Druva Threat Watch: Continuous Threat Monitoring for Backup Data
▼ Summary
– Druva launched Threat Watch, a cloud-native solution that automatically scans backup snapshots to identify dormant threats and indicators of compromise.
– The tool provides continuous, proactive monitoring of backup data to help teams assess impact faster and validate clean recovery points for cyber resilience.
– Built on a cloud-native architecture, it scans data in-place without requiring extra hardware, avoiding performance impacts on production environments.
– Key benefits include a curated IOC library, early threat visibility to minimize breach duration, and integration for safe, lossless cyber recovery.
– Threat Watch helps meet tighter regulatory reporting timelines by providing automated compliance reports and evidence for audit readiness.
Druva has introduced Threat Watch, a new automated solution that provides continuous threat monitoring for backup data. This cloud-native tool proactively scans backup snapshots to uncover hidden threats and indicators of compromise, enabling IT and security teams to accelerate their response and confidently identify safe paths for data recovery. In today’s landscape, where some attacks inevitably bypass frontline defenses, the integrity of backup data becomes paramount for effective incident response and cyber recovery. Because backup data mirrors production systems, it offers a critical source of truth for assessing damage and pinpointing uncontaminated recovery points.
The solution is engineered for ongoing, “peace-time” surveillance of backup data, augmenting the more intensive threat hunting that typically occurs during an active security incident. As regulatory frameworks like DORA and new SEC rules enforce stricter reporting deadlines, Threat Watch aids organizations in rapidly evaluating impact and demonstrating data integrity to meet compliance demands.
A key advantage of Threat Watch is its zero-touch, infrastructure-free design. Leveraging Druva’s cloud-native architecture, it performs scans directly within the Druva Data Security Cloud, completely isolated from production environments. This eliminates the need for extra hardware or software agents. By analyzing data in place, the solution avoids the latency of transferring information to separate security tools, supporting what Druva claims is the industry’s only Data Movement Latency SLA. Consequently, detection happens in near real-time without affecting the performance of live systems or adding to infrastructure expenses.
The platform’s capabilities are driven by several core features. It utilizes a curated and customizable library of Indicators of Compromise (IOCs), incorporating intelligence from sources like CISA, Google Mandiant, and Druva’s own ReconX Labs. Customers can also add their own IOCs via upload or API. This facilitates early threat visibility, as continuous scans work to shorten breach dwell time by finding dormant threats within backups.
When threats are identified, the signals integrate directly with Druva’s broader cyber resilience suite. Powered by Recovery Intelligence, this connection helps customers swiftly understand the blast radius of an incident, locate clean restoration points, and significantly lower the risk of reinfection during the recovery process, enabling safe and lossless cyber recovery. Furthermore, built on Druva’s graph-based Dru MetaGraph foundation, Threat Watch can channel threat signals into DruAI. This allows for deeper analysis, helping teams prioritize risks, comprehend impact, and take decisive action.
For governance and compliance, the tool automates the generation of summary reports aligned with standards such as NIST, ISO, and DORA. These reports provide auditors and insurers with verified proof of “continuous monitoring” activities. Threat Watch is now generally available for protecting cloud and data center workloads, including Amazon EC2, Azure VMs, and VMware VMs.
(Source: HelpNet Security)
