At this point, it should be obvious: ransomware is a real and persistent threat to conducting business as usual. As organizations have aggressively adopted more digital modes of delivering and transacting services, the availability and security of digital assets have become ever more critical. But as B2B and B2C transactions continue to become digital, the threat surface for attackers has widened more than ever before as well. Despite all these trends, organizations continue to invest in ransomware planning and preparedness to meet this growing threat.

In particular, what most traditional infrastructure teams have not planned for is the added costs and complexity that a ransomware attack imposes on organizations. While everyone knows that mean time to remediation is of importance in responding to traditional IT incidents, ransomware attacks can dramatically change the economics of incident response. Beyond the obvious costs of downtime that a ransomware attack can impose, the additional costs of paying the ransom itself and other associated collateral damage can affect how an organization responds.

This is precisely why a highly analytical and automated approach to cyber incident response is necessary. Beyond saving the costs of downtime, the quicker that an organization can reestablish business-as-usual, the more confident an organization’s posture is for dealing with both attackers as well as regulators that may insist on time-based reporting.

Slow and Production-Intensive Approaches Do Not Work

Security incident response is a fairly mature domain that most security operations teams have adopted. As part of a typical incident response strategy, critical processes and playbooks are standardized so that cyberattacks can be addressed without having to reinvent the wheel every time. 

While processes and playbooks are necessary, they are simply not sufficient. With increasingly complex digital footprints spanning multiple applications, containers, virtual machines, and infrastructure, the devil is often in the details of the digital environment. Simply investigating and identifying the root cause of the ransomware attack and establishing a blast radius can often be extremely time-consuming  even with mature processes. Furthermore, identifying a known clean snapshot to restore to can also be fraught with problems as ransomware tends to nest early and explode in impact over time. Improper restorations can lead to reinfections of malware and a so-called “groundhog day” of remediation that can be expensive for the organization.

Rubrik Ransomware Investigation (formerly known as Radar) addresses many of these problems by using machine learning across backup snapshots to detect anomalous patterns of change and identify the blast radius of an attack. Rubrik can identify these patterns across many different environments given the inevitable complexity of most enterprise environments.

What’s New with Rubrik’s Threat Hunting?

Rubrik is excited to extend our portfolio of cyber resilience solutions by introducing Threat Hunting capabilities within the backup platform. Traditionally, Threat Hunting solutions enable organizations to search production systems for patterns of malicious activity and indicators of compromise. These patterns are often developed by trusted third parties who study the signatures of common ransomware attacks. 

Rubrik is bringing this capability to our backup platform so that organizations will now be able to easily search the backup environment for indicators of compromise, without any impact on production systems. As production systems can be modified by attackers, threat hunting directly on  production systems can be impacted in the event of an attack..

This innovative new capability further arms organizations to reduce their incident response times and strengthen their posture against ransomware attacks. With the ability to quickly search backup snapshots for indicators of compromise, organizations can now more accurately pinpoint a last known clean snapshot to restore to with the confidence that embedded malware will not reinfect production systems.

Learn More at the Data Security Spotlight!

Check out the Rubrik Data Security Spotlight, where you can learn about how Rubrik's comprehensive solutions can help you accelerate incident response and become even more confident in your ransomware preparedness.