Skip to main content
All CollectionsCyber ResilienceSecurity Posture
Managed Data Detection and Response Service
Managed Data Detection and Response Service

Provides information about our 24/7 MDDR service, designed to enhance your backup systems' security and integrity.

Updated over 4 months ago


Terms and Conditions:

Druva's Managed Data Detection and Response Service (MDDR) is available only to Druva and Dell customers. MDDR is an advanced-release product/service and is subject to Druva’s Early Access Addendum. The MDDR Service is provided “as is”. Druva makes no promises with regard to response times.


Overview

Managed Data Detection and Response Service (MDDR Service) is a managed service that offers round-the-clock monitoring, detection, and response for your backups in Druva. It provides monitoring & notification for the threat indicators listed in the table below.

As part of MDDR Service, Druva provides the following capabilities:

Detection

Key backup threat indicator monitoring: Our MDDR service monitors key threat indicators that could compromise your backed-up data. This includes identifying anomalies, suspicious activities, and potential breaches.

Response

Playbooks for various incident scenarios: In the event of a detected threat, our MDDR service employs predefined playbooks tailored to various incident scenarios that provide a structured response strategy designed to help mitigate threats. Each playbook is crafted to address specific types of incidents, from malware attacks to data breaches.

Key Features and Benefits

  • 24/7 Monitoring: The MDDR Service operates around the clock, continuously surveilling your backup systems to detect and address potential threats.

  • Proactive Threat Management: The MDDR Service proactively identifies potential risks by monitoring key threat indicators and advanced monitoring tools.

  • Structured Incident Response: Using detailed playbooks ensures a systematic and efficient response to various incident scenarios, minimizing downtime and data loss.

Get started with MDDR Service

How to access MDDR Service?

This service is automatically built into the Druva Cloud Platform and is available as part of your backup subscription. For information on how to get started, please contact your account manager or customer success manager. You may also contact support for further assistance or questions.


Important:

MDDR Service is not available for GovCloud and SFDC customers.


What do we monitor using the MDDR Service?

MDDR Service monitors a range of events. The following table provides information about the types of events monitored for different Druva products*:

Device and User Account Alerts

For Endpoints, Microsoft 365, and Google Workspace

Snapshot Deletion

For Enterprise Workloads

Backup Set Deletion

For Enterprise Workloads

Backup Set Disabled

For Enterprise Workloads

  • Admin deleted device/s

  • Admin deleted user/s

  • Deleted user/s

  • Deleted device/s

  • Disabled user/s

  • Disabled device/s

  • VMware

  • Hyper-V

  • Nutanix AHV

  • File Servers

  • NAS

  • Oracle PBS

  • Oracle DTC

  • MS SQL

  • VMware

  • Hyper-V

  • Nutanix AHV

  • File Servers

  • NAS

  • Oracle PBS

  • Oracle DTC

  • MS SQL

  • VMware

  • Hyper-V

  • Nutanix AHV

  • File Servers

  • NAS

  • Oracle PBS

  • Oracle DTC

  • MS SQL

* Threat indicators are subject to change at Druva’s discretion.

How do we action MDDR alerts?

Druva has implemented a proactive approach to handle MDDR alerts. Systems are configured to automatically generate cases upon receiving an MDDR alert. This automation helps to streamline the initial response process, reducing response time. The process includes:

  • Manual Validation: Once a case is created, the Druva Incident Response team triages alerts, investigates them, and verifies them to weed out noisy, false positive alerts.

  • Admin Verification: The alert is validated, and the Druva Incident Response team contacts all administrators associated with the account. The purpose is to verify whether the event was planned or an unexpected incident.

  • Critical Alert Actions: For snapshot deletion alerts, which are categorized as critical alerts, Druva implements staggered data deletion from the Druva cloud for deleted or expired snapshots.

Did this answer your question?