CLOUD
CLOUD
CLOUD
Druva tackles ransomware with new analytics-powered data recovery
The hardest part of dealing with a ransomware attack often isn’t removing the malicious payload but rather recovering the files lost in the attack, a challenge that Druva Inc. has taken it upon itself to address.
The Sequoia-backed data protection provider is launching a set of new features for its InSync platform today aimed at helping companies restore ransomed records more easily. At the core of the update is a monitoring mechanism that can track track file usage in an organization and understand what constitutes normal user behavior. From there, the algorithms under the hood check every important action against the activity database to detect anomalies that may indicate a breach.
It’s the same basic approach that threat prevention providers such as the recently funded Castle Inc. and Nozomi Networks SA use to detect threats. Looking for activity patterns rather than specific malware makes it possible to identify breaches more accurately while reducing the risk of false positives that unnecessarily inconvenience users.
In practice, this means that Druva’s new monitoring feature can distinguish ransomware from, say, a salespeople merely looking to delete a few old email templates. Positive hits are automatically brought to the attention of information technology personnel via an alerting system that is designed to speed up response times. It’s paired with a diagnosis tool that makes it possible to examine the files, users and other factors involved in a suspected ransomware infection to reveal the full picture.
Once they’ve pinpointed a breach, administrators can use Druva’s existing recovery features to restore the compromised files. They also have access to a new snapshot finder that automatically locates the most recent clean copy of a dataset. The latter addition is designed to spare IT departments the hassle of sifting through their backups manually after a breach, which can add up to a lot of saved time when it comes to large malware infections.
Druva believes that there’s a big market for its new capabilities. In today’s launch announcement, the company cited a recent report from the U.S. Department of Justice that found an average of 4,000 ransomware attacks occur in the U.S. every day. One recent campaign saw hackers ransack tens of thousands of MongoDB deployments by exploiting a widespread configuration mistake.
Image via Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
