Increasing availability of attack tools and services in cybercrime-as-a-service (CaaS) has led to surge in cyber threats: Rubrik

Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security, it helps organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions.

Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. Rubrik helps organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Abhilash Purushothaman, VP & GM, Asia, Rubrik, tells us more. Excerpts from an interview.

DQ: Why are businesses unable to back up their data, despite cyber security concerns?

Abhilash Purushothaman: The challenge for businesses is not that they can’t back up their data. It’s that the legacy backup tools were designed for low-frequency and high-impact events (like natural disasters, human error etc.).

We live in a world where cyber threats and ransomware attacks are happening every day across the industry. We live in a world where we have high frequency high impact events all around us. Legacy backup technology was not conceived or built to solve the cyber resilience problem – they solved the problem of 'moving the data fast and storing the data cheap'.

Today 93% of cyber-attacks target backups, and 73% of those attacks are at least partially successful. Bad actors are getting through to the data because many backup product vendors claim to have “isolated and air-gapped” backups. In reality, every legacy backup has vulnerabilities in their design and architecture, such as using open protocols (CIFS, NFS, NTP) that can (and will) be compromised.

Most of the legacy backup vendors rely on in place writes that can’t guarantee that backup data won’t be changed after being ingested. Legacy backup solutions also lack tools to help prepare and recover quickly in the event of a cyber-attack, like ransomware. They were not built for a world where IT teams have to continuously test and prove cyber readiness and cyber resilience, as well as pinpoint the scope and impact of any cyber-attack, and quickly restore data without risk of reinfection.

From our inception in 2015, Rubrik was designed with an immutable distributed file system and zero-trust architecture with both logical and physical air-gapping of data. Operations to the data can only be performed through authenticated APIs, so data backed up on Rubrik is never exposed to insecure access methods like open protocols.

Rubrik also provides innovative cyber resilience capabilities for today’s world including ML-powered anomaly detection, threat monitoring, threat hunting, sensitive data monitoring, user access analysis, and cyber recovery.

DQ: There is also a rise in phishing and social engineering, that leads to ransomware. Why aren't those being taken care of?

Abhilash Purushothaman: Ransomware is a business model exploiting human behaviour. 100% of breaches are from compromised credentials including common tactics like phishing and social engineering. As a society, we must strive to continuously do better to build awareness and train consumers, users, employees, contractors, and others to more effectively understand the threats and risks in order to mitigate these attacks.

While spreading awareness and education will help reduce the number of attacks, it will, unfortunately, never eliminate all attacks. Businesses must embrace an “assume breach” posture to data security to ensure they will be prepared always. Data backups will be the last line of defence when you get compromised and attacked, so businesses need to embrace a modern, new-age approach that includes a zero-trust data reliance operational platform designed for today’s sophisticated cyberattacks.

Vendors must also find innovative ways to help customers minimize this risk. 90% of breaches were caused by over-privileged access to data, which is why understanding and continuously monitoring of user access is critical.

Rubrik recently announced User Access Analysis and User Activity Monitoring allowing organizations to shift from being reactive to being proactive in the fight against cyberattacks by proactively finding out who has access to sensitive data and remediate the threat of data exposure risk before any potential breach.

DQ: How is Rubrik strengthening identity and access management?

Abhilash Purushothaman: Rubrik was designed from the beginning with an immutable, zero-trust design which means trust nothing, trust no one and always verify. Additionally, Rubrik uses identity and access management controls including multi-factor authentication (MFA), native time-based, one-time passwords (TOTP), mutual authentication between cluster nodes prior to any data exchange, and granular, role-based access controls (RBAC) built on the principle of least privilege to limit access exposure.

In addition to this, we recently announced the Rubrik Active Directory and Azure Active Directory protection. Active Directory sits at the heart of many data centres across the globe. Aside from providing directory services, Active Directory is often the lifeblood of many third-party applications, providing authentication and access control to organizations' data.

Roughly 80% of security breaches result in Active Directory being compromised, and the data within Active Directory is an essential prerequisite in restoring user access to key applications and getting businesses back to work. Rubrik’s Active Directory protection also allows the organizations to ensure that this key part of their data centre is well protected and easily recoverable in the event of a malicious attack or accidental deletion.

DQ: What is the status of cybercrime-as-a-service (CaaS)? What steps has Rubrik taken for preventing that?

Abhilash Purushothaman: Cybercrime-as-a-Service (CaaS) refers to a model where cybercriminals offer their expertise, tools, and resources to other individuals or groups who wish to engage in cybercriminal activities. This underground market allows aspiring attackers to access a range of malicious services, such as malware distribution, phishing campaigns, DDoS attacks, ransomware, and stolen data trade, among others.

What sets CaaS apart from conventional cybercrime is its accessibility and ease of use. In traditional cybercrime, perpetrators develop and execute attacks themselves. With CaaS, non-expert criminals can purchase ready-made attack tools or services in a one-stop shop, making it more widespread and lowering entry barriers into the cybercriminal world.

The increasing availability of attack tools and services in Cybercrime-as-a-Service (CaaS) has led to a surge in cyber threats for organizations. They now face a broader range of potential attacks, from even more cybercriminals,  making it challenging to defend against their ever-changing tactics.

Effectively addressing cyber threats demands substantial investments in cybersecurity measures, incident response, and data recovery efforts. CaaS exacerbates these challenges as businesses must continue to stay vigilant against a diverse and widespread range of attacks.

The consequences of successful cyberattacks can be severe, resulting in data breaches, data exfiltration and potential violations on privacy regulations leading to significant financial and reputational damages. To protect sensitive data and maintain trust with customers and stakeholders, organizations should fortify their cyber resilience posture by adopting an ‘assumed breach’ approach as well as incorporate zero-trust data security as part of their cybersecurity strategy to stay vigilant against emerging threats. A proactive and collaborative approach is crucial in mitigating risks and safeguarding against the continuously evolving cyber threat landscape.

Adopting a multi-layered cybersecurity approach is essential for organizations to fight back against CaaS. This approach involves adopting robust measures by deploying advanced security solutions like firewalls, intrusion detection systems, and antivirus software to safeguard against various cyber threats. In addition, encrypting sensitive data and limiting access privileges via a zero-trust security model to only authorized personnel is also essential. This helps protect against data breaches and insider threats by treating users and devices as untrusted until verified, reducing the attack surface.

But, in today’s world, preventative measures on their own aren’t enough to keep organisations safe and running. Organisations must also implement a comprehensive cyber resilience strategy to ensure data recovery & sensitive data detection in case of a ransomware attack or data loss incident.

Rubrik was founded, based on a vision of securing the world’s data and we help businesses achieve resilience against cyberattacks, malicious insiders, and operational disruptions by securing data wherever it lives—across enterprise, cloud, and SaaS—making the business unstoppable. 

To crack down on CaaS, cybersecurity experts and authorities must foster global collaboration to track and apprehend cybercriminals operating across borders. This includes sharing information about CaaS attacks and the individuals using them and coordinating investigations and prosecutions. By establishing dedicated cybercrime investigation units within the law enforcement agencies, authorities can enforce stringent cybersecurity laws and penalties to deter cybercriminals. This includes increasing the penalties for CaaS-related crimes and making it easier for law enforcement to seize assets from cybercriminals.

DQ: Why is still there an over-reliance on fragile connectivity?

Abhilash Purushothaman: In India, we see an over-reliance on fragile connectivity creating the potential for premeditated internet outages and ample opportunity for ransomware attacks.

Although this is changing, there has been a lack of funding, developmental resources and insufficient maintenance on the core infrastructure that often leads to fragile connectivity. We are an inflection point with connected devices, smart devices, IoT etc. being used across businesses and industries. But, we still have a long way to go in terms of trusting the devices, connectivity, and overall, the technology that we use.

For e.g. Open Standards that ensure greatest adoption of technology, like IoT, needs to have increased focus around privacy and security and fragile connectivity creates significant impact in delivering and securing these services.

DQ: What are you doing about cloud vulnerability?



Abhilash Purushothaman: There are said to be four types of cloud vulnerabilities — misconfiguration, poor access control, shared tenancy and supply chain vulnerabilities. Other cloud vulnerabilities include insecure APIs and lack of multi factor authentication.

We have seen a massive increase in customers who are making investments in the cloud and many of them entrust Rubrik to assist them in managing the inherent vulnerabilities associated with cloud data migration and storage. We have multiple strategies to enhance cloud security for our customers.

One benefit of Rubrik for customers transitioning/migrating to the cloud is our ability to unify data management across both public and private clouds. We provide our customers with a centralized control point to configure and manage all their cloud data security and recovery needs, globally. This approach prevents any instances of outdated or incorrect configurations for individual resources (like VMs, DBs, etc).

Additionally, the single control point offers a unified view, allowing customers to validate that configurations are consistently and accurately enforced across all resources. This all reduces potential vulnerabilities of the cloud.

Robust logging and reporting also play a crucial role in ensuring proper access control. At Rubrik, we strictly adhere to the principles of least privilege, ensuring that excessive permissions with potential for misuse are avoided. To further bolster security, Rubrik utilizes custom user roles that restrict privileges based on different user types, effectively minimizing unauthorized access. Additionally, we enforce multi-factor authentication (MFA) for all local user accounts, and our platform is compatible with third party Single Sign On (SSO) providers such as ADFS, Azure, and Okta.

Another crucial aspect of how we manage vulnerabilities in the cloud is our ability to replicate and store data across various organizational boundaries, geographies, and multiple cloud vendors. This ensures that even if data is compromised in one location, our customers can still recover and continue their business operations seamlessly.

We also offer, Rubrik Cloud Vault – a fully managed service in the cloud that keeps your data safe from cyber-attacks with immutable backups that are logically air-gapped through encryption and hashing thereby preventing unauthorized access to your retention policies. In the event of data loss, customers can quickly browse through point-in-time snapshots to begin bulk recovery or granular restore down to the files.

DQ: Vulnerabilities also start with smart medical devices and electronic medical records (EMRs). What is Rubrik doing there?

Abhilash Purushothaman: Rubrik secures customers’ data and ensures it is available no matter where it resides. We work with companies in every industry - from healthcare to financial services to governments of all sizes to ensure their sensitive data is secure.

Rubrik’s unique proprietary file system design makes it less susceptible to prominent attack surfaces found on competing NFS infrastructures. We also have the capability to directly manage massive amounts of healthcare data at lower costs as well as orchestrate data between on-premises and cloud systems.

Automated sensitive data discovery and classification is an integral part of an effective data security plan. Rubrik layers on additional functionality like machine learning to discover, classify, and protect sensitive data without impeding production or additional infrastructure.

Rubrik also helps organizations on HIPAA compliance and reporting HIPAA sets guidelines for storing and protecting sensitive healthcare data. Our automated data governance, with at-rest and in-flight encryption, helps safeguard sensitive data in accordance with regulatory compliance and highlights risks, such as data stored in unauthorized locations.

Healthcare institutions rely on skilled personnel to handle large volumes of data. The competition for qualified talent can pose challenges for these organizations. Automation helps accelerate processes and scale environments with reduced human assistance, allowing skilled staff to work on high-value projects. Legacy companies use systems that were designed to meet industry standards from 20 years ago. They are unable to fulfill current regulatory and compliance requirements.

Rubrik is built for today’s data landscape and has the flexibility to leverage and protect your unique infrastructure design from the data centre to the cloud.

Rubrik uses an immutable architecture combining an immutable filesystem with a zero-trust cluster design where operations can only be performed through authenticated APIs. This helps prevent ransomware from accessing and encrypting backups and enables fast recoveries in the event of a data breach.

DQ: Does Rubrik advice on real-time data monitoring?

Abhilash Purushothaman: At Rubrik, we believe that both cyber posture and cyber recovery are required for complete cyber resilience. Securing data is necessary, but not sufficient. Businesses need to be proactive in their approach to cyber resilience. This is why we continue to innovate on behalf of our customers with new capabilities like User Access and Activity

Monitoring that help identify sensitive data exposure and ultimately improve cyber posture.

In regards to doing this real-time on production systems vs. doing this on backup systems, the average time to identify and contain a data breach is 277 days, so the reality is bad actors go weeks or months undetected. Additionally, implementing sensitive data monitoring and data loss prevention (DLP) on production systems will always be difficult and impractical due to use of agents which impact performance and create significant operational overhead and burden.

This is one of the primary reasons why Rubrik recently partnered with Zscaler to integrate our Sensitive Data Monitoring & Management capabilities with Zscaler’s DLP solution. This integration proactively identifies sensitive business data across enterprise, cloud, and SaaS environments so that it can be fingerprinted into an index to more easily and accurately prevent data loss. Rubrik Sensitive Data Monitoring & Management discovers and classifies sensitive data that matters so Zscaler can enforce data protection policies without the complexity and burden of taxing production systems.

This protects Rubrik and Zscalar customers to manage sensitive content, enforce remediation and response workflows and prevent sensitive data from being exfiltrated avoiding double extortion scenarios.