Rubrik takes on ransomware with its new service called Radar. But unlike traditional security platforms that target this type of malware from a threat prevention vantage point, the data protection and management company comes at it from a backup perspective.
“Most people are consuming Rubrik because they want to provide backup, recovery, and retention,” said Chris Wahl, the company’s chief technologist. “Now you also have an army of security operators that are monitoring every single data point that comes into your environment by way of looking at backup data. I think that’s a pretty clever way of diving into ransomware.”
Ransomware attacks rose 350 percent in 2017 over the previous year, according to an NTT Security survey. These attacks typically target companies’ data — hackers block access to businesses’ files and systems and then demand a ransom to unlock them.
Rubrik’s new Radar application aims to eliminate data loss and downtime from ransomware attacks. And while it’s built on the company’s software-as-a-service (SaaS) platform Polaris, launched earlier this year, it stems from use cases for the company’s original data management platform.
“Working with customers in the 2015-16 era, we found that the Rubrik Cloud Data Management product was quite good at being the last line of defense against ransomware because we could eliminate the killer of ransomware, which is downtime,” Wahl said. “We could instantly recover files, folders, VMs at scale — as opposed to just one file, folder, VM — to holistically replace and make whole the entire environment.”
Langs Building Supplies was one of these customers. “When we were hit by ransomware a few years ago, we leveraged Rubrik’s fast recovery and APIs to recover in under an hour with zero data loss,” said Matthew Day, CIO of Langs Building Supplies, in a statement.
Radar vs. Randsomware
Rubrik’s Polaris SaaS product provides a “unified system of record” across all applications and data, Wahl said in an earlier interview. Its new Radar application uses this data backup catalog and elastic SaaS cloud-computing resource, combined with machine learning, to defend against ransomware.
“We take all that information that we gather when we do a backup, send it up to the Polaris cloud, and then plug that into our machine learning algorithms to determine steady state and anomaly state,” Wahl said.
The service actively monitors this global metadata and generates alerts for anomalies and suspicious behavior, such as ransomware. It then analyzes the entire environment to identify which applications and data were impacted and where they are located to help visualize the impact on the system. And finally, it automates manual data recovery processes, which minimizes downtime and data loss.
This eliminates two customer pain points, Wahl said. “Customers tell us that it’s great we can recover the data, but the challenge they face is assessing attacks — what’s been breached, what is the scope — and then doing a threat analysis,” he explained.“Ninety-five percent of the downtime was because of the detection and monitoring, and we could easily detect that with all the data points we are collecting and sending to the cloud.”
More Data Management Apps to Come
This is Rubrik’s second application built on Polaris. The first, GPS, provides a single control and policy management console across applications.
The platform’s open-API architecture allows Rubrik and other developers to write data management applications. Wahl said future applications will fall into five buckets: control and policy management, information governance, security, and data intelligence.