Overview
The Security Center is a centralized dashboard that allows Cloud Administrators to monitor the security posture of their backup environment easily and detect problems before they cause damage.
With the Security Center, you can receive a real-time security posture risk assessment and in-depth insights into the status and health of your backup environment. For example, administrators not using multi-factor authentication.
The Security Center provides a comprehensive view of the security status for the following:
It is designed to help Druva Cloud Administrators identify and mitigate potential security risks and ensure their data is protected and compliant with relevant security requirements.
Next Steps
Access Security Center
This section provides information on how to access the Security Center.
Prerequisites
To access the Security Center, ensure that the following prerequisites are met:
You have a valid Security Posture & Observability or Accelerated Ransomware Recovery license
You must be a Druva Cloud Administrator
Access Path:
From the Druva Cloud Platform Console, go to the Global Navigation menu -> Security Center.
Know the Security Center Console
Posture Security Risks
This card provides insights about the Cloud Platform and Data Governance security risks related to:
Druva account
Single Sign-On: Displays if the Single Sign-on authentication and authorization feature is enabled or disabled. For more information, see Single Sign-On.
Multifactor Authentication: Displays if the One Time Password (OTP) feature for administrator authorization is enabled or disabled. For more information, see MultifactorAuthentication.
Geofencing: Displays if the Geofencing feature which restricts data access outside your organization's network is enabled or disabled. For more information, see Geofencing.
Minimum 2 Cloud Administrator: Displays if the second administrator is created or not. It is recommended to have a second administrator created as a best security practice. For more information, see Created at least 2 Druva Cloud Administrators.
Data Governance Settings for Endpoints and SaaS Apps Data Sources
Audit Trail Retention: Displays this as a risk if the administrators' audit trail retention period needs to be set or is less than one year for Endpoints and SaaS Apps. For more information, see Audit Trail Retention Period.
β Important
The security risk for the Audit Trail retention Period is displayed only for administrators.
If these are not configured, a Risk icon is displayed to notify the risk, and also the same is depicted on the pie graph with the count.
The green tick icon indicates you have configured the setting to avert a security risk.
Backup Risks
This card provides insights into the Data Sources' backup security risks.
Endpoints and SaaS Apps:
βMicrosoft 365 and Google Workspace apps are not in a connected state to authorize and allow Druva access data for backup.AD Connector - Active Directory Connector is not connected to allow access to Directory Services in your organization. It may pose a risk for the following:
For Endpoints: New users import and management
For SaaS Apps: User's data backup and scheduled backups may fail if eKey is not enabled.
Hybrid Workloads: Agent, Backup Store, and Proxy are disconnected for Hybrid Workloads. Data cannot be backed up and protected.
Workload Name | Entity Name - Disconnected |
File Server | Agent |
MS-SQL | Agent |
NAS | Proxy |
Hyper-V | Agent |
VMware | Proxy |
Oracle PBS | Backup Store |
Oracle DTC | Agent |
CloudCache | Device |
New Location Events
This card provides insights about the administrator logins and API requests from new locations. The following details are provided in the Location Access section. Click on the counts; you will be redirected to the Access Events page for detailed information:
Restores or Download: Number of Restores or downloads initiated
API Request: Number of API request attempts made by Druva administrators from new locations.
Admin Login: The count of new locations from which Druva administrators attempted to log in to the Management Console.
Access Risks
This card provides insights about the API credentials and administrator accounts that have been inactive for a considerable period.
Admin Risks: Details of the administrator login status
Inactive Administrator: The administrator has not logged into the Druva Cloud Platform Console for the timeframe selected from the dropdown.
New Administrator: The administrator who was recently created and has not logged in to the DCP console during the timeframe selected from the dropdown.
API Risks: Details of API access requests for each API Client Name
Inactive API Credentials: The administrator with API credentials who has never accessed the API
New API Credentials: The administrator with newly issued API credentials has not accessed the API
The following information provides details about the Data Access Risks when you click on the count displayed in the section:
Administrator Risks
The following information is provided for the Inactive Administrator
Administrator Name: Name of the administrator not logged in to the Druva Cloud Platform Console
Email: Email-id of the administrator
Role: Role assigned to the Administrator
Created on: Date and time the new Administrator was created
Last logged in: Details of last login (in days)
β
The following information is provided for the New Administrator
Administrator Name: Name of the administrator not logged in to the Druva Cloud Platform Console
Email: Email-id of the administrator
Role: Role assigned to the Administrator
Created on: Date and time the new Administrator was created
Last logged in: Details of last login (in days)
API Risks
The following information is provided for Inactive API Credentials:
API Name: Name provided for the API credentials for a client.
Client ID: The client ID number was generated for the API credentials.
Role: Role assigned to the Administrator
Created on: Date and time when the Credentials were created
Last Accessed: Details of last login (in days)
The following information is provided for New API Credentials:
API Name: Name provided for the API credentials for a client.
Client ID: The client ID number was generated for the API credentials.
Role: Role assigned to the Administrator
Created on: Date and time when the credentials were created
Last Accessed: Details of last login (in days)
For more information, see,
Threat Summary
This card provides insights about the threat jobs created for backed-up resources:
Impacted Resources: Hover over the stacked bar to get details on impacted resources by Data Anomalies, Restore Scan, Curated Snapshot, and Threat Hunt.
Data Anomalies: Provides details of Data Anomalies on impacted resources
Restore Scan: Displays the total count of Restore scan jobs for the configured resources
Threat Hunting: Displays the count of threat hunt jobs performed on the respective resources