FireEye Helix and Druva inSync deliver defense in depth visibility for your cloud backups

Over the last decade, We have seen a major movement of Information technology workloads and functions to the cloud. Applications that were once 100% on-premises and capex heavy are now being moved to subscription based multi tenant cloud platforms. The SaaS model as we call it is not only cheaper, but more reliable and efficient.

The SaaS model provides a lot of convenience to the end users who can now use these applications anytime and from anywhere on demand. It also takes a lot of headache away from the Infrastructure operations team who no longer have to worry about meeting a 99% SLA and uptime for these applications.

However, beyond the ease and convenience an often ignored aspect is security. Are these third party cloud based SaaS applications really safe?

‘Defense In Depth’ for your SaaS application

Druva recently published a white paper on how we implement ‘Defense in Depth’ for your cloud backups. We ensure your backups are air gapped and immune to cyber attacks, are available and accessible in case of data loss and can only be accessed by you. Our envelope based encryption and SSO based multi-factor authentication ensures any data if and when needed can only be accessed by the customer.

Over the past few years we have seen an acceleration in ransomware attacks and insider threats. While all SaaS vendors promise to keep the customer data safe, it is important that customers don’t blindly trust the cloud provider for extending your defense in depth to cloud SaaS applications.

As your data and functions move to the cloud, your data governance and security requirements should not be compromised. As your data moves to the cloud it is imperative that you have and demand the same level of visibility, trust and control, if not more, that you would have with an on-premises application.

Druva inSync now integrates with FireEye Helix for secure backups


Joint customers using Druva InSync for endpoint and SaaS application backup and FireEye Helix for security can ensure they can confidently extend the cyber-resilient posture as their data moves to the Druva Cloud Platform for backups.

The integration ensures that every event that happens within the customer’s Druva Cloud Platform environment is tracked and pushed to FireEye on a near real time basis.

These include but not limited to:

  • Admin and API Access events
  • Data Access events
  • Backup Failure events
  • Alerts and Notifications
  • User, Device and Data deletion
  • Audit Trails and Configuration changes

As FireEye Helix ingests these events, Security Ops teams get the ability to react rapidly to any cyber attacks and insider threats therefore substantially reducing the operational effort for a security analyst with the help of out of the box dashboards, rules and alerts .

This is done by:

  • Identifying abnormal data restoration, ensuring data being restored is within the enterprises’ network
  • Ensuring compliance to geography-based data access and restoration policy
  • Offering visibility into who is accessing the system, tracking Unauthorized Admin Login attempts, password changes and Admin attempts to download or recover data
  • Creating alerts, generated by the pre-built rules, which help security analysts to rapidly assess the event and take appropriate mitigation actions


FireEye Helix – Druva inSync integration allows you to extend your defense in depth posture beyond your traditional on premise apps. With full visibility and control it allows you to ensure that your cloud backups comply with your data governance and security requirements. Most importantly, it provides you a cloud based backup solution that is not only convenient and secure but a 100% transparent solution that you can trust.

If you would like to learn more about the partnership with FireEye, you can read the press release. However, if you’re ready to give it a try, you can install the Druva inSync App for FireEye Helix, or go visit Druva on the FireEye Helix Marketplace.