Druva expands threat hunting tools, services for backup
Threat hunting capabilities baked into the recovery process for Druva are now available as a separate feature for use on demand or as a managed service.
Infrastructure teams using Druva Data Security Cloud can now use the platform's threat hunting capabilities without initiating a recovery process.
Druva, a SaaS data protection and management vendor targeting midsize and enterprise organizations, today released threat hunting capabilities as a separate feature to generate incident audit logs, use metadata to track and monitor files, and access analytics on data. Before, these capabilities were only available during a recovery process, but are now available as needed. Druva is also offering a managed data detection and response (DDR) service at no additional cost for customers that wish to offload some threat hunting in backup environments to Druva employees.
Backup vendors have begun wading into the needs of security teams rather than strictly infrastructure demands as cybersecurity becomes a top-of-mind concern for organizations, according to Simon Robinson, an analyst at TechTarget's Enterprise Strategy Group. These threat hunting capabilities might be more at home in security or observability software, but do indicate the blurring cybersecurity domains that teams are responsible for, he said.
"This is an arms race," Robinson said. "This space is evolving so quickly [that] we do need to be on proactive footing and remember security is a team sport."
Threat spotted
The Druva Data Security Cloud previously enabled users to flag and eliminate potential malware within a backup environment during a recovery process only, according to Stephen Manley, CTO at Druva.
The threat hunting capabilities enable Druva customers to access threat assessment capabilities without the need for a full restore process, he said. Threat hunting within Druva doesn't seek out abnormal user behavior, but instead looks for specific areas compromised in data, including file extensions or file patterns created through malware, Manley said.
Security teams can then use these logs and audits to create timeline reports following a cyberattack to document what data was specifically compromised, such as personally identifiable information, he said. Infrastructure IT teams, meanwhile, can work on recovery by using Druva's recommendations to locate clean backups.
"We're part of a very big ecosystem," Manley said. "We're not trying to be the end-all security tool, [but] we have insights into the data [that] traditional security tools don't. Backups have all the information -- it's just hard for the security team to find it."
Druva also offers a managed DDR service free to customers to help identify and eliminate data threats before they take root. Included capabilities in the managed service include automatic backup lockdown, response runbooks and customer service provided by Druva employees. The service, which Druva defines as a limited managed service, will be available to customers at no additional cost. Druva encouraged customers to consider using third-party security tools to fully protect their environments, as the service only looks for a limited pool of threats.
The new threat detection feature doesn't take advantage of Dru, Druva's generative AI assistant, but the feature is being examined for a future update, Manley said.
We're in an age of cyberattacks not going away anytime soon, [so threat detection] is almost table stakes.
Krista MacomberAnalyst, Futurum Group
Druva's new threat detection offerings are going to become increasingly commonplace among other backup vendors, according to Krista Macomber, an analyst at Futurum Group. In April, for example, Veeam acquired Coveware to add incident response and cyber recovery tools, along with experience in white-glove recovery services.
Infrastructure IT teams will need to work more closely with security teams by adopting best practices, terminology and reporting tools to make sure the lines of communication remain clear, she said.
"Infrastructure teams are trying to respond as quickly as possible and scale as quickly as possible across these environments that are very heterogeneous," Macomber said. "We're in an age of cyberattacks not going away anytime soon, [so threat detection] is almost table stakes."
Watch your vendor's 6
Customers using cloud or SaaS products should keep in mind the shared responsibility model when considering data protection strategies, according to Mitch Ashley, chief technology adviser at Futurum Group.
Druva might help protect customer data, but the possibility exists for the vendor itself to be compromised, he said. Customers should consider asking how a vendor will protect itself and the customer data before signing up for incident response services.
"When an attacker goes after [Druva], how are they preventing that and how are they recovering from that?" Ashley said. "They are part of the attack, too, and part of the response."
Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.
