CLOUD
CLOUD
CLOUD
Druva tackles ransomware with new analytics-powered data recovery
The hardest part of dealing with a ransomware attack often isn’t removing the malicious payload but rather recovering the files lost in the attack, a challenge that Druva Inc. has taken it upon itself to address.
The Sequoia-backed data protection provider is launching a set of new features for its InSync platform today aimed at helping companies restore ransomed records more easily. At the core of the update is a monitoring mechanism that can track track file usage in an organization and understand what constitutes normal user behavior. From there, the algorithms under the hood check every important action against the activity database to detect anomalies that may indicate a breach.
It’s the same basic approach that threat prevention providers such as the recently funded Castle Inc. and Nozomi Networks SA use to detect threats. Looking for activity patterns rather than specific malware makes it possible to identify breaches more accurately while reducing the risk of false positives that unnecessarily inconvenience users.
In practice, this means that Druva’s new monitoring feature can distinguish ransomware from, say, a salespeople merely looking to delete a few old email templates. Positive hits are automatically brought to the attention of information technology personnel via an alerting system that is designed to speed up response times. It’s paired with a diagnosis tool that makes it possible to examine the files, users and other factors involved in a suspected ransomware infection to reveal the full picture.
Once they’ve pinpointed a breach, administrators can use Druva’s existing recovery features to restore the compromised files. They also have access to a new snapshot finder that automatically locates the most recent clean copy of a dataset. The latter addition is designed to spare IT departments the hassle of sifting through their backups manually after a breach, which can add up to a lot of saved time when it comes to large malware infections.
Druva believes that there’s a big market for its new capabilities. In today’s launch announcement, the company cited a recent report from the U.S. Department of Justice that found an average of 4,000 ransomware attacks occur in the U.S. every day. One recent campaign saw hackers ransack tens of thousands of MongoDB deployments by exploiting a widespread configuration mistake.
Image via Pixabay
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
