娇色导航

? Hi everybody, welcome to DEMO, the show where companies come in and they show us their latest products and services. Today I'm joined by Anneka Gupta, she is the Chief Product Officer at Rubrik. Welcome to the show, Anneka! ?

Thanks for having me. ?

So what are you going to show us today? ?

So I'm going to show you Rubrik, a data security platform. So what we focus on is helping with cyber resilience. Now you may ask, what cyber resilience?

Cyber resilience is all about helping organizations minimize their downtime when they're hit with a cyber-attack, which means that they need to be able to recover back to a clean state as quickly as possible, right? ?

You’ve been around for about 10 years now, correct? So we're going to see some new features today. We're not just going to show the whole platform, right? Who is this usually designed for? Is this large enterprises, small businesses? Someone in IT, someone in security? ?

So we work with large enterprises, typically regulated industries, but really can be anything, as well as federal government globally.

So at the world's largest organizations, typically the users are IT and security professionals, depending on the different parts of the product, because our product really brings these teams together to be able to help them recover in the case of a cyber-attack. ? Alright.

So what problems are you solving with this? You know, in other words, why should companies care about this versus maybe some other companies that are out there? ?

So what is really different about cyber recovery from other kinds of recovery events is that in a cyber event, you need to figure out what was the scope of the actual attack. You need to figure out if any sensitive data was impacted.

You need to find a clean point of recovery so that you don't recover malware back in your environment. And that investigation can take a lot of time, so you have to do all of that before you hit the Recover button.

What Rubrik does is we pulled us all of this together in one single platform that allows you to do this no matter where your data lives, whether that's on premise in the cloud or across SaaS applications. ?

Before they discovered Rubrik, what would a company do before this? Would they just have to, like, push that Recover button and then, like, keep their fingers crossed? ?

I mean, it's a whole host of things. So people would typically have a patchwork of different solutions to cover their on-premise environments, their cloud environments, their SaaS environments, that all worked differently and didn't work together.

And then on top of that, they would do exactly what you would say. They would recover, and then they would see, OK, is this a clean point of recovery?

And they would have to recover their entire environment, which takes a ton of time, versus just recovering the impacted pieces.

So by using Rubrik, they can really cut down their cyber RTO such that instead of it taking days or weeks, or sometimes even months to get to a clean state, they can actually do this in hours or days. ?

And it wouldn't be 2024 without some generative AI features, right? All right, let's jump right into the demo then. ?

So what you can see here is the global dashboard for Rubrik, where you can get a sense of all of the data that you're protecting and some of the security capabilities as well.

Now what I'm going to jump into and really demo today is our Gen AI capabilities that we call Ruby AI.

Now the concept behind this is that if you're an IT professional coming in and you and we detect a security threat in your environment, often, you may not know what to do next.

And the whole idea of what we've built is a workflow that is interactive and conversational, such that you can easily figure out what to do next, even if you don't have the skills and experience to understand how to react to a cyber event, which is the vast majority of organizations, and IT organizations.

So what I'll take you through is we have this inbox here which will notify you if we find an indicator of compromise, such as malware in your environment.

And we do this, we are scanning your environment every single time we take a snapshot, we scan it using threat intelligence feeds that we pull together from Mandiant and other the likes of other partners. So let's say we found some malware in your environment.

You can click here to investigate and build a response plan together with Ruby. So let's go into this.

So what you see here is you see more information about this malware that we're pulling together so that you can get a sense of, okay, what kind of ransomware family is this a part of?

Who are the types of attackers that use this kind of ransomware and malware in the environment, and what are the hashes that you could find this in other environments, then you can either type in your own question, or Ruby will give you some examples of what you may want to ask next.

So you might want to ask, Hey, tell me more about this malware. So here then you get a little bit of a description of what this malware looks like.

You can always copy this to the clipboard if you want to go send a Slack message or something to your security team. Often, what happens is, when there's one indicator of compromise, like malware, there's other associated indicators of compromise.

So what we can automatically do is actually search for additional indicators of compromise that are related to this piece of malware that we found. So we do that.

Now, anytime we're asking to take an action in the environment, we want extra confirmation so that people don't accidentally take an action that they didn't think about. Now what you can see here is, OK, we've now looked for additional indicators of compromise.

We found another kind of malicious file, and what you can see down here is a timeline. And what this tells you is basically, when did this malware first land? And this then allows you to recover back to a clean point in time.

So you know that if you recover to November 11, 2023, 8 pm or earlier than that, you will recover a clean copy. But if you take the next snapshot, you won't be able to green means good here. Green means good. Hopefully super in turn to IT, yeah.

Then you can ask, you can look at, is there any sensitive data in these objects?

The reason why this is important is that they're often what ransomware attackers do is they exfiltrate data and put it on the dark web as another means of getting people to pay the ransom.

So here you can actually see, OK, based on the policies that you set up within Rubrik. And we can, we automatically generate these policies. You can also create your own.

Here's what, here's what we found in the actual objects, where this ransomware was or where this not ransomware, this malware was found. OK? And then you can ask, Well, OK, what are the recommended next steps? Great.

Recommended next steps are quarantine the affected objects so that you don't allow people to accidentally recover those objects. And then you can actually do the recovery back to the clean snapshot. So even just from the UI here, you can quarantine all the snapshots again.

You have to press yes. We can create a recovery plan which will do all of this? You can say, would you like to proceed? Yes. And then you can go through the whole recovery steps. So here you would have to put recover.

Now if you want to ask follow up questions as well, you can ask follow up questions. You can say, hey, does malware exist elsewhere in my environment? And it will actually give you next steps of what you can do for you.

So you can ask a lot of questions. This makes it super interactive and really easy without requiring a lot of expertise in security. ?

And so if this wasn't around, typically what would happen? ?

Typically what would happen is that an IT person that might see this alert would then go to their security team and be like, Well, I found this. What do I do next?

Then the security team has to come back and say, hey, look for all these indicators of other indicators of compromise. Help us figure out all this stuff.

And it would require a ton of back and forth between the teams, which makes it really difficult because it takes a lot of time.

So here, what we've done is we've said, OK, you can at least get first-level answers to all the questions that your security team is going to ask.

You could actually then generate a report from here and send it off to your security team so they can figure out what they want to do. So it really reduces that time.

All of this is possible within the UI to go do as of now, but it's not strung together and as easy and comprehensive as a way as we've done through Ruby. ?

You've got a bunch of other features, obviously, with the Rubrik platform. So where can people go for more information? And do you offer a free trial of this? ?

Yeah, so you can go to Rubrik.com to learn more about Rubrik. We have the opportunity there to go through demos that we have on the platform and contact a salesperson if you're interested in learning more. ? All right.

Anneka Gupta, thanks again for the demo. That’s all the time we have for today's show. Be sure to like the video, subscribe to the channel and add any thoughts you have below. Join us every week for new episodes of DEMO. I'm Keith Shaw, thanks for watching.