Rubrik Forward Begins with New Rapid Ransomware Recovery Capability

RUBRIK FORWARD — The Rubrik Forward virtual conference kicked off Tuesday with new ransomware protection capabilities that focus on providing simplified and automated remediation to victims of attacks. The data management provider has partnered with Palo Alto Networks and ServiceNow to facilitate rapid recoveries from ransomware attacks.

The Rubrik Cloud Data Management SaaS-based data protection platform, with its Polaris hybrid solution, already provided ransomware remediation. Rubrik claims it can now do so at greater scale, making it possible to recover from an attack much faster. The new automated mass ransomware recovery capabilities will be a key focus during the three-day Rubrik Forward.

Having the ability to recover quickly from ransomware attacks promises to eliminate the need to even consider paying ransoms. Law enforcement agencies, including the FBI and CISA, have discouraged making ransomware payments, warning it funds future activities. Moreover, experts have cautioned that making payments doesn’t guarantee culprits will provide any, or all, of the decryption keys they need.

Colonial Pipeline Attack

This month’s ransomware attack on Colonial Pipeline is the latest example of the crippling impact an intrusion can have. The attack by a group known as DarkSide disabled Colonial Pipeline’s ability to deliver fuel throughout the U.S. southeast. Locked out of its systems for six days, Colonial Pipeline acknowledged it paid the $5 million ransom that DarkSide demanded.

The Colonial Pipeline incident has put the spotlight on the potentially catastrophic impact of a ransomware attack on a company — even more so if the company provides critical goods and services to its customers. Ransomware attacks this year have risen 102%, according to a report by Checkpoint.

Rubrik’s Greg Smith

“We are seeing the proliferation of expensive and damaging ransomware attacks that have accelerated and have brought board-level visibility to an organization’s cyber resiliency strategy,” said Rubrik VP of product marketing Greg Smith. “Specifically, executive management teams are asking, ‘Does IT have a comprehensive plan to recover their application data in the event of an attack without having to pay the bad guys a ransom?’”

New Ransomware Recovery Capability

Rubrik has already offered ransomware detection via its partnership with Splunk. The recovery capabilities announced at Rubrik Forward let partners protect customers from having to consider paying ransoms, according to Smith.

Enabling Rubrik to recover from attacks is API-level integration with Palo Alto Networks Cortex XSOAR and ServiceNow Incident Response. Cortex SXOAR provides security orchestration, which includes threat intelligence and automated response.

“This is a big announcement for Rubrik, and we think the market as well,” Smith told Channel Futures.

Rubrik has improved the machine-learning capabilities to detect suspicious changes to data. But enabling more rapid recovery is an immediate and critical need, he added.

“Recovery operations have become really, really time consuming and laborious,” Smith said. “And if dozens or hundreds of files are affected, it’s just not practical to do one file, one VM at a time. Rather than recovering them manually, one by one, we make it easy to quickly select all those files and applications that have been impacted and with a small number of clicks, recover them in mass at scale.”

Smith said Rubrik hasn’t quantified the acceleration, saying it is broad, but he said the improvement is quite noticeable. Smith also said the need for this capability is immediate and critical.

“Our channel partners and our customers are reporting that ransomware attacks are not only becoming more frequent, but more expansive,” he said. “They’re hitting a broader swath of the IT landscape, or real estate.”

Bringing IT, SecOps Together

Rubrik’s Bertrand Yansouni

Rubrik did not say how many of its partners also have partnerships with Palo Alto Networks, but many do. So says Bertrand Yansouni, Rubrik’s global channel chief. Partners are also seeing more customers bring their SecOps and IT operations teams together.

“There is this prevalent trend in the industry, where data management, data protection and data security are very much converging,” Yansouni said. “For our partners, it puts them in a unique position to help their customers bring those different groups to the table, to have a conversation around having a disaster recovery plan, and also a ransomware remediation plan.”