Once the team implemented Druva, Sise reports, “Right out of the gate Druva started backing up our MS SQL the way that we needed. As far as that changing our lives, it made me be able to sleep a bit better at night."
Since Druva is a SaaS platform, the team is able to protect all of their servers and Salesforce instances via a single platform. Schweinsberg said, “It’s so nice to have everything under one roof with Druva, where we can select to restore or back up any and all devices at the push of one button. It’s saving a lot of time compared to going into each individual server."
Sise also reflected that if they couldn’t get to their servers for some reason, it’s a comfort that Druva operates and stores their data outside of their environment. He said, “Because Druva is a SaaS tool and their data is elsewhere, that also makes me sleep better at night."
Shortly after getting the Druva solution set up, DMS faced a ransomware attack. Sise said that next, “Our backups had been deleted, and the data was no longer available in production.” This meant that somehow, the entire production environment needed to be rebuilt.
Even though Druva had only been in place a few days, it had backed up all the systems. And those backups were not stored in the production environment. Instead, they were stored behind an air gap on the Druva Cloud. According to Sise, “Druva’s air gap capabilities were our saving grace during our cyber-attack incident."
Sise was very appreciative to have a partner like Druva to work with them through the recovery process. Sise said, “The Druva team was a godsend during our recovery process, there with us through every single step. And that made a very stressful process a little bit better.” He continued, “With Druva, we knew we had somebody behind us backing us up. We weren't just standing alone." He continued, “I shudder if we had still been on Azure, because of the number of help desk tickets we would send to them that they didn't [seem to] really care about."
Sise and the DMS forensics team worked together to perform a sandbox recovery with Druva. They restored the backups from the Druva Cloud to a secure DMS location. Next, the team scanned the data with SentinelOne to be sure that it hadn’t been compromised. Schweinsberg was appreciative that the Druva team was assisting them with the recoveries, especially since they were new to the platform. He shared, “I was impressed that the Druva team opened up a plethora of tools for us to demo and try while we were recovering all of our data.”
Fortunately, a third-party forensics investigation determined that no data that was exfiltrated from the DMS system.
Sise is in the process of building a recovery playbook with Druva as a key vendor partner. They’re planning to use Druva integrations and APIs to share data with other tools used in their environment such as EDR and SIEM tools.
Using the breadth of Druva features allowed the DMS team to perform a 100% data recovery quickly and confidently. The experience led them to see the long-term value in the advanced ransomware protection and recovery features Druva offers.