Rubrik and Cisco have allied to improve cyber resiliency by integrating their respective data protection and extended detection and response (XDR) platforms.

Ghazal Asif, vice president for global channels and alliances for Rubrik, said the integration provided will make it simpler for cybersecurity and IT operations teams to cooperatively limit the blast radius of, for example, a ransomware attack by ensuring pristine copies of the sensitive data is readily available.

The overall goal is to make it simpler to both identify what data at risk today needs to be better secured and, in the event of a breach, reduce the total cost of a breach by accelerating the rate at which it can be remediated, she added.

At the core of that capability is a Rubrik software-as-a-service (SaaS) application platform that is a two-stage machine learning algorithm that Rubrik uses to detect file entropy and signs of encryption or malware and a set of rules that surfaces the time-series history of data to create pristine snapshots of data that can be recovered.

Additionally, Rubrik automatically identifies indicators of compromise within backups using a threat intelligence feed it curates on behalf of the organizations the company serves.

Cybersecurity teams can now, as a result of the integrations, use those capabilities to, for example, initiate a backup to minimize data loss any time a cyberattack is detected. That latest backup snapshot can then be restored directly from within the Cisco XDR console.

Collectively, those capabilities make it much easier for organizations to both quantify and achieve specific recovery time objectives, noted Asif.

At this juncture, most organizations recognize that a data breach is all but inevitable. That doesn’t necessarily mean organizations won’t continue to invest in preventing data breaches, but how quickly they can contain any data breach has become a critical metric for evaluating how effective a cybersecurity team is. As such, the pressure to integrate back and recovery processes typically managed by IT operations teams with cybersecurity workflows has increased considerably.

In addition, regulatory agencies that assess any penalties that might be levied in the wake of a data breach are adding to their calculations the level of investment organizations have made in modernizing their data protection processes. At the same time, cybersecurity insurance providers are also requiring organizations to increase their overall cyber resiliency before agreeing to provide coverage.

Recovering from ransomware attacks has become more challenging because cybercriminals may be present in an IT environment for multiple days. Determining how far back an organization needs to go to recover a pristine copy of data that hasn’t been infected by malware today often requires a lot of effort. The more continuous those backups become, however, the simpler it becomes to recover, noted Asif.

Cybercriminals are usually betting organizations will find it less painful to ransom their data than to recover a pristine copy of it. It’s up to cybersecurity teams in collaboration with their IT operations counterparts to make sure that the bet doesn’t pay off.