Rubrik makes ransomware a focus for its cloud backup SaaS

At Rubrik Forward, the data protection-turned-security vendor introduces user intelligence tools and adds support for additional data sources including AWS S3.

Rubrik seeks to further unite IT security and data protection teams through new features in the Rubrik Security Cloud SaaS platform.

The latest updates to Rubrik Security Cloud, featured in Wednesday's keynote at Rubrik Forward 2023, are designed to enable earlier detection of ransomware threats, identify vulnerable users and add data protection for common enterprise data sources such as AWS S3.

The disaster recovery vendor, which rebranded itself as a security specialist last year, is looking to expand its user base to the IT ops team rather than the typically siloed storage or backup administrator.

The move to bring more eyes to backup data should help improve security by eliminating sources of personally identifiable information before they leak and catch ransomware payloads in backups before detonation, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group.

Blurring the line between backup and security vendors will likely continue in the next several years, he said, as the threat of ransomware will inevitably merge the two disciplines.

The pivot to security may have appeared to be a bit bold originally; the reality is that this is where the market is going.
Christophe BertrandAnalyst, Enterprise Strategy Group

"[Rubrik] has recognized that the traditional data protection [and] DR market is morphing to integrate into a broader cyber-resiliency infrastructure," Bertrand said. "The pivot to security may have appeared to be a bit bold originally; the reality is that this is where the market is going."

Threat insights

Rubrik User Intelligence, a new SaaS product, provides IT ops teams with security insights based on information contained in backups and snapshots saved in Rubrik Security Cloud.

These insights include identification of high-risk users based on their access to sensitive or important data as designated by the enterprise, as well as a list of permissions available to different groups and users. Rubrik's user intelligence strategy includes a new dashboard to remediate loose access policies and limit what data enterprise users have access to.

Rubrik Security Cloud customers will get access to a new Rubrik Threat Monitoring service and dashboard.

Rubrik Threat Monitoring adds ransomware and corruption detection capabilities by scanning backups against known ransomware signatures from third-party suppliers, Rubrik's own security teams database and enterprise patterns. Threats or compromised files are flagged according to priority within the dashboard with remedial action suggestions.

These capabilities are meant to give more insights faster to teams outside of the data backup team, according to Anneka Gupta, chief product officer at Rubrik. Customers understand the threat and common signs of ransomware attacks but typically lack the manpower or skills to identify more complex attacks.

"Most IT organizations don't have this level of information," Gupta said. "We're able to provide that information to our customers because we're taking snapshots of all of their critical data."

Rubrik wants to eventually integrate more generative AI capabilities into its SaaS, akin to backup vendor Cohesity, beyond the pattern recognition tools available in these two new offerings.

"I want to make sure that we're focused on very practical applications that bring AI productivity to our end customers," Gupta said. "We already know that AI is being used by threat actors to evade common ways of detecting attacks. How do we train our models to detect those kinds of attacks on data?"

Rubrik is attempting to make inroads into AI by partnering with Zscalar Inc., a cloud security company, to integrate AI and machine learning capabilities into ransomware detection.

Both Rubrik's user intelligence tools and Rubrik Threat Monitoring will be available in the coming months.

New support

Rubrik Security Cloud's guard duties now extend to data in Microsoft Active Directory, Atlassian Jira and AWS S3 object storage and Aurora databases. New tools enable comprehensive recovery of data and snapshots stored within these services, with specific capabilities targeted at admins of each data service.

Active Directory Protection enables on-premises and cloud backups, with immutable air-gapped copies possible alongside granular recovery features. Atlassian Jira Data Protection provides a dashboard for Jira administrators to review recovery actions and compare snapshots for recovery.

The addition of support for AWS object storage is a first for Rubrik, as the vendor's software protected only Microsoft Azure storage and services as well as components of the Google Cloud Platform hyperscalers before.

AWS S3 is a ubiquitous form of storage in the enterprise and one that may inevitably carry mission-critical workloads alongside other SaaS data, according to Bertrand.

"The race to protect more and more mission-critical SaaS workloads is on," Bertrand said. "The expansion to AWS S3 and Aurora is also a key step, as these environments are typically supporting mission-critical processes."

Support for these data sets will be added in the coming months.

Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.

Next Steps

Caution: There are many ways to lose SaaS data

Dig Deeper on Cloud backup