features to restore the compromised files. They also have access to a new snapshot finder that automatically locates the most recent clean copy of a dataset. The latter addition is designed to spare IT departments the hassle of sifting through their backups manually after a breach, which can add up to a lot of saved time when it comes to large malware infections.

Druva believes that there’s a big market for its new capabilities. In today’s launch announcement, the company cited a recent report from the U.S. Department of Justice that found an average of 4,000 ransomware attacks occur in the U.S. every day. One recent campaign saw hackers ransack tens of thousands of MongoDB deployments by exploiting a widespread configuration mistake.

Image via Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU