While anti-ransomware measures to date have largely focused on trying to keep it out, Radar focuses on quickly assessing the damage and then recovering from it as quickly as possible.
Data management vendor Rubrik has announced Polaris Radar, a new data management application specifically designed to help companies who are hit by a ransomware attack recover it as painlessly as possible, and with minimal downtime.
Radar is the second application built for the Polaris SaaS platform, which Rubrik launched in April of this year as a complement to their flagship data protection program. The first app for Polaris, Polaris GPS, which provides a single control and policy management console to unite globally distributed data, came out at the launch.
“This is all about ransomware,” said Chris Wahl, Rubrik’s Chief Technologist. “We are acknowledging it’s a huge problem with a 350 per cent growth over the last year. Companies still get infected, even with controls in place. We need to be able to impact this and offer a single click-type restore experience, so things can be put back in place afterwards with a single, easy process.”
Wahl said that the traditional approach to anti-ransomware solutions had been to prevent it from getting in in the first place. Rubrik is pursuing a different strategy with Radar.
“The traditional focus has been on prevention – stopping it from getting in,” he said. “The issue is that doing a restore from backup if it does get in can be more expensive and time-consuming then paying the ransom. We think that there has been a void in addressing this, and that a solution was needed that focuses on minimizing the downtime itself, and getting rid of the pain of the downtime.”
Wahl explained the process which led Rubrik to develop this solution.
“A couple of years ago, a customer, Langs Building Supplies, was hit, back before ransomware become front page news,” he said. “The customer came to us and we wrote an API to restore their files. They were so pleased that although most companies hit by ransomware like to keep quiet about it, they wanted to be a public reference. That set off a light bulb for us. We wanted to build a solution that would use automation to make an assessment of the attack and restore files, instead of having to leverage our team.”
The result, Radar, is powered by machine learning, which provides organizations with deep intelligence on how an attack impacted their business-critical application data. It uses machine learning algorithms to actively monitor global metadata for suspicious anomalies like ransomware. It then quickly analyzes the threat impact with data intelligence, to identify which applications and data were impacted and where they are located.
“With the data ingested on any of our platforms, we can package up all snapshot information and send it to the Rubrik cloud, where we can do the threat assessment,” Wahl said. “Being able to analyze and figure out what has been hit and assessing the scope of the damage has been the big time consuming and unreliable part of the process. Once we have done this threat assessment, our restore process will use intelligent workloads to do the restore, rather than manual processing. Recovery can then be done easily, with just a few clicks.”
Wahl said that their channel partners have said this will help them in multiple ways.
“The partner ecosystem has told us that the challenge with defense in depth is that the focus has been on the front end to stop ransomware from hitting the environment. They want something to deal with those threats that get in, because the downtime is the killer. The whole fabric of Radar has been built with recovery in mind, to deal with that downtime issue. Having this in their toolbelt also means they can talk with C people at a strategic level. It’s top of mind to solve the ransomware problem today at the C suite level. So this lets the partner attack both the high level and low level of the pyramid.”
Polaris Radar is available now as a subscription-based service on the Polaris platform.