Rubrik Announces Polaris Radar

Polaris?

I’ve written about Rubrik’s Polaris offering in the past, with GPS being the first cab off the rank.  You can think of GPS as the command and control platform, offering multi-cloud control and policy management via the Polaris SaaS framework. I recently had the opportunity to hear from Chris Wahl about Radar and thought it worthwhile covering here.

 

The Announcement

Rubrik announced recently (fine, a few weeks ago) that Polaris Radar is now generally available.

 

The Problem

People don’t want to hear about the problem, because they already know what it is and they want to spend time hearing about how the vendor is going to solve it. I think in this instance, though, it’s worth re-iterating that security attacks happen. A lot. According to the Cisco 2017 Annual Cybersecurity Report ransomware attacks are growing by more than 350% annually. It’s Rubrik’s position that security is heavily focused on the edge, with firewalls and desktop protection being the main tools deployed. “Defence in depth is lopsided”, with a focus on prevention, not necessarily the recovery. According to Wahl, “it’s hard to bounce back fast”.

 

What It Does

So what does Radar do (in the context of Rubrik Polaris)? The idea is that it is increasing the intelligence to know when you get hit, and helping you to recover faster. The goal of Radar is fairly straightforward, with the following activities being key to the solution:

  • Detection – identify all strains of ransomware;
  • Analysis – understand impact of an attack; and
  • Recovery – restore as quickly as possible.

Radar achieves this by:

  • Detecting anomalies – leverage insights on suspicious activity to accelerate detection;
  • Analysing threat impact – spend less time discovering which applications and files were impacted; and
  • Accelerating recovery – minimise downtime by simplifying manual processes into just a few clicks.

 

How?

Rubrik tell me they use (drumroll please) Machine Learning for detection. Is it really machine learning? That doesn’t really matter for the purpose of this story.

[image courtesy of Rubrik]

The machine learning model learns the baseline behaviour, detects anomalies and alerts as they come in. So how does that work then?

1. Detect anomalies – apply machine learning on application metadata to detect and alert unusual change activity with protected data, such as ransomware.

What happens post anomaly detection?

  • Email alert is sent to user
  • Radar inspects snapshot for encryption
  • Results uploaded to Polaris
  • User informed of results (via the Polaris UI)

2. Analyse threat impact – Visualise how an attack impacted the system with a detailed view of file content changes at the time of the event.

3. Accelerate recovery – Select all impacted resources, specify the desired location, and restore the most recent clean versions with a few clicks. Rubrik automates the rest of the restore process.

 

Thoughts and Further Reading

I think there’s a good story to tell with Polaris. SaaS is an accessible way of delivering features to the customer base without the angst traditionally associated with appliance platform upgrades. Data security should be a big part of data protection. After all, data protection is generally critical to recovery once there’s been a serious breach. We’re no longer just protecting against users inside the organisation accidentally deleting large chunks of data, or having to recover from serious equipment failures. Instead, we’re faced with the reality that a bunch of idiots with bad intentions are out to wreck some of our stuff and make a bit of coin on the side. The sooner you know something has gone awry, the quicker you can hopefully recover from the problem (and potentially re-evaluate some of your security). Being attacked shouldn’t be about being ashamed, but it should be about being able to quickly recover and get on with whatever your company does to make its way in the world. With this in mind, I think that Rubrik are on the right track.

You can grab the data sheet from here, and Chris has an article worth checking out here. You can also register to access the Technical Overview here.

Rubrik Announces Polaris GPS

Rubrik recently announced their GPS module for Polaris. The product name gives me shivers because it’s the name of a data centre I spent a lot of weekends in years ago. In any case, Polaris is a new platform being built in parallel with Rubrik’s core offering. Chris Wahl very kindly took us through what some of the platform capabilities are.

 

Polaris What?

Polaris is the SaaS platform itself, and Rubrik are going to build modules for it (as well as allowing 3rd parties to contribute). So let’s not focus too much on Polaris, and more on those modules. The idea is to provide a unified control plane with a single point of control. According to Rubrik, there is a going to be significant focus on a Great User Experience ™.

“Rubrik Polaris is a consumable resource that you tap into, rather than a pile of infrastructure that you setup and manage”

 

I’m A Polaris

The first available module is “Rubrik Polaris GPS”. The idea is that you can:

  • Command and control of all Rubrik CDM instances, globally;
  • Monitor for compliance and leverage alerts to dig into trouble spots;
  • Work with open and documented RESTful APIs with visibility into a global data footprint. Automate and orchestrate all of Rubrik from a single entry point.

The creation and enforcement of business SLA policies is based on flexible criteria: geography, installation, compliance needs, planned growth, data migrations, etc. You can start to apply various policies to data – some you might want to keep in a particular geographical zone, some you might need replicated, etc.

Another cool thing is that the APIs are open and documented, making third-party integration (or roll your own stuff) a real possibility.

From a security perspective, there’s no currently available on-premises version but that’s a possibility in the future (for dark sites). You also need to add clusters manually (i.e. securely) – clusters won’t just automatically join the platform. The idea is, according to Rubrik, to “show you enough data to make actionable decisions, but don’t show too much”. This seems like a solid approach.

 

Questions?

Is my backup source data available to Polaris?

– No. The backup source data is available only to the respective Clusters. Polaris has access only to activities and reports on Clusters that have been granted access to Polaris.

Is Polaris a separate CDM version?

– No. Polaris is a SaaS service.

What is the maximum number of Clusters that can be managed by Polaris?

– There is no hard limit to the number of Clusters that can be managed by Polaris.

How secure is Polaris GPS?

– Polaris uses multiple levels of security to protect customer data and service: authentication, secure connection, data security, data isolation, data residency, etc.

 

Thoughts

So what problem are they trying to solve? Well, what if you wanted to apply global protection policies to multiple appliances? GPS could be leveraged here. This first module isn’t going to be very useful for folks who are running a single deployment of Briks, but it’s going to be very interesting for folks who’ve got a large deployment that may or may not be geographically dispersed. The GPS module is going to be very handy, and shows the potential of the platform. I’m keen to see what else they come up with to leverage the offering. I’m also interested to see whether there’s much uptake from third-parties. These extensible platforms always seem like a great idea, but I often see limited support from third-parties with the vendor doing the bulk of the heavy lifting. That said, I’m more than happy to see that Rubrik have taken this open approach with the API, as it does allow for some potentially interesting integrations to happen.

If you’ve been keeping an eye on the secondary storage market, you’ll see that the companies offering solutions are well beyond simply delivering data protection storage with backup and recovery capabilities. There’s a whole lot more that can be done with this data, and Rubrik are focused on delivering more out of the platform than just basic copy data management. The idea of Polaris delivering a consolidated, SaaS-based view of infrastructure is likely the first step in a bigger play for them. I think this is a good way to get people using their infrastructure differently, and I like that these companies are working to make things simpler to use in order to deliver value back to the business. Read more about Polaris GPS here.