❗ Important
Our Cloud services are being updated in stages. If you do not see the updates mentioned here yet, they will be available in your region soon. To know more, see Druva Cloud Upgrade Process.
October 10, 2024
ENHANCEMENT
Support for SHA-256 and MD5 file hashes in Threat Hunting
With evolving security needs, we have broadened our support for file hash formats.
Key enhancements:
Custom file hash support: Users can now input file hashes in SHA-256 and MD5 formats in addition to the existing supported SHA1 format for threat hunting.
Automatic SHA1 processing: For every SHA-256 and MD5 hash provided, the system will attempt to find the corresponding SHA1 hash on a best-effort basis.
While SHA1 is still the recommended format for optimal results, this update offers greater flexibility by allowing the use of SHA-256 and MD5 hashes.
Customer Action Required: None
For more information, see Create a new threat hunt.
September 26, 2024
This release has minor bug fixes.
September 12, 2024
NEW Feature
Threat Hunting APIs for VMware
Introducing our new Threat Hunting APIs for VMware, offering seamless functionality to create new threat hunts, list and view details of the created threat hunts, search and view resources and their details, and much more.
With these APIs, you can get information and perform operations on the VMware resources managed in Druva Cloud for Threat Hunting.
The following is a list of APIs, along with a brief description:
Search Resources: Use filters to find and view all the resources available for Threat Hunting. Currently, the VMware resource type is supported.
Create a threat hunt: This API allows you to create a new threat hunt for the selected resources.
List all threat hunts: Retrieve the list of all threat hunts created for resources.
Cancel a threat hunt: This API allows you to cancel an ongoing threat hunt job.
Delete a threat hunt: This API allows you to delete a completed threat hunt job. You cannot retrieve a deleted threat hunt job.
List threat hunt configuration details: Retrieve the list of the configuration details provided during threat hunt creation, such as file hashes and file extensions.
Get threat hunt summary for a specific threat hunt: View scan summary for a particular threat hunt.
List threat hunt resources: Retrieve the list of all resources included for threat hunt creation.
List statistics of resources configured for threat hunt: Retrieve the list of statistics of all resources included for threat hunt creation.
Get resource details for a specific threat hunt: You can view the resource details for a specific resource type and resource ID for a particular threat hunt.
Get resource statistics for a specific threat hunt: Retrieve the list of statistics for a specific resource ID and resource type for a particular threat hunt.
List impacted snapshots for a specific threat hunt: Retrieve the list of all impacted snapshots identified using Threat Hunting for the selected resource ID and resource type for a particular threat hunt.
Download a report: This API allows you to download a report after you complete the threat hunt creation. You can download a summary or detailed report, as your organization requires.
For more information, see Threat Hunting APIs
Customer Action Required: None
ENHANCEMENT
Security Posture: Download Data Access events support for PST files
We have now extended the support of Download Data Access events for PST files for Exchange Online and Gmail. You can proactively take the necessary corrective action in case of suspicious data access.
For more information, see Data Access Events.
August 29, 2024
This release has minor bug fixes.
August 15, 2024
NEW FEATURE
Introducing Threat Hunting for VMware
❗ Important: This capability is supported only for VMware-backed-up resources.
We’re excited to introduce Threat Hunting, a powerful new feature that enhances the security posture and assists in improving security operations and incident response workflow.
With Threat Hunting, Druva offers the ability to hunt for undetected threats that might have penetrated cyber defenses.
Threat Hunting provides built-in containment and remediation solutions to reduce incident response time and eliminate reinfection risks to your VMware backups.
Here is a quick preview:
Here is a quick preview:
Here’s what you can expect from this latest update:
Key Features:
Malware IoC Search: Efficiently hunt for malware Indicators of Compromise (IoCs) within your VMware backups. Quickly identify and assess potential threats
Infection Scope and Timelines: Gain insights into the scope of the infection and timelines
Quarantine infected snapshots: Automatically quarantine infected VMware snapshots to prevent reinfection and further spread of malware
Rich Metadata: Use the rich metadata presented in Threat Hunting results to aid investigation and incident response workflows
Customer Action Required:
Contact sales or support to procure the Threat Hunting for VMware license.
Ensure to Install the VMware backup proxy version 7.0.2 or higher.
Check the prerequisites for Threat Hunting and start using this feature.
For more information, see Get Started with Threat Hunting.
Enhancements to the quarantine snapshot feature
Auto-Quarantine for VMware resources: We have enhanced the Quarantine Snapshots workflow by adding the Auto-Quarantine Snapshots capability for VMware. This capability automatically quarantines impacted snapshots identified after successfully completing Threat Hunting for VMware backed-up resources. With the auto-quarantine feature, you can prevent accidental restores of infected data and reinfection.
Manual quarantine for resources: You can now add multiple quarantine ranges for resources to isolate and quarantine infected snapshots across multiple date ranges.
For more information, see Quarantine Snapshots.
Customer Action Required: None
July 18, 2024
NEW FEATURE
Introducing Druva's Managed Data Detection and Response Service
❗ Terms and Conditions:
Druva's Managed Data Detection and Response Service is available only to Druva and Dell customers. MDDR is an advanced-release product/service and is subject to Druva’s Early Access Addendum. The MDDR Service is provided “as is”. Druva makes no promises with regard to response times.
With the new Managed Data Detection and Response Service (MDDR), Druva provides a managed service that offers round-the-clock monitoring of key backup threat indicators to detect and respond to potential threats that can result in a loss of or damage to your backed-up data.
This service is automatically built into the Druva Cloud Platform and is available as part of your backup subscription.
For more information, see Managed Data Detection and Response Service.
Customer Action Required: None
July 04, 2024
ENHANCEMENT
Security Posture: Encryption check support for VMware UDA
VMware UDA now includes encryption detection capabilities. This enhancement aims to bolster the ability to detect ransomware attacks by identifying suspicious encryption attempts within the Guest OS.
Until this release, VMware UDA supported the monitoring and detecting anomalous file activities such as bulk creation, update, and deletion. The addition of encryption detection enables proactive identification of potential ransomware activities, thereby enhancing overall threat detection and response capabilities.
Action Required: None
For more information, see Unusual Data Activity for VMware.
Security Posture: Rollback Actions support for Azure
We have now extended the rollback action feature support to Azure virtual machines.
With Rollback Actions, you can now roll back deleted entities within a configurable rollback window. The deleted entities are available for rollback for the specified days before the entity and its backups are permanently deleted. This enhancement allows you to revert malicious or unintended deletes without any data loss and enables the rapid restoration of productivity.
Action Required: Existing Ransomware Recovery customers will receive this offering as part of their existing license. Customers who don’t have a Ransomware Recovery license can opt to purchase the Security Posture and Observability license exclusively. To obtain the license, contact Support.
For more information, see Rollback Actions.
NEW FEATURE
Introducing Cyber Resilience Reports APIs
We've added APIs for Cyber Resilience reports in our common reporting framework. Now, as per your requirements, you can quickly get report data.
You can build integrations to obtain specific data for various use cases. For example, you can:
Track the status of workloads periodically and trigger automated responses using third-party apps or custom scripts. For example, you can create a ticket to inform an administrator if backups fail beyond a certain percentage on a specific day.
Keep a close eye on critical activities such as failed Restore jobs. This visibility allows you to proactively address any issues that may arise.
Run narrowed-down diagnostics using filters to provide evidence during audits.
Build personalized reports or a view to monitor all your data.
With these new APIs, you'll have more flexibility and control over your reporting.
For more information, see Getting Started with Reports API.
June 20, 2024
This release has minor bug fixes.
June 06, 2024
This release has minor bug fixes.
May 23, 2024
ENHANCEMENT
Security Posture: Support for Download Data Access events for Microsoft 365 and Google Workspace
We have now extended the support of Data Access events for Microsoft 365 and Google Workspace data sources. This enhancement allows you to view all new geo-locations from where a download data access event is performed by an administrator or user within a period of 7/30 days for Microsoft 365 and Google Workspace data sources. You can proactively take the necessary corrective action in case of suspicious data access.
For more information, see Data Access Events.
New Feature
Announcing 30 Days Free Trial for Cyber Resilience
We have launched a 30-day free trial to help you explore data security and ransomware recovery use cases for all the supported workloads Druva protects.
You can initiate the trial by selecting the Security Posture or Ransomware Recovery from the Global Navigation > All Services > Cyber Resilience card as required. We will create your trial account and get you started with a single click.
April 25, 2024
This release has minor bug fixes.
April 11, 2024
FEATURE
Introducing Reports for Ransomware and Security Posture
We are excited to bring the following new Ransomware Recovery and Security Posture & Observability reports that provide valuable historical data for analytics and monitoring backed-up data security.
Ransomware Recovery Reports
Enhance your security strategy with comprehensive reports tailored to aid ransomware recovery. These include:
Curated Snapshots Jobs Report: Get a consolidated view of the number of curated snapshot jobs created for different resource types (workloads) within a specified period
Quarantine Resources Report: Get a consolidated view of the statistics of all the quarantine ranges and resources added to Quarantine Bay for different resource types (workloads) within a specified period
Malicious File Scan Jobs Report: Get a consolidated view of the number of scan jobs created for different resource types (workloads) within a specified period
Security Posture & Observability Reports
Elevate your security posture with the following set of reports:
Admin Login Events Report and Data Access Events Report: Provides deep visibility into data access and administrative activities for a specified period
Unusual Data Activity Alerts Report: Get a consolidated view of all the Unusual Data Activity alerts generated within a specified period for different resource types
You can now seamlessly generate and export reports in PDF or CSV format. Create subscriptions to automate report delivery for your security team.
For more information, see Cyber Resilience Reports.
📝 Note:
You can view all these reports with the Accelerated Ransomware Recovery license. However, with only a Security Posture & Observability license, you can view only Unusual Data Activity, Data Protection Risk, Rollback Actions, and Admin Login and Data Access Events reports.
Our Help Center Has a New Address!
While you experience the speed and power of Druva’s 100% SaaS Cloud-first data protection platform, we are committed to ensuring that your entire journey with us is as seamless as possible. So, here’s introducing the Druva help center; a self-serve-first help experience that offers quick access to assistance whenever needed. The new help center functions as the primary repository for all information, delivering a significantly more personalized and contextual experience when accessed through the product console.
Here’s a look at what’s new and what’s changed:
The previous documentation portal,
docs.druva.com
, has been replaced with help.druva.com.The new and improved help center promises a leaner structure while still ensuring comprehensive and information-packed resources.
Improved search performance for quicker access to relevant help articles. No more sifting through an endless archive of help articles.
Action required
We have ensured that the transition to help.druva.com is seamless for you. We recommend that you update your bookmarks and ensure you're using the latest version of client software to access this help experience for the Client.
Go ahead and explore the enhanced experience or learn more.
March 28, 2024
ENHANCEMENT
Enhanced encryption alerts for Unusual Data Activity
We have bolstered the effectiveness of encryption checks within our Unusual Data Activity (UDA) algorithm to detect potentially suspicious ransomware-encrypted files more accurately.
You can now access detailed insights explaining why the UDA algorithm flags a particular file as encrypted.
Here is a glimpse
This improvement provides enhanced visibility into data anomalies within backup snapshots, empowering you to swiftly identify and investigate potentially compromised files affected by ransomware.
For more information, see View UDA alerts.
March 14, 2024
This release has minor bug fixes.
February 29, 2024
This release has minor bug fixes.
February 15, 2024
FEATURE
Introducing Audit Trails for Unusual Data Activity
You can now track and monitor the following Unusual Data Activity actions using the Audit Trails feature:
Unusual Data Activity - Alerts Ignored: Details of the alert ignored for an affected snapshot and the administrator who performed the action
Unusual Data Activity - Logs Downloaded - Details of the downloaded logs and the administrator who performed the download
Unusual Data Activity - Configuration Changed: Details of UDA settings updated, and the administrator who edited them
This feature helps to meet the data governance and compliance requirements by providing a chronological view of administrator activities performed for Unusual Data Activity.
Here is a glimpse
For more information, see About Audit Trails.
February 01, 2024
This release has minor bug fixes.
January 18, 2024
This release has minor bug fixes.
December 21, 2023
FEATURE
Introducing new UDA events for VMware resources
We are excited to bring in the following two new UDA events for VMware resources that help you with proactive error management in case of UDA failures and seamless functioning of Unusual Data Activity.
Unusual Data Activity Scan Failure: A warning alert is generated and sent via email (if email subscription is enabled) when the UDA scan fails because the VMware prerequisites are not met. The alert also provides the exact reason for you to be able to take corrective action. You can access this alert from Security Events > Alerts. Alternatively, you can also access it via the Events API. For example: "VMware Tools is not installed."
Unusual Data Activity Information Event: Provides information regarding the UDA scan events and can be accessed only via the Events API. For example, Snapshot is not scanned for Unusual Data Activity as learning is in progress.
For more information, see Alerts and Events API.
Security Events: Data Access events support for VMware resources
You can now closely monitor and track data restore activity access by administrators for VMware resources for a defined period with Data Access events feature. This enhancement helps ensure that the data is restored to a trusted location known to Druva and thus prevents any data security breaches.
When an administrator initiates Admin Restore activity for VMware, an access event job is created, which can be viewed from the Security Events Dashboard > Data Access page for further investigation.
For more information, see Data Access.
Hybrid Workloads: VMware events API integration with Splunk app
VMware backup (success/failure) and restore (success/failure) events API are now integrated with Druva Splunk app. This integration helps to monitor logging for threats and risks from different applications centrally.
For more information, see the Druva app for Splunk and VMware events API.
November 09, 2023
This release has minor bug fixes.
October 27, 2023
This release has minor bug fixes.
October 12, 2023
Introducing Curated Snapshots for Microsoft 365 (OneDrive and SharePoint)
We are excited to bring in the Curated Snapshots for Microsoft 365 feature that helps accelerate recovery time and minimizes data loss during cyber security attacks.
Curated snapshot allows you to create a customized snapshot with the latest, cleanest, and safest scanned file version available for restore.
You can restore files/folders for OneDrive and SharePoint from the Curated Snapshot without any security or malware risks. This enhancement eliminates the need to perform multiple granular restores from various snapshots.
Here is a glimpse
For more information, see Curated Snapshots for Microsoft 365.
Fixed Issues
Issue | Description |
REAL-30794 | Fixed the navigation issue observed for the redirection from the Security Events > Administration Details page. |
September 28, 2023
This release has minor bug fixes.
Known Issues
Issue | Description |
REAL-30794 | You may observe incorrect redirection when navigating to the Administration Details page from the Security Events page between Oct 7 and Oct 11, 2023.
|
September 14, 2023
This release has minor bug fixes.
August 31, 2023
Unusual Data Activity (UDA) 1.0 end-of-life update
We have now deprecated the Unusual Data Activity 1.0 version, which was available as a part of the backup Elite license.
The new Unusual Data Activity (UDA) is a part of the Security Posture & Observability add-on.
Contact your Account Representative, Customer Success Manager, or Druva support for more details.
August 21, 2023
Enhancement
UDA for VMware: Added sudo user support for Linux virtual machines
You can now provide sudo user credentials for a non-root user while using UDA for Linux virtual machines. This enhancement thus offers more flexibility and eliminates the restriction of using only root credentials for UDA.
For more information about configuring and managing sudo user credentials, see Manage credentials for VMware servers.
For more information, see Unusual Data Activity.
Customer action required: Upgrade the VMware proxy to version 6.3.2-359254.
August 17, 2023
New Feature
Unusual Data Activity (UDA) support for SharePoint and OneDrive
You can now define the UDA settings for anomaly detection for your backed-up SharePoint and OneDrive resources from Cyber Resilience > Security Events > Settings page.
Based on the defined settings, the UDA algorithm detects malicious, intentional, or unknown activities for the number of files that are added, encrypted, deleted, or modified and subsequently generates alerts, thus providing efficient data resiliency from threats.
You can review the alerts from the Security Events > Overview > Unusual Data Activity section and take appropriate action to resolve the risk to ensure the backed-up data is safe.
Here is a glimpse
For more information, see Unusual Data Activity.
Customer Action Required: None
Enhancement
Rollback Actions support for manually deleted snapshots
With Rollback Actions, you can now rollback manually deleted snapshots for Endpoints and SaaS Apps within a configurable rollback window. By default, the Rollback Actions window is configured for 7 days.
The manually deleted snapshots are available for rollback for the specified days before they get permanently deleted.
This capability allows the administrator to revert malicious or unintended deletes without data loss and enables rapid restoring productivity.
If you have consciously triggered the deletes, the snapshots get permanently deleted after the rollback window expires.
📝 Note
Currently, rollback action support for manually deleted snapshots is available only for Endpoints and SaaS Apps - Exchange Online, Gmail, OneDrive, Shared Drives, and SharePoint snapshots.
Endpoints
► Here is a glimpse of the update
SharePoint
► Here is a glimpse of the update
For more information, see,
Customer Action Required: None
Known Issues
Issue | Description |
REAL-31446 | Due to the backup throttling issue, the UDA logs display a higher count of modified files for OneDrive and SharePoint resources. |
REAL-30815 | The UDA logs do not display the file owner's details for the SharePoint site if the file backup happens using REST API and the file change is through a Microsoft application or a user with an invalid email. |
REAL-30757 | The UDA logs do not display the details related to Files Modified By for OneDrive and SharePoint resources. |
REAL-30702 | False UDA alerts may get generated for OneDrive resources if any modifications are made to the Profiles to which the OneDrive user is mapped. |
August 07, 2023
Enhancement
Sandbox recovery: Support for automatic deletion of malicious files
In the Sandbox Recovery workflow, you can automatically delete malicious files detected via Malicious File Scan. This option safeguards against further damage and ensures the restored data is secure.
You can enable automatic deletion of malicious files from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.
► Here is a glimpse of the update
For more information, see,
Fixed Issues
Issue | Description |
REAL-31315 | Fixed the issue wherein File Hash scan is now supported for Linux VM's restored using Sandbox Recovery. |
July 20, 2023
This release has minor bug fixes.
Fixed Issues
Issue | Description |
REAL-29751 | Fixed the issue wherein the listing of malicious files / skipped files on the Sandbox Recovery Jobs page timed out intermittently in case of skipped file count exceeding 50k. |
July 06, 2023
This release has minor bug fixes.
June 23, 2023
New Feature
Sandbox recovery: Malicious File Scan support for Linux sandbox virtual machines
Use the Sandbox Recovery feature to recover a specific restore point, followed by an antivirus scan in a sandbox environment. You can certify whether the selected restore point is clean based on the scan results.
After a successful sandbox virtual machine data restore, you can scan the data for viruses and malware with the Malicious File Scan feature enabled.
For Sandbox virtual machines, you can enable the Malicious File Scan feature from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.
► Here is a glimpse of the update
The anti-virus scan engine scans the entire data for potential viruses and malware and provides details for the following that can help you take the necessary corrective action:
File Scanned: Number of files scanned for a restore job
Malicious Files Found: Number of malicious files found in the restored snapshot
Files Scan Skipped: Number of files skipped from the scan
►Here is a quick preview of Sandbox Recovery.
For more information, see,
Known Issues
Issue | Description |
REAL-29751 | Malicious files listing page for the Sandbox Recovery Jobs page times out intermittently. You will observe this issue when the count of skipped files is beyond 50k files.
Workaround: You can view the detailed report using the Download Log option on the UI. |
June 08, 2023
This release has minor bug fixes.
May 25, 2023
New Feature
Sandbox recovery: Malicious File Scan support for Windows sandbox virtual machines
❗ Important
This feature is available for all customers using the Windows operating system. It is under early access and is available for limited customers using the Linux operating system.
Use the Sandbox Recovery feature to recover a specific restore point, followed by an antivirus scan in a sandbox environment. You can certify whether the selected restore point is clean based on the scan results.
After a successful sandbox virtual machine data restore, you can scan the data for viruses and malware with the Malicious File Scan feature enabled.
For Sandbox virtual machines, you can enable the Malicious File Scan feature from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.
► Here is a glimpse of the update
The anti-virus scan engine scans the entire data for potential viruses and malware and provides details for the following that can help you take the necessary corrective action:
File Scanned: Number of files scanned for a restore job
Malicious Files Found: Number of malicious files found in the restored snapshot
Files Scan Skipped: Number of files skipped from the scan
►Here is a quick preview of Sandbox Recovery.
For more information, see,
May 11, 2023
New Feature
Unusual Data Activity (UDA) support for VMware resources
You can now define the UDA settings for anomaly detection for your backed-up VMware resources from Cyber Resilience > Security Events > Settings page.
► Here is a glimpse of the update
Based on the defined settings, the UDA algorithm detects malicious, intentional, or unknown activities for the number of files that are added, deleted, or modified and subsequently generates alerts, thus providing efficient data resiliency from threats.
You can review the alerts from the Security Events > Overview > Unusual Data Activity section and take appropriate action to resolve the risk to ensure the backed-up data is safe.
For more information, see Unusual Data Activity.
Customer Action Required: None
April 27, 2023
This release has minor bug fixes.
April 13, 2023
This release has minor bug fixes.
March 30, 2023
Enhancement
Endpoints: Manage antivirus scan during device replace
Administrators can now enable or disable an antivirus scan check before restoring data to a replaced device.
❗ Important
By default, the antivirus scan check is enabled to ensure that the data restored to the replaced device is safe and secure.
Navigate to the Ransomware Recovery > Malicious File Scan > Settings > Edit and select the Skip Antivirus Scan during Device Replacement check box to disable the antivirus scan and deselect the checkbox to enable the scan.
► Here is a glimpse of the update
Alternatively, you can also perform this action using API.
For more information, see,
Customer Action Required: None
March 16, 2023
This release has minor bug fixes.
March 03, 2023
Enhancement
An enhanced experience for Unusual Data Activity (UDA)
❗ Important
Unusual Data Activity (UDA) for VMware is under early access and is available for limited customers.
With this release, we bring the following enhancements to Unusual Data Activity:
Unusual Data Activity with customizable settings
Unusual Data Activity (UDA) is now enhanced to allow you to customize and define the UDA settings for anomaly detection for your backed-up resources, thus providing efficient data resiliency from threats.
You can define the UDA Settings from Cyber Resilience > Security Events > Settings page.
► Here is a glimpse of the update
Based on the defined settings, the UDA algorithm detects malicious, intentional, or unknown activities for the number of files that are added, deleted, or modified and subsequently generates alerts.
You can review the alerts from the Security Events > Overview > Unusual Data Activity section and take appropriate action to resolve the risk to ensure that the backed-up data is safe.
Improved Data Activity trend graph
The Data Activity Trend that represents data backed up in the resource by snapshots is enhanced to provide a more detailed view for better monitoring and understanding of Unusual Data Activity.
► Here is a glimpse of the update
For more information, see Unusual Data Activity.
►Here is a quick preview of the enhanced Unusual Data Activity.
Customer Action Required: To sign up for this feature, contact support.
Feb 09, 2023
This release has minor bug fixes.
Jan 28, 2023
New Feature
Sandbox recovery: Malicious File Scan support for windows sandbox virtual machines
❗ Important
This feature is under early access and is available for limited customers.
Use the Sandbox Recovery feature to recover a specific restore point, followed by an antivirus scan in a sandbox environment. You can certify whether the selected restore point is clean based on the scan results.
After a successful sandbox virtual machine data restore, you can scan the data for viruses and malware with the Malicious File Scan feature enabled.
For Sandbox virtual machines, you can enable the Malicious File Scan feature from the Hybrid Workloads > Restore > Sandbox Recovery > Settings page.
► Here is a glimpse of the update
The anti-virus scan engine scans the entire data for potential viruses and malware and provides details for the following that can help you take the necessary corrective action:
File Scanned: Number of files scanned for a restore job
Malicious Files Found: Number of malicious files found in the restored snapshot
Files Scan Skipped: Number of files skipped from the scan
For more information, see,
New API for listing count of restore scan jobs
We have added the List count of restore scan jobs API to support automation and get information about the total count of all the restore scan jobs for different resource types- File Server, NAS, Endpoints, and so on.
For more information, see Developer Portal.
Jan 12, 2023
This release has minor bug fixes.
Archived release notes
For release notes of previous cloud updates, see Archived Release Notes.