Accelerate Ransomware Recovery with Druva Cloud and Cortex XSOAR

Nov 19, 2021
3 minutes

Ransomware is a growing threat resulting in a rising number of publicly disclosed breaches that cost up to hundreds of millions of dollars. Post-mortem investigations typically reveal that ransomware threat actors are adept at using subtle techniques to evade detection and slowly compromise systems. Most recent variants of ransomware target sensitive security and backup data. Making matters even worse, ransomware attacks are intentionally timed for events like national holidays when security and IT professionals are likely to be out of office.

Many organizations report that they still end up paying the ransom to restore critical services as fast as possible, even when they have full data backups. That is why only having a backup solution is no longer enough. You need to integrate and automate your data protection and security technologies to combat this threat. To help fight against evolving ransomware techniques, Druva and Cortex XSOAR are excited to share that the new Druva Ransomware Response content pack is now available within the Cortex XSOAR Marketplace. This integrated content pack will empower you to develop ransomware playbooks to centrally orchestrate automated response and recovery with Druva and Cortex XSOAR.

Why is this integration important for your security program?

The Druva Cloud Platform integration with Cortex XSOAR empowers you to automate ransomware incident response with prebuilt automations. These automations orchestrate recovery actions across both your primary and backup environments. Now, when an attack occurs, you can speed up recovery and get critical business functions back online in time to avoid paying the ransom. 

Cortex XSOAR transforms every stage of the incident lifecycle, resulting in significantly faster responses that require less manual review by unifying case management, automation, real-time collaboration, and threat intelligence management to transform every stage of the incident lifecycle, resulting in significantly faster responses that require less manual review.

Druva Cloud provides full data integrity with air-gapped, immutable backups so ransomware can’t execute and you always have safe backup data you can use for rapid recovery. 

The Druva Ransomware Response content pack enables you to:

  • Automate response actions like quarantining impacted resources or snapshots to stop the spread of ransomware and avoid reinfection or contamination spread
  • Initiate recovery actions like restoring an endpoint to a point in time prior to an attack
  • Remotely wipe resources and delete quarantined snapshots impacted by malware
  • Search data for malicious hashes to accelerate remediation of malicious content 

Learn More

Build out your security program with the Druva content pack, available now on the Cortex XSOAR Marketplace. Learn more about Druva Cloud Platform.

Don’t have Cortex XSOAR? Download the Community Edition to get started. 

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.