Druva Extends Data Protection Capabilities To Include Threat Hunting, Managed DDR

New functionality in the Druva platform helps incident response teams and security analysts identify cyber threats across data landscapes and more quickly recover from data security incidents.

Data protection and security provider Druva is expanding its platform with new threat hunting capabilities that will help IT and security teams identify threats throughout their data environments and more quickly understand, remediate and recover from critical incidents.

Druva is also announcing the expanded global availability of the company’s new Managed Data Detection and Response set of managed services that combine technology and human expertise to proactively monitor customer data backups for faster detection of – and response to – cyber threats.

Druva’s new data protection and security capabilities are the latest example of how the line between IT security and data resiliency – the latter of which traditionally focused on data backup and recovery – is becoming increasingly blurred.

[Related: Storage 100: The Digital Bridge Between The Cloud And On-Premises Worlds]

“There is a new category called data security that’s emerging,” Druva founder and CEO Jaspreet Singh (pictured) said in an interview with CRN. “This category bridges the gap between traditional security, which is mostly focused on perimeter security, endpoints, networks, application security; and classic data protection, which is more data backup and recovery.”

Because of this gap, Singh said, IT and security teams often don’t have a complete picture of an organization’s data environments when security incidents occur. Such miscommunications can hinder efforts to identify what systems and data have been impacted, understand how and where indicators of compromise (IOCs) have spread, and determine the best way to contain, remediate and recover from incidents. They can even lead to incorrect assessments of the business impact, according to the CEO.

Druva’s new capabilities are designed to help close that gap, complementing existing security strategies to accelerate incident response, minimize downtime and prevent data loss, according to the company.

“This new [technology] category is focused on making sure the security teams can leverage data to have an end-to-end security plan,” Singh said. “The data security elements of protection, response and recovery complements their classic perimeter security.”

Today Druva’s flagship SaaS-based Data Security Cloud platform provides data backup and recovery for cloud, hybrid and on-premises systems. It also provides cyber response and recovery, data discovery and data compliance functionality.

Using the new centralized threat hunting capabilities in Druva’s platform businesses and organizations can search their global data footprint for IOCs and more quickly understand the gestation, timeline and threat level of a security threat throughout their data environment, according to the Druva announcement. It provides incident response (IR) teams with contextual data insights throughout IR workflows to help remediate and recover from critical incidents.

Druva’s system provides granular logs of data changes and audit trails that help IR teams analyze incidents and leverages metadata to help identify and remediate IOCs such as specific file extensions or file patterns across a data environment, according to the company. It also scans multiple backups to create a curated snapshot to identify the most recent, cleanest version of data files, minimizing data loss and ensuring a faster, more secure recovery.

By providing context-rich data, security analysts can better conduct enhanced incident forensic analysis, including understanding if sensitive data has been compromised and if data compliance policies and regulations have been violated, according to Druva.

Druva’s Managed DDR service for backup environments has been in beta testing and limited availability for about six months, according to Singh, and is now globally available. Threat actors have been targeting data backup systems with increasingly sophisticated attacks, according to the company, and the new set of Managed DDR services is designed to provide resources and expertise to help customers protect those systems and recover from incidents with minimal downtime and data loss.

The offerings include 24x7x365 monitoring of backups for early threat detection and expert analysis by Druva IR staff to provide insights about anomalous behavior. It includes pre-developed response runbooks and automatic lockdown of backups to safeguard data, and “expedited support and expert assistance” to customer IR teams during cyber recovery.

Druva works with both solution providers and managed service providers in the channel. Singh said the new threat hunting and Managed DRR offerings provide those partners with an expanded product and service portfolio that span data protection and security areas. The CEO said they are especially attractive to partners who are implementing and/or operating Security Operations Centers (SOCs) for their clients.