Druva Rollback Actions Allowing Customers to Roll Back Unauthorized or Accidental Deletion Activity

Druva Inc. introduced Rollback Actions, allowing customers to roll back unauthorized or accidental deletion activity.

When combined with the company’s AI-driven continuous monitoring capabilities and 24/7 support from Druva Cloud Ops, customers will be able to rapidly monitor, fight and mitigate internal or external threats. In tandem with the recently announced ‘Curated Recovery’, customers can experience one of platforms to protect their data from threats both inside and outside their organization.

Insider attacks and unauthorized activities stemming from events such as stolen credentials or hacked systems are often marked by an attacker’s focus on destroying as much data as possible, including data archives. Such attacks, if not caught early, can impact an organization’s backup copies, and in turn, its ability to restore data or environments. Other solutions offer minimal deletion prevention which can be overridden with the correct administrator credentials or require outside service providers, weakening safeguards. For the firm’s customers, backups purged during mass deletion events are automatically placed into temporary, tamper-proof storage for up to 7 days, while the company’s continuous monitoring team alerts administrators to the unusual activity. Together, these actions are designed to thwart bad actors who may be trying to destroy large amounts of data quickly, helping administrators ensure data is not being deleted accidentally or maliciously.

Continuous monitoring and rollback options workflow
Click to enlarge

“Inside actors and criminals stealing credentials have become incredibly sophisticated and are bypassing security measures to initiate unauthorized activities and data deletions,” said Prem Ananthakrishnan, VP, products. “By creating temporary storage to automatically capture and hold mass deleted data, customers can easily view and roll back the potential impact of these incidents. Dozens of Druva customers have already benefited from this feature over the last year, and we know customers will benefit from having this ability easily accessible within the Druva Data Resiliency Cloud.“

In the case of credential misuse where a bad actor may maliciously remove endpoints, users, VMs, NAS or file shares or even databases, ‘Druva Rollback Action’s will allow administrators to recover not only the data from deleted backups but also environmental objects as well. In addition, customers can safeguard vs. accidental or unintended deletions, providing the administrator the ability to revert the unintended action without any loss of data and restoring productivity rapidly.

Available in the coming months through a self-service function, Rollback Actions will be enabled by default for all users and administrators and will be able to temporarily store data from 24 hours to up to seven days. Only administrators will have the ability to recover the data, and these users will also have access to full audit trails to review the deletion activity by each user.

Multi-layer defense framework
The company offers customers expansive data resiliency platform, offering data integrity, operational security and accelerated ransomware recovery as well as pre-built Integrations with Security Monitoring (SIEM) and Security Orchestration (SOAR) Tools.

In addition to Rollback Actions, multi-layered defense includes:

Data integrity and availability: Ensures customers always have safe backup data available for recovery with features including air-gapped backups, Amazon S3 multi-availability zone AZ durability, cloud-based DR and multi-factor authentication.
Operational security: Delivers 24x7x365 fully-managed DevSecOps, including vulnerability scans, common vulnerabilities and exposure (CVE) patching and upgrades, regular penetration testing, continuous monitoring and no root access to backup environment.
Accelerated recovery: Contains ransomware spread, recovers clean and data sets with capabilities including quarantine, Curated Recovery, unusual data activity alerts and malicious file scans.