Skip to main content
All CollectionsCyber Resilience
Get started with Cyber Resilience
Get started with Cyber Resilience
Updated over a week ago

Accelerated ransomware recovery and maintaining a robust security posture are crucial to protecting an organization from the growing threat of ransomware attacks.

Let’s get started understanding how to enhance both recovery and security.

Security Posture & Observability

With Security Posture & Observability, you can fortify your security posture for business resilience.

You can closely monitor and track the security posture of your backup environment using the following features:

  • Security Events: View details about who accessed your data (admins, users, APIs).

  • Rollback Actions: Restore deleted backups from a secure cache for up to 7 days.

  • Security Command Center: Get a real-time security posture risk assessment and in-depth insights into the status and health of your backup environment.

  • SIEM integrations: Extend security event alerts and data into SIEM tools with one of the several pre-packaged integrations (Splunk) or with Druva APIs. Track user access patterns. Monitor compliance with geo-based policies.

Accelerated Ransomware Recovery

Accelerated Ransomware Recovery (ARR) can help save the day in case you are unfortunately attacked by ransomware.

You can recover your data using three simple steps:

Step 1: Identify clean data for recovery

Check for backups without data anomalies for data restoration.

Feature:

  • Unusual Data Activity (UDA)—With UDA settings, define a baseline for detecting anomalous file creation, modification, and deletion actions. If the file change exceeds the baseline, UDA alerts are generated.

Step 2: Contain the infection

Quarantine infected resources to block the restoration of infected data.

Features:

  • Quarantine Bay - Restrict infected resources from interacting with other resources and contain the spread of malware.

Based on a defined date range of infection, manually quarantine snapshots on an impacted resource or automate the quarantine process by integrating with third-party security and incident response solutions using Ransomware Recovery APIs.

  • Malicious File Scan - Scan the data for viruses and malware using file hashes during a data restore activity before restoring data

Step 3: Recover safe data to production

Generate a customized snapshot embodying the latest, cleanest, and securely scanned file version, ready for seamless restoration.

Feature:

Curated Snapshots - Create a single, cleanest snapshot based on the defined date range and anti-virus scan parameters.

Related Articles
Quarantine for EndPoints
Quarantine for Servers
Quarantine for Virtual Machines (VMware)
Release Notes - Cyber Resilience
Archived Release Notes - Cyber Resilience
Did this answer your question?