Origins
Does backup = cyber recovery?
NO!
What is Rubrik?
Good pitch
What does zero trust mean?
We don't trust anyone. Every request for access to data, regardless of where it originates, is treated as a potential threat until it's explicitly verified.
What are the four Cyber Services?
Why is traditional backup hard?
Many different technology platforms and tools that are manual and complex to use
How does Rubrik unify and simplify the backup process?
We give them a single unified interface so that they can manage all their workloads from one place and auto discover new workloads
What does MFA and TOTP mean?
Multi Factor Authentication: another verification when logging in
Temporary One Time Password
What is Ransomware Investigation?
We track incremental data, to detect anomalies as well as the entropy value of files, to identify encryption. We can notify not just on anomalies but identify that files have been encrypted due to entropy change all without any input or required action from an end user.
What is the challenge around management?
Managing the schedule of all the different backups across different workloads and backup tools with the right policies applied and confirming that the job is completed makes management hard and complex
Rubrik's SLA Policy Engine that will auto apply policies to new workloads as they come up in the environment with the correct retention policies. Rubrik also is incremental forever, only ingesting new data. Lastly, Rubrik creates Metadata, enabling teams to index the data to understand the context and content.
What does logically airgapped mean?
It means it is invisible on the network - you can't see where it is or when it is moving
What is Threat Hunting and Threat Monitoring?
We look for IOCs (indicators of compromise) in the backups to help identify a clean point of recovery. We do this via threat intelligence from Mandient, the FBI, CIA, etc.
Threat Hunting is done reactively after an attack and Threat Monitoring happens proactively every time a backup is run
What is the challenge with recovery?
Historically, most of the recovery scenarios were focused around file deletion, user error, problems. Those are simple recoveries. But with the rise in cyber attacks, this becomes a much different process.
One, you might grab an unclean copy and reinfect yourself. Two, you might go too far back and lose too much data. Three, you might take too long and have critical business impact because of the outages.
How does Rubrik do storage better?
Natively immutable, logically airgapped, no open protocols, retention lock, 2 person rule, MFA/TOTP, monotonic clock
What is the two person rule?
We require minimum two people to approve any change to the data
What is Sensitive Data Discovery?
Rubrik uses 60+ pre-built analyzers to identify where sensitive data is in the environment and if any sensitive data was exposed during an attack. Very important for compliance and regulations.
What is the ideal recovery state?
Have this data - easily search and find it, wherever it was sitting
Protecting it - easy to manage, smart, automated
Storing a copy - safely tucked away in bunker, invisible from any bad actor
Restoring it - could get back everything or one thing (grain of rice or whole pile). Fast and safe
What are the four questions that need to be answered for recovery?
What is the blast radius?
Where is my clean copy?
Was any sensitive data exposed?
Can we automate remediation and test it?
What is the monotonic clock and what does it prevent?
The monotonic clock counts time elapsed vs setting a date to expire using NTP (Network Time Protocol). We do this to prevent NTP Poisoning, where attackers can manipulate NTP and expire the backups.
What is Orchestrated Recovery?
Allows you to determine what applications to bring back up first and in what order, as well as automate that process. You can also test your recovery plan in peacetime, which is important for auditing purposes.