Overview
The Security Center is a centralized dashboard that allows Cloud Administrators to monitor the security posture of their backup environment easily and detect problems before they cause damage.
With the Security Center, you can receive a real-time security posture risk assessment and in-depth insights into the status and health of your backup environment. For example, administrators not using multi-factor authentication.
The Security Center provides a comprehensive view of the security status for the following:
It is designed to help Druva Cloud Administrators identify and mitigate potential security risks and ensure their data is protected and compliant with relevant security requirements.
Next Steps
Access Security Center
This section provides information on how to access the Security Center.
Prerequisites
To access the Security Center, ensure that the following prerequisites are met:
You have a valid Security Posture & Observability or Accelerated Ransomware Recovery license
You must be a Druva Cloud Administrator
Access Path:
From the Druva Cloud Platform Console, go to the Global Navigation menu -> Security Center.
Know the Security Center Console
Cyber Resiliency Readiness
This card provides insights about the Cyber Resiliency Readiness risks related to:
Druva account security controls
Single Sign-On: Displays if the Single Sign-on authentication and authorization feature is enabled or disabled. For more information, see Single Sign-On.
Multifactor Authentication: Displays if the One Time Password (OTP) feature for administrator authorization is enabled or disabled. For more information, see MultifactorAuthentication.
Geofencing: Displays if the Geofencing feature, which restricts data access outside your organization's network, is enabled or disabled. For more information, see Geofencing.
Ransomware Recovery
Restore Scan: Displays if the Restore Scan Setting is enabled or disabled. For more information, see Restore Scan.
Alerts and Reports
Cyber Resiliency Reports: Displays the report subscription details. You must subscribe to a minimum of 3 reports to avoid security risks. For more information, see Cyber Resiliency Reports.
Cyber Resiliency Alerts: Displays the alert subscription details. You must subscribe to a minimum of 3 alerts to avoid security risks. For more information, see Cyber Resiliency Alerts.
β Important
The security risk for the Audit Trail retention Period is displayed only for administrators.
If these are not configured, a Risk icon is displayed to notify the risk, and also the same is depicted on the pie graph with the count.
The green tick icon indicates you have configured the setting to avert a security risk.
Backup Risks
This card provides insights into the Data Sources' backup security risks.
Endpoints and SaaS Apps:
βMicrosoft 365 and Google Workspace apps are not in a connected state to authorize and allow Druva access data for backup.AD Connector - Active Directory Connector is not connected to allow access to Directory Services in your organization. It may pose a risk for the following:
For Endpoints: New users import and management
For SaaS Apps: User's data backup and scheduled backups may fail if eKey is not enabled.
Hybrid Workloads: Agent, Backup Store, and Proxy are disconnected for Hybrid Workloads. Data cannot be backed up and protected.
Workload Name | Entity Name - Disconnected |
File Server | Agent |
MS-SQL | Agent |
NAS | Proxy |
Hyper-V | Agent |
VMware | Proxy |
Oracle PBS | Backup Store |
Oracle DTC | Agent |
CloudCache | Device |
New Location Events
This card provides insights about the administrator logins and API requests from new locations. The following details are provided in the Location Access section. Click on the counts; you will be redirected to the Access Events page for detailed information:
Restores or Download: Number of Restores or downloads initiated
API Request: Number of API request attempts made by Druva administrators from new locations.
Admin Login: The count of new locations from which Druva administrators attempted to log in to the Management Console.
Access Risks
This card provides insights about the API credentials and administrator accounts that have been inactive for a considerable period.
Admin Risks: Details of the administrator login status
Inactive Administrator: The administrator has not logged into the Druva Cloud Platform Console for the timeframe selected from the dropdown.
New Administrator: The administrator who was recently created and has not logged in to the DCP console during the timeframe selected from the dropdown.
API Risks: Details of API access requests for each API Client Name
Inactive API Credentials: The administrator with API credentials who has never accessed the API
New API Credentials: The administrator with newly issued API credentials has not accessed the API
The following information provides details about the Data Access Risks when you click on the count displayed in the section:
Administrator Risks
The following information is provided for the Inactive Administrator
Administrator Name: Name of the administrator not logged in to the Druva Cloud Platform Console
Email: Email-id of the administrator
Role: Role assigned to the Administrator
Created on: Date and time the new Administrator was created
Last logged in: Details of last login (in days)
β
The following information is provided for the New Administrator
Administrator Name: Name of the administrator not logged in to the Druva Cloud Platform Console
Email: Email-id of the administrator
Role: Role assigned to the Administrator
Created on: Date and time the new Administrator was created
Last logged in: Details of last login (in days)
API Risks
The following information is provided for Inactive API Credentials:
API Name: Name provided for the API credentials for a client.
Client ID: The client ID number was generated for the API credentials.
Role: Role assigned to the Administrator
Created on: Date and time when the Credentials were created
Last Accessed: Details of last login (in days)
The following information is provided for New API Credentials:
API Name: Name provided for the API credentials for a client.
Client ID: The client ID number was generated for the API credentials.
Role: Role assigned to the Administrator
Created on: Date and time when the credentials were created
Last Accessed: Details of last login (in days)
For more information, see,
Threat Summary
This card provides insights about the threat jobs created for backed-up resources:
Impacted Resources: Hover over the stacked bar to get details on impacted resources by Data Anomalies, Restore Scan, Curated Snapshot, and Threat Hunt.
Data Anomalies: Provides details of Data Anomalies on impacted resources
Restore Scan: Displays the total count of Restore scan jobs for the configured resources
Threat Hunting: Displays the count of threat hunt jobs performed on the respective resources