I’ve written about Rubrik’s Polaris offering in the past, with GPS being the first cab off the rank. You can think of GPS as the command and control platform, offering multi-cloud control and policy management via the Polaris SaaS framework. I recently had the opportunity to hear from Chris Wahl about Radar and thought it worthwhile covering here.
Rubrik announced recently (fine, a few weeks ago) that Polaris Radar is now generally available.
People don’t want to hear about the problem, because they already know what it is and they want to spend time hearing about how the vendor is going to solve it. I think in this instance, though, it’s worth re-iterating that security attacks happen. A lot. According to the Cisco 2017 Annual Cybersecurity Report ransomware attacks are growing by more than 350% annually. It’s Rubrik’s position that security is heavily focused on the edge, with firewalls and desktop protection being the main tools deployed. “Defence in depth is lopsided”, with a focus on prevention, not necessarily the recovery. According to Wahl, “it’s hard to bounce back fast”.
What It Does
So what does Radar do (in the context of Rubrik Polaris)? The idea is that it is increasing the intelligence to know when you get hit, and helping you to recover faster. The goal of Radar is fairly straightforward, with the following activities being key to the solution:
- Detection – identify all strains of ransomware;
- Analysis – understand impact of an attack; and
- Recovery – restore as quickly as possible.
Radar achieves this by:
- Detecting anomalies – leverage insights on suspicious activity to accelerate detection;
- Analysing threat impact – spend less time discovering which applications and files were impacted; and
- Accelerating recovery – minimise downtime by simplifying manual processes into just a few clicks.
Rubrik tell me they use (drumroll please) Machine Learning for detection. Is it really machine learning? That doesn’t really matter for the purpose of this story.
[image courtesy of Rubrik]
The machine learning model learns the baseline behaviour, detects anomalies and alerts as they come in. So how does that work then?
1. Detect anomalies – apply machine learning on application metadata to detect and alert unusual change activity with protected data, such as ransomware.
What happens post anomaly detection?
- Email alert is sent to user
- Radar inspects snapshot for encryption
- Results uploaded to Polaris
- User informed of results (via the Polaris UI)
2. Analyse threat impact – Visualise how an attack impacted the system with a detailed view of file content changes at the time of the event.
3. Accelerate recovery – Select all impacted resources, specify the desired location, and restore the most recent clean versions with a few clicks. Rubrik automates the rest of the restore process.
Thoughts and Further Reading
I think there’s a good story to tell with Polaris. SaaS is an accessible way of delivering features to the customer base without the angst traditionally associated with appliance platform upgrades. Data security should be a big part of data protection. After all, data protection is generally critical to recovery once there’s been a serious breach. We’re no longer just protecting against users inside the organisation accidentally deleting large chunks of data, or having to recover from serious equipment failures. Instead, we’re faced with the reality that a bunch of idiots with bad intentions are out to wreck some of our stuff and make a bit of coin on the side. The sooner you know something has gone awry, the quicker you can hopefully recover from the problem (and potentially re-evaluate some of your security). Being attacked shouldn’t be about being ashamed, but it should be about being able to quickly recover and get on with whatever your company does to make its way in the world. With this in mind, I think that Rubrik are on the right track.
You can grab the data sheet from here, and Chris has an article worth checking out here. You can also register to access the Technical Overview here.