Rubrik delivers cyber threat hunting in battle against ransomware
Rubrik has announced new enhancements to its cyber resilience solutions to help better equip customers in the fight against ransomware.
According to the company, with this latest release, organisations can improve ransomware preparedness, respond with more intelligent and integrated tools, and recover from attacks faster.
Now with simple UI support and API Driven integrations, including Palo Alto Networks’ Cortex XSOAR, the extended security orchestration, automation and response platform, security operations teams can recover from attacks faster and reduce the chance of reinfection.
According to IDC, more than one third of organisations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months. Of these attacks, only 13% of organisations attacked or breached reported not paying a ransom.
“Recently, organisations have been targeted more frequently by highly sophisticated cyber attacks that exploit vulnerabilities in legacy backup products, forcing a ransomware payment,” says Dan Rogers, president of Rubrik.
“With these new advancements, IT and security teams are able to better protect their enterprise, cloud, and SaaS environments and more quickly recover from cyber attacks without paying the ransom.”
Typically in the event of a cyberattack, organisations have been forced to scan their production systems for malware, which can be difficult, time consuming, and inaccurate. Now with Rubrik threat hunting, organisations can directly scan their backups for indicators of compromise, including ransomware. With this added intelligence, organisations can more accurately identify the last known clean copy of data in order to prevent reinfection during and after recovery.
Additionally, Rubrik’s new threat hunting capabilities integrate with Cortex XSOAR threat hunting playbooks for easy identification of compromised data within backup snapshots during post-incident reviews and for simplified reporting to external regulatory agencies.
“As the rate and complexity of managing ransomware attacks continues to increase, companies need to leverage automated workflows to recover quickly without paying the ransom,” says Rishi Bhargava, vice president of Product Strategy for Cortex at Palo Alto Networks.
“Rubrik’s integration with Cortex XSOAR enables our joint customers to benefit from prebuilt threat-hunting playbooks to quickly identify new threat activity, recover from ransomware attacks faster, and prevent reinfection from happening during or after the recovery process.”
New Data Security Capabilities
As legacy backup vendors struggle to meet the needs of ransomware protection and recovery, Rubrik continues to make its Zero Trust Data Security platform more robust. For example, Multi-Factor Authentication can be globally enforced across the entire platform to help ensure that unauthorised users do not gain access to data.
Additionally, Rubrik is expanding its Sensitive Data Discovery service to roughly 60 pre-defined analysers that can automatically identify and classify more data types, including certain types of Personal Identifiable Information (PII). The ability to discover sensitive business and customer information across environments without production impact can help reduce data risk, including assessing potential damage from an exfiltration attack.
New Cloud and SaaS Capabilities
Without Zero Trust Data Security, enterprise productivity tools and business applications in cloud and SaaS environments can be highly vulnerable as well.
Rubrik continues to enhance cloud data protection with the following advancements:
- Protection for Azure SQL with Fully-Managed SaaS Support: Expanded Rubrik coverage in Azure cloud ensures Azure SQL can be secured alongside other cloud and on-prem workloads for unified visibility and streamlined policy management.
- Reduced Blast Radius with Archives for AWS S3: In the event of an AWS production account being compromised by ransomware, cloud data can be recovered through a bunkered account with new credentials. To maintain security, the new account has limited access and deletion rights.
- Optimised Cloud Economics: Low-cost daily snapshots for Azure VMs and AWS EC2 instances can save organisations up to 40%.
- Enterprise-Scale Protection for Microsoft 365: With Rubrik protection for up to 100,000 users, Rubrik customers can recover more application data with restores for Microsoft Exchange contacts and calendars, SharePoint lists and Teams channel posts.
New Data Protection Capabilities
Rubrik’s data protection begins with a logical air gap to keep data online for rapid recovery while incorporating proprietary protocols so that attackers cannot discover customers’ data. Additionally, Rubrik’s append-only file system keeps data in an immutable state.
With this latest release, Rubrik is introducing:
- Expanded Protection for SAP Databases: Customers can now protect SAP HANA on IBM Power Systems, extending the ability to streamline protection and reduce the need for manual scripting and job scheduling across on-premises and the cloud.
- Faster Recovery of Oracle and SQL: Customers with large Microsoft SQL or Oracle databases that have a large number of files will now be able to recover even faster. SQL customers can see up to 3 times improvement in restores and Oracle customers can see up to 25 percent improvement for database recoveries.
- Enhanced Data Protection with Quicker Backups for Nutanix AHV: Now for Nutanix AHV, users can select individual disks to exclude from their backup to quickly protect only the critical and needed pieces, which frees up time and storage. Also to optimise network bandwidth and provide an extra security layer, the entire Nutanix AHV backup connectivity can be sent over a separate and isolated iSCSI Data Services network.
Rubrik’s latest release is expected to become available in the coming months through Rubrik’s expansive global partner network. The integration with Cortex XSOAR that includes prebuilt security orchestration playbooks for threat hunting and ransomware will also be available through the Cortex XSOAR Marketplace.