Over the years, Druva has developed services for protecting and managing data and tools for governance and compliance. Today, it took that idea one step further when it added ransomware and anomaly detection.
The company decided to develop a ransomware detection tool after finding that customers were using Druva to help manage the ransomware recovery process. Restoring data has always been a Druva strength, and it made sense to put the two together, CEO Jaspreet Singh explained.
“We saw a bunch of customers use the whole notion of data management for malware/ ransomware recovery. Our customers had a malware/ransomware tool and us as recovery, but putting the two together was challenging,” Singh told TechCrunch.
That’s when the company decided it might make sense to build its own anomaly detection tool and move from being purely reactive — helping recover from an incident — to being proactive and helping manage the incident.
Moving into this realm presented challenges for Druva, and they admit it took time to create a system that didn’t produce a lot of false positives. When you are looking for anomalies in a data management tool like Druva, many everyday activities like a system update or a critical eDiscovery action could seem like unusual activity. The key was finding what was actually malware.
The company tapped into machine learning algorithms to help understand the data better and reduce those false positives. “Machine learning is becoming a commodity in 2017. We’re using machine learning for course correction and understanding how the files change, rather than broad stroke anomaly detection focusing on one use case,” Singh said.
While Druva recognizes that it won’t be the first line of defense for bigger companies, it believes having this kind of protection in place will be really valuable for the small to mid-market customers who lack protection and recovery for ransomware attacks, while acting as a secondary line of defense for those that have other tools in place.
“One thing to keep in mind, with ransomware, you need a two-layer approach to protecting the business. Ransomware is created and adapted so fast, it’s hard to keep up protection. We are a second line of defense and providing another tool in the toolbox to help minimize the blast radius of attacks,” Dave Packer, Druva’s VP of corporate and product marketing explained.
Druva was founded in 2008 and has raised $118 million, including its most recent $51 million round last September.