Ransomware is a growing and expensive threat. Ransomware remediation cost has more than doubled since last year, reaching $1.85M. Ransomware threat actors are adept at using subtle techniques to evade detection. This allows them to slowly compromise systems. And an increasing number of incidents include the deletion or disablement of backups.
Making matters worse, ransomware attacks are intentionally timed for events like national holidays when security and IT professionals are likely to be out of office. Organizations need the ability to respond to attacks immediately and automatically, even if the IT director is in Cancun for Christmas.
Recovering after a ransomware attack also presents many unique challenges. Unlike a natural disaster, which destroys data all at once, ransomware encrypts data slowly over time. Ransomware recovery also introduces the additional step of ensuring that data is clean before restoring it to your primary environment.
All of these complications add to a prohibitively long recovery process. In fact, many organizations report that they still end up paying the ransom to restore critical services as fast as possible, even when they have full data backups.
That is why only having a backup solution is no longer enough. You need to integrate and automate your data protection and security technologies to accelerate the recovery of clean and complete data.
During our 2021 Cyber Resilience Summit, we sat down with Rishi Bhargava, VP of Product Strategy at Palo Alto Networks, to discuss best practices for integrating security and backup technologies. We also introduced the new Druva Ransomware Response content pack, which is now available within the Cortex XSOAR Marketplace. This integrated content pack will empower you to develop ransomware playbooks that centrally orchestrate automated response and recovery with Druva and Cortex XSOAR.
Why is integrating with security tools important?
The Druva Data Resiliency Cloud integration with Cortex XSOAR empowers you to accelerate ransomware recovery with pre-built automations across both your primary and backup environments. Now, when an attack occurs, you can orchestrate response actions such as automatically quarantining affected resources or remotely wiping infected devices.
The Druva Ransomware Response content pack enables you to:
- Automate response actions like quarantining impacted resources or snapshots to stop the spread of ransomware and avoid reinfection or contamination spread
- Initiate recovery actions like restoring an endpoint to a point in time prior to an attack
- Remotely wipe resources and delete quarantined snapshots impacted by malware
- Search data for malicious hashes to accelerate remediation of malicious content
The Druva Data Resiliency Cloud ensures data integrity with air-gapped, immutable backups so ransomware can’t execute and you always have safe backup data you can use for rapid recovery. It transforms every stage of the recovery process so you can get critical business functions back online in time to avoid paying the ransom.
Don’t have Cortex XSOAR? Download the Community Edition to get started.