Druva, a leading provider of data security, is introducing Threat Watch, a zero-touch, automated cloud-native solution for proactive threat monitoring of backup data.
According to Druva, Threat Watch is designed to continuously scan backup snapshots to identify dormant threats and indicators of compromise (IOCs)—empowering IT and security teams to act faster and validate a path to clean recovery.
Threat Watch is designed to deliver continuous, peace-time monitoring of backup data and complements threat hunting activities that typically ramp up during an incident. As standards such as DORA and SEC disclosure rules tighten reporting timelines, Threat Watch helps teams assess impact faster and prove data integrity, the company said.
"Cyber resilience isn’t just about having a copy of your data, it’s about the certainty that you can recover without reinfecting your environment," said Yogesh Badwe, chief security officer at Druva. "Threat Watch brings a peace-time proactive monitor to what has historically been a war-time manual forensic process. With this new capability, we are giving customers the forensic evidence they need to meet strict regulatory windows and have clearer proof of what is safe to restore when the business is under pressure.”
Built on Druva’s cloud-native architecture, Threat Watch scans backup data in the Druva Data Security Cloud, outside production environments and without requiring additional hardware or agents.
This scan in-place approach avoids the delays of moving data to separate security tools and enables Druva to offer the industry’s only Data Movement Latency SLA. As a result, detection occurs in near real-time without impacting production performance or increasing infrastructure costs, the company said.
Key benefits and outcomes of Threat Watch include:
- Curated IOC library: Uses a curated and customer-configurable IOC library, including indicators from CISA, Google Mandiant Threat Intelligence, and Druva ReconX Labs, with support for customer-provided IOCs via upload or API.
- Early threat visibility: Continuous scans help minimize breach duration by identifying dormant threats in backup data.
- Safe, lossless cyber recovery: Threat signals detected with Threat Watch feed directly into Druva’s cyber resilience portfolio of products. Powered by Recovery Intelligence, this enables customers to quickly understand blast radius, identify clean restore points, and reduce reinfection risk during recovery.
- Deep analysis with DruAI: Built on Dru MetaGraph, Druva’s graph-powered foundation for real-time data intelligence, Threat Watch will be able to output threat signals into DruAI to help teams prioritize risk, understand impact, and act with greater confidence.
- Compliance and audit readiness: Automated summary reports mapped to regulations including NIST, ISO, and DORA that prove "continuous monitoring" to auditors and insurers.
Threat Watch is generally available for cloud and data center workloads (including Amazon EC2, Azure VMs, and VMware VMs) now. Support for more workloads will be available soon.
For more information about this news, visit www.druva.com.