Skip to main content

Druva

Download With Dependencies

Centrally orchestrate ransomware response and recovery via API integrations and automated playbooks. This content pack will empower you to get back to normal faster after security incidents such as insider threats and ransomware attacks.

Accelerate ransomware recovery with Druva Cloud Platform

Ransomware is a growing threat; sophisticated new variants specifically target backup data for encryption and deletion. Plus, ransomware attacks are intentionally timed for events like national holidays when security and IT professionals are likely to be out of office. Just having a backup solution is no longer enough; you need to integrate your data protection and security technologies to combat this threat.

The Druva Cloud Platform integration empowers you to automate ransomware incident response playbooks and orchestrate recovery actions across both your primary and backup environments.

The Druva Cloud Platform offers

  • Data Integrity: Air-gapped, immutable backups - ransomware can’t execute in the Druva environment, so you’ll always have safe backup data you can use for recovery
  • Operational Security: 24x7x365 fully managed security operations including automatic patching and continuous monitoring
  • Accelerated Recovery: Robust API integrations with SIEM and SOAR platforms are coupled with our Accelerated Recovery solutions so you can get back to normal faster

What does this pack do?

alt text

This two way API integration enables customers to:

  • Automate response actions like quarantining effected resources or snapshots to stop the spread of ransomware and avoid reinfection or contamination spread
  • Initiate recovery actions like restoring an endpoint to a point in time prior to an attack
  • Remotely wipe resources and delete quarantined snapshots affected by malware
  • Search data for malicious hashes to accelerate remediation of malicious content

Accelerate ransomware recovery with Druva Cloud Platform

Ransomware is a growing threat; sophisticated new variants specifically target backup data for encryption and deletion. Plus, ransomware attacks are intentionally timed for events like national holidays when security and IT professionals are likely to be out of office. Just having a backup solution is no longer enough; you need to integrate your data protection and security technologies to combat this threat.

The Druva Cloud Platform integration empowers you to automate ransomware incident response playbooks and orchestrate recovery actions across both your primary and backup environments.

The Druva Cloud Platform offers

  • Data Integrity: Air-gapped, immutable backups - ransomware can’t execute in the Druva environment, so you’ll always have safe backup data you can use for recovery
  • Operational Security: 24x7x365 fully managed security operations including automatic patching and continuous monitoring
  • Accelerated Recovery: Robust API integrations with SIEM and SOAR platforms are coupled with our Accelerated Recovery solutions so you can get back to normal faster

What does this pack do?

alt text

This two way API integration enables customers to:

  • Automate response actions like quarantining effected resources or snapshots to stop the spread of ransomware and avoid reinfection or contamination spread
  • Initiate recovery actions like restoring an endpoint to a point in time prior to an attack
  • Remotely wipe resources and delete quarantined snapshots affected by malware
  • Search data for malicious hashes to accelerate remediation of malicious content

PUBLISHER

Druva

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedNovember 25, 2020
Last ReleaseSeptember 4, 2023
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.