Rubrik unveils enhanced ransomware protection, orchestrated AppFlow DR solution

Ransomware is the focus, both with enhancements to the core capability and the addition of AppFlows, which builds ransomware protection into an orchestrated DR solution, but there is a lot more here as well.

Today, Rubrik is kicking off their virtualized FORWARD 2021 event with a flurry of product announcements covering multiple parts of the data spectrum. They announced enhancements which make it easier to recover from ransomware attacks. They introduced AppFlows, an orchestrated DR disaster recovery] solution. Full support was announced for all Microsoft 365 apps. The PB scale archival technology for NAS that Rubrik acquired with Igneous in late 2020 was also unveiled as a rebranded Rubrik offering, Rubrik NAS Cloud Direct. Other important announcements included a new integration with Palo Alto Networks’ XSOAR, and a new two-factor system authentication capability.

“This is a big release for Rubrik and for the market as well,” said Greg Smith, Vice President, Product and Technical Marketing at Rubrik. “It’s also timely, with the attack on Colonial Pipelines. We aren’t new to the ransomware game, but with these announcements, we are taking our game to the next level.

“We’ve been on top of ransomware for some time, both in terms of discovery and recovery from ransomware attacks,” Smith continued. “Because we have full visibility into a company’s data, we can assess when data has changed, that would indicate malicious activity. We can understand the blast radius, and provide some really powerful recovery mechanisms, to recover quickly, to the right copy of data and to the right location.”

The major addition around ransomware is new capabilities for automated mass recovery of applications to rapidly restore normal IT and business operations.

“This release makes it even easier to recover from ransomware attacks,” Smith indicated. “It has improved machine learning to be even more precise at identifying bad actors. We have made it easier to get a local end-to-end view of the data estate to see if data has changed. A typical organization has hundreds of VMs, and the more that can be automated, the easier the assessment of how ransomware attack has impacted business, when they need to recover. We have dramatically improved recovery operations, and given IT the ability to do a mass recovery if dozens or hundreds of VM are impacted. You can initiate recovery in just a small number of clicks.”

Smith stressed that this gives data a more central role in fighting ransomware.

“Data has traditionally been the last line of defense from ransomware,” he said. “Rubrik wants to make it the best line of defense. We bring recovery time from weeks to hours or less, and give options to recover a business without paying the ransom.”

Another anti-ransomware tool is AppFlows, a new DR solution that lets customers use their existing Rubrik cloud management platform as its base, rather than purchase new hardware and software.

“We are bringing orchestration to recovery as part of ransomware remediation,” Smith said. “A ransomware recovery plan is only viable if it can support the unique demands of enterprise applications. So we are announcing AppFlows, an orchestrated DR solution, that handles not only natural failures but also events like ransomware. It rethinks DR to be part of a recovery strategy while also helping with operational and natural disasters.”

The AppFlows are managed through a SaaS-based control plane, and leverage powerful application blueprints that capture the resource mapping and workload dependencies to enable reliable failover in the event of a data center outage.

“Appflows in a VMware environment can fail over to a secondary site, or from the site to VMware Cloud on AWS,” Smith said. “In addition, while traditionally DR solutions require new hardware and software systems, this uses their existing footprint in Rubrik backup. They already have the data.”

Enhanced support for Microsoft 365 was also announced.

“Our goal is to help protect all customers’ business data, in the data centre, cloud and SaaS,” Smith said. “With Microsoft 365, we have made major strides. We now have full support for all Microsoft 365 apps, including Microsoft Exchange Online, OneDrive, SharePoint Online, and Microsoft Teams. In addition, for customers who want predictable pricing, we now have a Rubrik managed service where they get per user pricing.”

At the end of 2020, Rubrik acquired Igneous, which focused on managing unstructured data at great scale. They are now announcing that the technology has been integrated within the Rubrik portfolio.

“We acquired the Igneous PB scale archive for NAS, and it is now part of the Rubrik family as Rubrik NAS Cloud Direct,” Smith said. “It is now fully managed by Polaris, to provide PB scale cloud archives for NAS systems. The growth in unstructured data from videos, photos and IoT data remains strong, and the archiving is moving from tape to cloud. Rubrik NAS Cloud Direct solves the problem of moving unstructured data across clouds.”

Rubrik also announced new integrations with the Palo Alto Networks Cortex XSOAR and ServiceNow Incident Response automation frameworks.

“These are important, especially the Palo Alto Networks integration,” Smith said. “SOAR is a popular tool for SecOps teams. However, the backup data is managed by ITOps teams. This means that when a ransomware attack happens, the response has been siloed. By coming together with Palo Alto Networks in this integration, we bring about tight collaboration between ITOps and SecOps teams. This means faster recovery.”

A two-factor system authentication to help prevent unauthorized access has also been introduced.

“This is all native,” Smith said. “One of the most common attack vectors for ransomware is compromising credentials. If they steal credentials, they have better opportunity to corrupt the data. But with 2FA, even if credentials are compromised, attackers wont have access to the data. This is part of a Zero Trust capability.”

The 2FA is an option, but Smith indicated they will be strongly advocating customers use it.

“We are highly recommending it,” he said.

“All of these announcements are very exciting for our partners,” said Bertrand Yansouni, Rubrik’s Global Channel Chief. “Our partners want to help customers solve critical business problems. You don’t get a more top of mind, board level critical business topic than ransomware, and making sure you have a plan around it.

“Partners see the walls that have traditionally existed are breaking down because classical IT and security operations are breaking down,” Yansouni added. “For our partners, it’s no longer enough to talk abut prevention. It’s about remediation and fast recovery to ensure the business keeps running. These enhanced features will help partners and customers assess the blast radius, and maintain business continuity. They will also help partners differentiate themselves with customers and maintain relevance. That’s a very big reason partners are so excited about these announcements. Releases like this help build on that track record and helps them take advantage of our ‘land and expand’ model, by making it easier to use us for new workloads.”