alphaspirit - Fotolia
Druva has built monitoring and detection tools into its inSync endpoint data protection software to help companies deal with one of the greatest security threats they face today: ransomware attacks.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The upgrades include automated alerts that flag unusual activity occurring to data in desktops, laptops, mobile devices and cloud applications. The Druva inSync software includes charts that show trends in data behavior. It provides granular, per-user details, such as file names, data types and paths to show which data could be encountering a security risk. The Druva software also helps identify the last good snapshot of that data to recover the entire data set or individual files.
"This typically is a very manual, painstaking process," Druva CEO Jaspreet Singh said of the type of monitoring inSync now performs. "This is what we want to change and improve. We want to make the process foolproof both for detection and recovery."
Backup software vendors are making ransomware protection a priority in their data protection products these days as the threat spreads.
Steven Hill, a senior analyst of storage technologies at 451 Research, said companies have to be more proactive to protect themselves from ransomware attacks. An alerting system that looks for anomalies in the data process is a good step in that direction.
"So much of ransomware is based on social engineering," he said. "It's a matter of looking for that behavior. You have to look for specific actions, and, in this case, it's the encryption of massive amounts of files. That is not normal behavior. The challenge is finding out when it is happening and putting awareness at the endpoint. The sooner you know it is happening, the better.
"Druva is trying to identify the behavior and tie it in with the recovery platform. They are trying to add an additional step that allows you to go back to the last good copy."
Functions of Druva software and cloud backup
Druva sells two branded cloud backup products. The enterprise-level Druva inSync product is for endpoints, and it backs up data across physical and public cloud storage. Druva Phoenix is a software agent to back up and restore data sets in the cloud for distributed physical and virtual servers. Phoenix applies global deduplication at the source level and points archived server backups at a cloud target.
Jaspreet SinghCEO, Druva
Druva has first added the monitoring and detection capabilities to inSync because it touches end users' devices, which increases the entry points for ransomware. The alerting capabilities are on the Phoenix roadmap.
Singh said the Druva software applies machine learning to help detect anomalies in the data stream. It looks for patterns such as gradual increases and spikes in data usage, changes in file types and suspicious movement in data.
"Sometimes, ransomware copies data, encrypts it and deletes the old copy," he said. "Ransomware is getting sneakier. We are collecting ransomware research, and we understand it because we are in the data path. Once we understand the anomalies in the data, this helps with visual markers. Once we sense anomalies, we can send notifications to the user."
The Druva software provides customers with details on which servers and users were affected. It detects, sends alerts and builds a visual map of how the ransomware attack affected the system and automates the recovery.
"We offer a seamless way to go back in time, to the best time stamp on the user and server," Singh said. "We look at every single server and user and recover only the files that are impacted. We only roll back files that were tampered."
Druva last year scored $51 million in new private financing, which the company plans to use to diversify its backup platform and accelerate global marketing and sales. Druva announced plans to use part of the money to introduce new features into its software, including machine learning capabilities to analyze multiple data sets in the public cloud.
Defend against ransomware with data backup
Best practices for mobile data protection
Innovation leads to backup product improvement