❗ Important
Our Cloud services are being updated in stages. If you do not see the updates mentioned here yet, they will be available in your region soon. To know more, see Druva Cloud Upgrade Process.
January 16, 2026
Feature
Introducing Threat Watch
📝NOTE: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support.
We are evolving your data protection from a reactive recovery tool into a proactive defense mechanism.
Threat Watch introduces a fully automated, continuous monitoring solution that integrates threat detection directly into your backup lifecycle.
By shifting to an "always-on" security model, Threat Watch ensures your backup environment is not just a data repository, but a resilient line of defense against ransomware and modern cyber threats.
Empowers Security Admins with automated early detection and auditability while providing Backup Admins the confidence of clean, risk-free restores.
This feature is now available for Cloud Native workloads - AWS EC2, Microsoft Azure VMs, and VMware (Data Center) workloads.
Access Path: From the Druva Cloud Platform Console, go to the Global Navigation menu > Cyber Resiliency > Posture & Observability > Threat Watch. Click Threat Watch. You will be redirected to the Threat Watch dashboard page.
Licensing requirement: This feature is included as part of the Premium Security license (SKU).
🛡️ Key Capabilities
Zero-Touch Automation: Experience seamless security with automatic onboarding. There is no manual configuration or operational overhead required for administrators.
Continuous Post-Backup Scanning: Backups are automatically scanned once indexing is complete. Scans run three times daily (every 8 hours) to ensure constant vigilance.
Retroactive Rescan: When new IOCs are added to the IOC library, Threat Watch automatically rescans backups up to 30 days old to identify previously hidden risks.
Automated Risk Containment:
Auto-Quarantine: Infected snapshots are isolated immediately upon detection.
Instant Alerts: Notifications are dispatched via SIEM integration, email, and in-app alerts.
Clean Point Recovery: Integrates with Recovery Insights to provide insights about the last clean snapshot.
Comprehensive IOC Libraries:
Druva Managed IOC Library: Powered by Google Mandiant, CISA, and Druva’s own ReconX Labs.
Custom Library: "Bring your own IOCs" by uploading custom IOCs tailored to your environment.
Detailed Reporting: Access in-depth reports at the snapshot level to see exactly which files are infected, along with Audit-Compliance and Scan Summary reports for full visibility.
🔍 Threat Watch vs. Threat Hunting
Threat Watch works alongside Threat Hunting to provide a multi-layered Defense in Depth strategy:
Feature | Monitoring Type | Primary Use-Case |
Threat Watch | Always-on, Automated | Proactive detection and automated containment. |
Threat Hunting | On-demand | Forensic investigation and manual incident response. |
Here's a quick overview video of the feature
Here's a quick overview video of the feature
For more information, see Threat Watch.
January 08, 2026
Enhancement
Get enhanced Data security for Azure SQL with Rollback support
You can now use the Rollback action to recover your Azure SQL backup data. This feature allows you to restore deleted backup data for Azure SQL backup sets within a configurable window, protecting against both accidental and malicious deletion.
For more information, see Rollback Actions.
Customer Action: None
To know about supported entities of Rollback Action, see support matrix.
January 01, 2026
This release has minor bug fixes.
December 18, 2025
This release has minor bug fixes.
December 04, 2025
This release has minor bug fixes.
December 01, 2025
Enhancement
Support for India storage region for Azure Cloud Storage for Enterprise and AWS Workloads
Security Posture & Observability, Advanced Ransomware Recovery, and Threat Hunting features currently supported for Enterprise Workloads (File Server, NAS, and VMware) and AWS Workloads (Azure Virtual Machines and EC2) will also be supported in India storage region for Azure Cloud Storage.
For more information about Azure Cloud Storage, see, Enterprise Workloads release notes.
November 20, 2025
This release has minor bug fixes.
November 06, 2025
This release has minor bug fixes.
November 03, 2025
Enhancement
Transition to Cloud-Based VMware Data Anomalies
❗ Important
This feature is under early access and is available for limited customers.
A significant enhancement has been made to the collection of Data Anomalies for VMware resource types.
The Change:
We are transitioning from the current agent-based model to a streamlined, cloud-based architecture (agentless).
This enhancement provides flexible, agentless deployment for zero-touch, credential-free protection.
Key Benefits:
Enhanced Security: Eliminates the need to share or store root/administrator credentials for the guest VM. You no longer have to provide guest OS credentials for the Data Anomalies feature to function. This improves the overall feature adoption and customer experience.
Simplified Operations: Reduces operational overhead by removing the dependency on an installed agent within the guest VM.
Increased Efficiency: Data collection no longer requires the VM to be powered on, improving flexibility and resource utilization. Provides zero-touch UDA configuration for VMware virtual machines.
Automated, Efficient Data Anomalies: Zero-touch Data Anomalies configuration for VMware VMs. Data collection no longer needs powered-on VMs, optimizing flexibility and resource utilization.
Modern Architecture: Aligns VMware Data Anomalies with a secure, scalable, and cloud-native architecture.
Customer Action required: To ensure your environment is ready to benefit from this simplified, agentless protection immediately, we require you to update your VMWare Backup proxy to version 7.0.8 or higher.
For more information, see Cloud-Based VMware Data Anomalies (Agentless).
October 23, 2025
This release has minor bug fixes.
Related Articles: