Druva has launched an API integration with FireEye to provide greater insight and control over endpoint backup data. It claims that the API will extend: “Visibility and control over endpoint backup data to monitor, analyze, detect and respond to data breaches from ransomware, data theft, and insider attacks.”
Scanning backup for malware has become increasingly popular among enterprise organisations. However, they are generally only scanning backups from managed devices. With the rise of remote working, organisations are looking at how they backup personal devices belonging to end-users. Druva has already offered a six-month free data loss protection program for remote workers.
Stephen Manley, Chief Technologist, Druva said: “The cost of successful security breaches is only rising – between regulatory policies, security reviews, reputational management, and of course business interruption – and its impact can easily have a significant impact on a business’s ability to continue operations.
“The current environment of a dispersed workforce, inconsistent security approaches, and increasingly aggressive malicious actors have only raised the stakes. Druva’s unique ability to offer naturally air-gapped data immutability and seamless integrations with a wide variety of platforms and solution providers, like FireEye, helps companies take control of their data and have the visibility required to keep teams safe.”
What does this new Druva and FireEye integration offer?
According to the press release: “Joint customers of Druva and the FireEye Helix platform can now dramatically reduce incident response times, minimize downtime, and accelerate recovery from protected backup data.”
What does that mean? Druva is looking at both the backup and the restore cycles. One of the problems for many organisations is that they are unable to recover quickly from ransomware and other cyberattacks. Druva and FireEye want to make it so that all backups can be restored effectively. They also want to make sure that when restores take place, data is not hijacked. In the press release they say the API will:
- Identify abnormal data restoration, ensuring data being restored is within the enterprises’ network
- Ensure compliance to geography-based data access and restoration policy
- Offer visibility into who is accessing the system, tracking Unauthorized Admin Login attempts, password changes and Admin attempts to download or recover data
- Create alerts, generated by the pre-built rules, which trigger pre-configured playbooks to help security analysts to rapidly assess the event and take appropriate mitigation actions
Enterprise Times: What does this mean?
Work from home has exposed problems with security, backup, restore and many other corporate processes. What policies were in place for an often limited number of remote workers, have not scaled in the current situation. It has left both a security and a data protection gap that is only now being addressed.
In its 2020 Data Protection Trends report (registration required), Veeam discovered that: “Almost three-quarters (73%) of organisations have an “availability gap” between how fast they can recover applications versus how fast they need to recover them.”
Throw in the security issues that Druva and FireEye are addressing, and the situation looks even worse. It will be interesting to see how many organisations review where their corporate data is being stored and protected. Even when in the office, a lot of remote workers don’t backup devices. It means that an increasing amount of sensitive corporate data is unprotected.
This is giving a boost to the backup industry that is seeing a new interest in its products. That may not last for long, at least not at the endpoint. The move towards cloud-based software such as SaaS means that data should not exist on local devices. However, until we have ubiquitous connectivity, people will still want to work offline. That means data stored locally will still need to be backed up and restored on demand.