❗ Important
Our Cloud services are being updated in stages. If you do not see the updates mentioned here yet, they will be available in your region soon. To know more, see Druva Cloud Upgrade Process.
February 13, 2025
This release has minor bug fixes.
AWS GovCloud (US) Update on February 10, 2025
We’re excited to announce that the AWS GovCloud (US) will now support Cyber Resiliency features for Enterprise Workloads. For more information, see the Enterprise Workloads release notes.
January 30, 2025
New Feature
Introducing curated Threat Intelligence and IOC Library integration
We’re excited to introduce the availability of Druva-curated Threat Intelligence (Druva-published IOC Sets) that will be used across all Cyber Resiliency features for malware and ransomware scans.
The Druva-published IOC Sets and the custom IOC Sets can be viewed under the IOC Library.
Here is a preview
Here is a preview
IOC Library is a centralized place to create and store multiple IOC Sets for IOCs - file hashes or file extensions belonging to different malware and ransomware families.
The IOCs for the Druva-published IOC Sets are sourced from widely trusted sources. For example, CISA advisories are one of the many sources referred to by Druva. The Druva-published IOC Sets are updated periodically with new IOCs. You will receive a notification when a new IOC Set is published by Druva.
📝 Note:
Druva-published IOC Set is available with only a Premium Security license.
You can create a custom IOC Set with the Accelerated Ransomware Recovery license.
This enhancement helps with better tracking and IOC management.
Here’s what you can do with the IOC Library integration:
The IOC Sets are directly used for scanning malware when you define scan criteria or parameters for malware checks for Restore Scan, Sandbox Recovery, and Curated Snapshot features.
Run proactive threat hunting on backups (VMware and EC2) using the Druva-published IOC Sets to ensure that backed-up data is free of infection from this prevalent malware.
Customer Action Required: None
For more information, see IOC Library.
Druva integration with Microsoft Sentinel
We are excited to announce Druva's integration with Microsoft Sentinel.
With this integration, you can better manage ransomware detection, response, and recovery by facilitating better collaboration between IT & SecOps tools.
Key features available with this update:
Druva Events Data Connector: Receive Druva Security & Operational Events right into your Microsoft Sentinel. Receive alerts for suspicious admin activities, data anomalies like file additions, deletions, modifications & encryption, unusual data access events, and backup policy changes.
Quarantine Playbooks: Manage Ransomware Response by quarantining infected backup snapshots on the impacted resources, which helps safeguard your system from further infection by barring users or administrators from downloading or restoring data.
Here’s the Druva app for Microsoft Sentinel.
For more information, see Druva app for Microsoft Sentinel.
January 16, 2025
This release has minor bug fixes.
January 03, 2025
Enhancement
Refreshed Cyber Resiliency User Interface
The Cyber Resiliency user interface is now redesigned to provide a seamless experience. Furthermore, the Security Center dashboard is refreshed to display critical information and advanced threat summary details in a consolidated view, enhancing accessibility to key insights. Here are some of the key enhancements:
1. Categorization of Cyber Resiliency Features
The features are rearranged on the Global Navigation Bar to simplify navigation ensuring streamlined access to the required information.
The Posture and Observability section will have the following features:
Access Events
Data Anomalies
Rollback Actions
The Ransomware Recovery section will have the following features:
Quarantine Bay
Curated Snapshots
Restore Scan
Threat Hunting
2. Renamed below Cyber Resiliency Features
The features are relabelled more accurately representing its functionality and purpose.
Security Command Center to Security Center
Security Events to Access Events
Unusual Data Activity (UDA) to Data Anomalies
📝 Note
The Unusual Data activity functionality under the Security Events is now moved to a separate module under the Posture and Observability section.
Malicious File Scan to Restore Scan
December 19, 2024
New Feature
Introducing Threat Hunting for AWS Workloads (EC2 and EBS Volume)
We’re excited to introduce Threat Hunting, a powerful new feature that enhances the security posture and assists in improving security operations and incident response workflow.
Our comprehensive approach lets you actively search for and address threats hiding in your backed-up data. With Threat Hunting, you can quickly isolate, analyze, and neutralize threats, stopping infections from returning to your production environment.
Threat Hunting helps you have a unified view of threats—and you can define the scope of resources, adjust scan depth, set IOC parameters, and even decide how often to run threat hunts, whether proactively or on-demand.
Here’s what you can expect from this latest update:
Key Features:
Malware IoC Search: Efficiently hunt for malware Indicators of Compromise (IoCs) within your AWS Workloads (EC2 and EBS Volume) air-gapped backups. Quickly identify and assess potential threats
Infection Scope and Timelines: Gain insights into the scope of the infection and timelines
Rich Metadata: Use the rich metadata presented in Threat Hunting results to aid investigation and incident response workflows
Customer Action Required: Contact sales or support to procure the Threat Hunting for AWS Workloads (EC2 and EBS Volume) license.
For more information, see Get Started with Threat Hunting.
November 21, 2024
This release has minor bug fixes.
November 07, 2024
This release has minor bug fixes.
October 24, 2024
This release has minor bug fixes.
October 10, 2024
ENHANCEMENT
Support for SHA-256 and MD5 file hashes in Threat Hunting
With evolving security needs, we have broadened our support for file hash formats.
Key enhancements:
Custom file hash support: Users can now input file hashes in SHA-256 and MD5 formats in addition to the existing supported SHA1 format for threat hunting.
Automatic SHA1 processing: For every SHA-256 and MD5 hash provided, the system will attempt to find the corresponding SHA1 hash on a best-effort basis.
While SHA1 is still the recommended format for optimal results, this update offers greater flexibility by allowing the use of SHA-256 and MD5 hashes.
Customer Action Required: None
For more information, see Create a new threat hunt.