Origins
Does backup = cyber recovery?
NO!
What is Rubrik?
Good pitch
What does zero trust mean?
We don't trust anyone. Every request for access to data, regardless of where it originates, is treated as a potential threat until it's explicitly verified.
What are the four Cyber Services?
Why is traditional backup hard?
Many different technology platforms and tools that are manual and complex to use
How does Rubrik unify and simplify the backup process?
We provide them a converged appliance with a single interface to manage the backups
What does MFA and TOTP mean?
Multi Factor Authentication: another verification when logging in
Temporary One Time Password
What is Ransomware Investigation?
We track incremental data, to detect anomalies as well as the entropy value of files, to identify encryption. We can notify not just on anomalies but identify that files have been encrypted due to entropy change all without any input or required action from an end user.
What were the three major market trends that contributed to the founding of Rubrik?
1. The explosion of data and data growing at exponential rate
2. Companies going towards the cloud
3. A growing focus and scrutiny on security
What is the difference between Enterprise & Foundation Edition?
Foundation Edition is the converged platform + ZT principles
Enterprise Edition is FE + the four cyber services (RI, TH, SDD, OR)
What does logically airgapped mean?
It means it is invisible on the network - you can't see where it is or when it is moving
What is Threat Hunting and Threat Monitoring?
We look for IOCs (indicators of compromise) in the backups to help identify a clean point of recovery. We do this via threat intelligence from Mandient, the FBI, CIA, etc.
Threat Hunting is done reactively after an attack and Threat Monitoring happens proactively every time a backup is run
Why can't you just hit the easy button for recovery?
If you just hit the easy button, you could reinfect yourself and have to start from the beginning
Give me the Lang's story
Tell the story
What is the two person rule?
We require minimum two people to approve any change to the data
What is Sensitive Data Discovery?
Rubrik uses 60+ pre-built analyzers to identify where sensitive data is in the environment and if any sensitive data was exposed during an attack. Very important for compliance and regulations.
When you recover, what is the goal?
To put yourself in a better position than you were before
What are the four questions that need to be answered for recovery?
What is the blast radius?
Where is my clean copy?
Was any sensitive data exposed?
Can we automate remediation and test it?
What is the monotonic clock and what does it prevent?
The monotonic clock counts time elapsed vs setting a date to expire using NTP (Network Time Protocol). We do this to prevent NTP Poisoning, where attackers can manipulate NTP and expire the backups.
What is Orchestrated Recovery?
Allows you to determine what applications to bring back up first and in what order, as well as automate that process. You can also test your recovery plan in peacetime, which is important for auditing purposes.