Aug 10 2022

Review: Ransomware Investigation Platform Fortifies Defenses in Depth

This recovery tool keeps watch over protected networks and speeds recovery following a ransomware attack.

Ransomware is one of the most dangerous cyberthreats operating today. Many organizations are specifically targeted, either because criminals assume they can ask for a lot of money or because of a higher possibility for payment. Among those targeted groups, healthcare organizations are near the top of the list.

Companies such as Rubrik are pioneering defenses against ransomware. A combination of frontline protections and immutable backup systems that are safe from external state changes create a defense in depth, which monitors for anomalies in data and helps to quickly recover should an attack land successfully.

In healthcare, any downtime is unacceptable. If a hospital can recover all of its corrupted data, but it takes weeks to do so, that is still a large disruption. To compensate, Rubrik created the Ransomware Investigation platform, which is designed to keep administrators apprised of the state of their storage and backup deployments, and to restore more quickly everything that has been corrupted should an attack make it past other defenses.

Click the banner for access to exclusive HealthTech content and a customized experience.

Ransomware Investigation Powered by Machine Learning

The Ransomware Investigation platform is extremely advanced and intelligent, using machine learning to watch over an organization’s data and storage. Over time, it creates a baseline of behavior that is unique to every organization. Thereafter, it can analyze elements such as file properties, change rate, content type and entropy changes to files.

If it spots an anomaly, it will alert users about any indications of an attack getting through to other defenses. All of that processing is conducted within the cloud, so there is no impact on the local network.

DIVE DEEPER: Discover why layered security is essential to health systems' incident response planning.

A Quick Response to Ransomware Attacks

Restoration in response to a limited attack can take time. But with Ransomware Investigation, once an attack is confirmed, it can show administrators exactly what files have been compromised and how the attack was able to penetrate other defenses. This allows administrators to shore up their security and enables targeted restoration.

Instead of restoring everything — potentially, terabytes of information — only the files that were corrupted need to be replaced. That can cut down the time required to return to full operations from days or weeks to just a few hours.

Ransomware Investigation is a powerful tool that acts as a force multiplier for other defenses. That’s great news in healthcare, where protection is paramount for supporting patient care.


PRODUCT TYPE: Ransomware recovery platform
DEPLOYMENT TYPE: Core components operate within the cloud
THREATS MITIGATED: Ransomware, or anything else that corrupts or erases data
KEY FEATURES: Anomaly detection and automated recovery
ADDITIONAL CAPABILITY: Can be used for post-breach analysis to see what went wrong


Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.