Rubrik’s ransomware tools align detection with protection
Rubrik has strengthened its anti-ransomware protection by expanding the capabilities of its core platform, with a focus on data security as well as data protection. It also added a cyber threat hunting tool and released a new vault service, Rubrik Cloud Vault.
At its Data Security Spotlight event this week, Rubrik focused on ransomware readiness, with data security in cloud and SaaS environments and extended data protection. Rubrik has unveiled the threat hunt within its Backup Platform, which allows users to scan backups for tradeoffs and ransomware. The data backup vendor also launched Rubrik Cloud Vault, a cloud archiving service built with Microsoft Azure, and it has integrated multi-factor authentication into every interface as additional protection against unauthorized users.
Ransomware is a problem for everyone, said Phil Goodwin, vice president of research at IDC. Techs and business people understand the risks, he said, adding that IDC surveys show ransomware to be the No.1 concern of business leaders and IT professionals.
“Rubrik is a disruptor in the industry right now,” Goodwin said. “Rubrik is growing rapidly, generating a lot of interest in the market and moving directly into the ransomware space. “
A new data security message
Organizations are frustrated with ransomware attacks, according to Murthy Mathiprakasam, senior director of product marketing at Rubrik. Today’s businesses have access to products that can identify security issues and tools to quickly resolve those issues, but there is still a disconnect in the marketplace.
“There is a gap in the market between the type of storage and the traditional legacy backup approach, and the world of security operations,” Mathiprakasam said.
Rubrik is looking to fill the void with his Zero Trust Data Security platform, Mathiprakasam said. This week, it announced an expansion of the capabilities of its platform, such as tripling the types of data it can identify and categorize.
Rubik has always supported a variety of workloads including databases, virtual machines, and SaaS workloads, but now extends data protection capabilities to SAP HANA on IBM Power Systems, faster recovery Oracle and SQL databases and faster backup for Nutanix AHV, he said.
The provider is also adding more cloud support. According to a press release, new cloud features include protection for Azure SQL and scaling protection for Microsoft 365. For AWS, Rubrik is reducing the S3 blast radius – how far and how much a ransomware attack affects an environment, according to Vasu Murthy, vice president of products at Rubrik.
Go from data protection to security to hunting
Rubrik’s announcement can be seen as a deeper shift towards data security, Goodwin said. Data protection can be thought of as backdoor protection in a disaster, while data security can be seen as protection of the front door, in this case against ransomware. Rubrik wants his tools to do both, which means providing businesses with the means to be proactive.
Part of its approach is the new cyber threat hunting ability. Traditionally, cyber threat hunting has been carried out by a security team looking for malicious patterns and behavior, Mathiprakasam said. But hackers can remove their tracks. Rubrik has already provided immutable backups to customers, which means the data cannot be changed. It is now adding its threat hunting tool to detect dormant ransomware, scan backups for patterns and track the possible evolution of an attack, he said.
Rubrik will apply advanced machine learning to analytics to provide insight, he said. It is not a passive environment, the information collected helps operators perform faster recoveries.
Cyber threat hunting capabilities integrate with products like Palo Alto Networks Cortex XSOAR threat hunting playbooks through APIs, according to a press release.
Enter Rubrik Cloud Vault
The other major new release, built on the alliance between Microsoft and Rubrik, is Rubrik Cloud Vault, according to Murthy.
Cloud Vault is a fully managed offering for securing customer data. Users can create a logical vault of air-gap data that Rubik stores on Azure, using the immutability features of the hyperscaler and the Zero Trust security stack. The safe is constantly updated with customer data as it continues to change, he said.
Customers can recover data instantly when they need it. The data is disaggregated and managed by Rubrik. Regardless of what happens to the customer’s environment, the data will be available to them.
Brent Ellis, senior analyst at Forrester Research, said that while there is value in vault or airspace-based technology, they are not foolproof.
“There is some additional protection with these technologies,” he said. “However, if you have some kind of malware infection that’s already archived, then you just copy it to the vault.”
The processes and detection tools around the data are what’s important, Ellis said. When the infrastructure connects to the vault to deposit an archive, the active connection created can provide hackers with a way to intervene if the backup infrastructure is compromised.
Although built on Azure, non-Azure customers with suitable products can use Rubrik Cloud Vault. They will choose a region, and that will automatically provision storage and move their data, he said.
Rubrik Cloud Vault should be available on Azure Marketplace in the coming months. While no price has been set, Rubrik expects to base it on the amount of data a client stores – a fixed price that is not subject to egress charges or API calls. .