❗ Important

Our Cloud services are being updated in stages. If you do not see the updates mentioned here yet, they will be available in your region soon. To know more, see Druva Cloud Upgrade Process.

This release has minor bug fixes.

This release has minor bug fixes.

With evolving security needs, we have broadened our support for file hash formats.

Key enhancements:

While SHA1 is still the recommended format for optimal results, this update offers greater flexibility by allowing the use of SHA-256 and MD5 hashes.

Customer Action Required: None

For more information, see Create a new threat hunt.

This release has minor bug fixes.

Introducing our new Threat Hunting APIs for VMware, offering seamless functionality to create new threat hunts, list and view details of the created threat hunts, search and view resources and their details, and much more.

With these APIs, you can get information and perform operations on the VMware resources managed in Druva Cloud for Threat Hunting.

The following is a list of APIs, along with a brief description:

For more information, see Threat Hunting APIs

Customer Action Required: None

We have now extended the support of Download Data Access events for PST files for Exchange Online and Gmail. You can proactively take the necessary corrective action in case of suspicious data access.

For more information, see Data Access Events.

This release has minor bug fixes.

❗ Important: This capability is supported only for VMware-backed-up resources.

We’re excited to introduce Threat Hunting, a powerful new feature that enhances the security posture and assists in improving security operations and incident response workflow.

With Threat Hunting, Druva offers the ability to hunt for undetected threats that might have penetrated cyber defenses.

Threat Hunting provides built-in containment and remediation solutions to reduce incident response time and eliminate reinfection risks to your VMware backups.

Here’s what you can expect from this latest update:

Key Features:

Customer Action Required:

For more information, see Get Started with Threat Hunting.

Auto-Quarantine for VMware resources: We have enhanced the Quarantine Snapshots workflow by adding the Auto-Quarantine Snapshots capability for VMware. This capability automatically quarantines impacted snapshots identified after successfully completing Threat Hunting for VMware backed-up resources. With the auto-quarantine feature, you can prevent accidental restores of infected data and reinfection.

Manual quarantine for resources: You can now add multiple quarantine ranges for resources to isolate and quarantine infected snapshots across multiple date ranges.

For more information, see Quarantine Snapshots.

Customer Action Required: None

❗ Terms and Conditions:

Druva's Managed Data Detection and Response Service is available only to Druva and Dell customers. MDDR is an advanced-release product/service and is subject to Druva’s Early Access Addendum. The MDDR Service is provided “as is”. Druva makes no promises with regard to response times.

With the new Managed Data Detection and Response Service (MDDR), Druva provides a managed service that offers round-the-clock monitoring of key backup threat indicators to detect and respond to potential threats that can result in a loss of or damage to your backed-up data.

This service is automatically built into the Druva Cloud Platform and is available as part of your backup subscription.

For more information, see Managed Data Detection and Response Service.

Customer Action Required: None

VMware UDA now includes encryption detection capabilities. This enhancement aims to bolster the ability to detect ransomware attacks by identifying suspicious encryption attempts within the Guest OS.

Until this release, VMware UDA supported the monitoring and detecting anomalous file activities such as bulk creation, update, and deletion. The addition of encryption detection enables proactive identification of potential ransomware activities, thereby enhancing overall threat detection and response capabilities.

Action Required: None

For more information, see Unusual Data Activity for VMware.

We have now extended the rollback action feature support to Azure virtual machines.

With Rollback Actions, you can now roll back deleted entities within a configurable rollback window. The deleted entities are available for rollback for the specified days before the entity and its backups are permanently deleted. This enhancement allows you to revert malicious or unintended deletes without any data loss and enables the rapid restoration of productivity.

Action Required: Existing Ransomware Recovery customers will receive this offering as part of their existing license. Customers who don’t have a Ransomware Recovery license can opt to purchase the Security Posture and Observability license exclusively. To obtain the license, contact Support.

For more information, see Rollback Actions.

We've added APIs for Cyber Resilience reports in our common reporting framework. Now, as per your requirements, you can quickly get report data.

You can build integrations to obtain specific data for various use cases. For example, you can:

With these new APIs, you'll have more flexibility and control over your reporting.

For more information, see Getting Started with Reports API.

This release has minor bug fixes.

This release has minor bug fixes.

We have now extended the support of Data Access events for Microsoft 365 and Google Workspace data sources. This enhancement allows you to view all new geo-locations from where a download data access event is performed by an administrator or user within a period of 7/30 days for Microsoft 365 and Google Workspace data sources. You can proactively take the necessary corrective action in case of suspicious data access.

For more information, see Data Access Events.

We have launched a 30-day free trial to help you explore data security and ransomware recovery use cases for all the supported workloads Druva protects.

You can initiate the trial by selecting the Security Posture or Ransomware Recovery from the Global Navigation > All Services > Cyber Resilience card as required. We will create your trial account and get you started with a single click.

This release has minor bug fixes.

We are excited to bring the following new Ransomware Recovery and Security Posture & Observability reports that provide valuable historical data for analytics and monitoring backed-up data security.

Ransomware Recovery Reports

Enhance your security strategy with comprehensive reports tailored to aid ransomware recovery. These include:

Security Posture & Observability Reports

Elevate your security posture with the following set of reports:

You can now seamlessly generate and export reports in PDF or CSV format. Create subscriptions to automate report delivery for your security team.

For more information, see Cyber Resilience Reports.

📝 Note:

You can view all these reports with the Accelerated Ransomware Recovery license. However, with only a Security Posture & Observability license, you can view only Unusual Data Activity, Data Protection Risk, Rollback Actions, and Admin Login and Data Access Events reports.

While you experience the speed and power of Druva’s 100% SaaS Cloud-first data protection platform, we are committed to ensuring that your entire journey with us is as seamless as possible. So, here’s introducing the Druva help center; a self-serve-first help experience that offers quick access to assistance whenever needed. The new help center functions as the primary repository for all information, delivering a significantly more personalized and contextual experience when accessed through the product console.

Here’s a look at what’s new and what’s changed:

Action required

We have ensured that the transition to help.druva.com is seamless for you. We recommend that you update your bookmarks and ensure you're using the latest version of client software to access this help experience for the Client.

Go ahead and explore the enhanced experience or learn more.

We have bolstered the effectiveness of encryption checks within our Unusual Data Activity (UDA) algorithm to detect potentially suspicious ransomware-encrypted files more accurately.

You can now access detailed insights explaining why the UDA algorithm flags a particular file as encrypted.

Here is a glimpse

This improvement provides enhanced visibility into data anomalies within backup snapshots, empowering you to swiftly identify and investigate potentially compromised files affected by ransomware.

For more information, see View UDA alerts.

This release has minor bug fixes.

This release has minor bug fixes.

You can now track and monitor the following Unusual Data Activity actions using the Audit Trails feature:

This feature helps to meet the data governance and compliance requirements by providing a chronological view of administrator activities performed for Unusual Data Activity.

Here is a glimpse

For more information, see About Audit Trails.

This release has minor bug fixes.

This release has minor bug fixes.

We are excited to bring in the following two new UDA events for VMware resources that help you with proactive error management in case of UDA failures and seamless functioning of Unusual Data Activity.

For more information, see Alerts and Events API.

Security Events: Data Access events support for VMware resources

You can now closely monitor and track data restore activity access by administrators for VMware resources for a defined period with Data Access events feature. This enhancement helps ensure that the data is restored to a trusted location known to Druva and thus prevents any data security breaches.

When an administrator initiates Admin Restore activity for VMware, an access event job is created, which can be viewed from the Security Events Dashboard > Data Access page for further investigation.

For more information, see Data Access.

Hybrid Workloads: VMware events API integration with Splunk app

VMware backup (success/failure) and restore (success/failure) events API are now integrated with Druva Splunk app. This integration helps to monitor logging for threats and risks from different applications centrally.

For more information, see the Druva app for Splunk and VMware events API.

This release has minor bug fixes.

This release has minor bug fixes.

Introducing Curated Snapshots for Microsoft 365 (OneDrive and SharePoint)

We are excited to bring in the Curated Snapshots for Microsoft 365 feature that helps accelerate recovery time and minimizes data loss during cyber security attacks.

Curated snapshot allows you to create a customized snapshot with the latest, cleanest, and safest scanned file version available for restore.

You can restore files/folders for OneDrive and SharePoint from the Curated Snapshot without any security or malware risks. This enhancement eliminates the need to perform multiple granular restores from various snapshots.

Here is a glimpse

For more information, see Curated Snapshots for Microsoft 365.

This release has minor bug fixes.

This release has minor bug fixes.

Unusual Data Activity (UDA) 1.0 end-of-life update

We have now deprecated the Unusual Data Activity 1.0 version, which was available as a part of the backup Elite license.

The new Unusual Data Activity (UDA) is a part of the Security Posture & Observability add-on.

Contact your Account Representative, Customer Success Manager, or Druva support for more details.

UDA for VMware: Added sudo user support for Linux virtual machines

You can now provide sudo user credentials for a non-root user while using UDA for Linux virtual machines. This enhancement thus offers more flexibility and eliminates the restriction of using only root credentials for UDA.

For more information about configuring and managing sudo user credentials, see Manage credentials for VMware servers.

For more information, see Unusual Data Activity.

Customer action required: Upgrade the VMware proxy to version 6.3.2-359254.

Unusual Data Activity (UDA) support for SharePoint and OneDrive

You can now define the UDA settings for anomaly detection for your backed-up SharePoint and OneDrive resources from Cyber Resilience > Security Events > Settings page.

Based on the defined settings, the UDA algorithm detects malicious, intentional, or unknown activities for the number of files that are added, encrypted, deleted, or modified and subsequently generates alerts, thus providing efficient data resiliency from threats.

You can review the alerts from the Security Events > Overview > Unusual Data Activity section and take appropriate action to resolve the risk to ensure the backed-up data is safe.

Here is a glimpse

For more information, see Unusual Data Activity.

Customer Action Required: None

Rollback Actions support for manually deleted snapshots

With Rollback Actions, you can now rollback manually deleted snapshots for Endpoints and SaaS Apps within a configurable rollback window. By default, the Rollback Actions window is configured for 7 days.

The manually deleted snapshots are available for rollback for the specified days before they get permanently deleted.

This capability allows the administrator to revert malicious or unintended deletes without data loss and enables rapid restoring productivity.

If you have consciously triggered the deletes, the snapshots get permanently deleted after the rollback window expires.

📝 Note
​ Currently, rollback action support for manually deleted snapshots is available only for Endpoints and SaaS Apps - Exchange Online, Gmail, OneDrive, Shared Drives, and SharePoint snapshots.

Endpoints

► Here is a glimpse of the update

SharePoint

► Here is a glimpse of the update

For more information, see,

Customer Action Required: None

Sandbox recovery: Support for automatic deletion of malicious files

In the Sandbox Recovery workflow, you can automatically delete malicious files detected via Malicious File Scan. This option safeguards against further damage and ensures the restored data is secure.
You can enable automatic deletion of malicious files from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.

► Here is a glimpse of the update

For more information, see,

This release has minor bug fixes.

This release has minor bug fixes.

Sandbox recovery: Malicious File Scan support for Linux sandbox virtual machines

Use the Sandbox Recovery feature to recover a specific restore point, followed by an antivirus scan in a sandbox environment. You can certify whether the selected restore point is clean based on the scan results.

After a successful sandbox virtual machine data restore, you can scan the data for viruses and malware with the Malicious File Scan feature enabled.

For Sandbox virtual machines, you can enable the Malicious File Scan feature from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.

► Here is a glimpse of the update

The anti-virus scan engine scans the entire data for potential viruses and malware and provides details for the following that can help you take the necessary corrective action:

►Here is a quick preview of Sandbox Recovery.

For more information, see,

This release has minor bug fixes.

Sandbox recovery: Malicious File Scan support for Windows sandbox virtual machines

❗ Important

This feature is available for all customers using the Windows operating system. It is under early access and is available for limited customers using the Linux operating system.

Use the Sandbox Recovery feature to recover a specific restore point, followed by an antivirus scan in a sandbox environment. You can certify whether the selected restore point is clean based on the scan results.

After a successful sandbox virtual machine data restore, you can scan the data for viruses and malware with the Malicious File Scan feature enabled.

For Sandbox virtual machines, you can enable the Malicious File Scan feature from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.

► Here is a glimpse of the update

The anti-virus scan engine scans the entire data for potential viruses and malware and provides details for the following that can help you take the necessary corrective action:

►Here is a quick preview of Sandbox Recovery.

For more information, see,

Unusual Data Activity (UDA) support for VMware resources

You can now define the UDA settings for anomaly detection for your backed-up VMware resources from Cyber Resilience > Security Events > Settings page.

► Here is a glimpse of the update

Based on the defined settings, the UDA algorithm detects malicious, intentional, or unknown activities for the number of files that are added, deleted, or modified and subsequently generates alerts, thus providing efficient data resiliency from threats.

You can review the alerts from the Security Events > Overview > Unusual Data Activity section and take appropriate action to resolve the risk to ensure the backed-up data is safe.

For more information, see Unusual Data Activity.

Customer Action Required: None

This release has minor bug fixes.

This release has minor bug fixes.

Endpoints: Manage antivirus scan during device replace

Administrators can now enable or disable an antivirus scan check before restoring data to a replaced device.

❗ Important

By default, the antivirus scan check is enabled to ensure that the data restored to the replaced device is safe and secure.

Navigate to the Ransomware Recovery > Malicious File Scan > Settings > Edit and select the Skip Antivirus Scan during Device Replacement check box to disable the antivirus scan and deselect the checkbox to enable the scan.

► Here is a glimpse of the update

Alternatively, you can also perform this action using API.

For more information, see,

Customer Action Required: None

This release has minor bug fixes.

An enhanced experience for Unusual Data Activity (UDA)

❗ Important

Unusual Data Activity (UDA) for VMware is under early access and is available for limited customers.

With this release, we bring the following enhancements to Unusual Data Activity:

Unusual Data Activity with customizable settings

Unusual Data Activity (UDA) is now enhanced to allow you to customize and define the UDA settings for anomaly detection for your backed-up resources, thus providing efficient data resiliency from threats.

You can define the UDA Settings from Cyber Resilience > Security Events > Settings page.

► Here is a glimpse of the update

Based on the defined settings, the UDA algorithm detects malicious, intentional, or unknown activities for the number of files that are added, deleted, or modified and subsequently generates alerts.

You can review the alerts from the Security Events > Overview > Unusual Data Activity section and take appropriate action to resolve the risk to ensure that the backed-up data is safe.

Improved Data Activity trend graph

The Data Activity Trend that represents data backed up in the resource by snapshots is enhanced to provide a more detailed view for better monitoring and understanding of Unusual Data Activity.

► Here is a glimpse of the update

For more information, see Unusual Data Activity.

►Here is a quick preview of the enhanced Unusual Data Activity.

Customer Action Required: To sign up for this feature, contact support.

This release has minor bug fixes.

Sandbox recovery: Malicious File Scan support for windows sandbox virtual machines

❗ Important

This feature is under early access and is available for limited customers.

Use the Sandbox Recovery feature to recover a specific restore point, followed by an antivirus scan in a sandbox environment. You can certify whether the selected restore point is clean based on the scan results.

After a successful sandbox virtual machine data restore, you can scan the data for viruses and malware with the Malicious File Scan feature enabled.

For Sandbox virtual machines, you can enable the Malicious File Scan feature from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.

► Here is a glimpse of the update

The anti-virus scan engine scans the entire data for potential viruses and malware and provides details for the following that can help you take the necessary corrective action:

For more information, see,

New API for listing count of restore scan jobs

We have added the List count of restore scan jobs API to support automation and get information about the total count of all the restore scan jobs for different resource types- File Server, NAS, Endpoints, and so on.

For more information, see Developer Portal.

This release has minor bug fixes.

For release notes of previous cloud updates, see Archived Release Notes.