Important:
Our Cloud services are being updated in stages. If you do not see the updates mentioned here yet, they will be available in your region soon. To know more, see Druva Cloud Upgrade Process.
January 29, 2026
New Feature
Cloud-Based Data Anomaly support for Azure Virtual Machines and AWS Workloads - EC2 and EBS Volume
We have extended our Data Anomalies capabilities to support Azure Virtual Machines and AWS Workloads (EC2 and EBS Volume).
This feature allows you to proactively monitor cloud backups for suspicious activity without manual oversight or complex software management.
Zero-Touch Deployment: Benefit from flexible, agentless protection. This feature is entirely credential-free, requiring no local installations or heavy maintenance.
Proactive Data Anomaly Detection: Our intelligent algorithm monitors backups for unusual spikes in file additions, deletions, modifications, or encryption—helping you identify ransomware or insider threats in real-time.
Customizable Security: Define your own detection thresholds or stick with our "Recommended" defaults. Settings can be managed via Cyber Resilience > Data Anomalies > Settings.
Actionable Insights: Stay ahead of risks by reviewing alerts in the Cyber Resiliency > Posture & Observability > Data Anomalies > Anomalies tab to ensure your data remains untampered.
For more information, see Data Anomalies Settings.
Get enhanced data security for AWS S3 with Rollback Action support
You can now use the Rollback Action feature to recover your Amazon Web Service (AWS) S3 backed up data.
This feature allows you to restore deleted backed up data for AWS S3 backup sets within a configurable window, protecting against both accidental and malicious deletion.
For more information, see Rollback Actions.
January 16, 2026
New Feature
Introducing Threat Watch
📝NOTE: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support.
From Recovery to Resilience! We are evolving your data protection from a reactive recovery into a proactive defense mechanism. Threat Watch introduces a fully automated, continuous monitoring solution that integrates threat detection directly into your backup lifecycle.
By shifting to an "always-on" security model, Threat Watch ensures your backup environment is a resilient line of defense against ransomware and evolving cyber threats.
Security Admins: Gain automated early detection, high-fidelity alerts, and full auditability.
Backup Admins: Recover with confidence using verified, risk-free restore points.
🛡️ Key Capabilities
Zero-Touch Automation: Experience seamless security with automatic onboarding. There is no manual configuration or operational overhead required for administrators.
Continuous Post-Backup Scanning: Backups are automatically scanned once indexing is complete. Scans run three times daily (every 8 hours) to ensure constant vigilance.
Retroactive Rescan: When new IOCs are added to the IOC library, Threat Watch automatically rescans backups up to 30 days old to identify previously hidden risks.
Automated Risk Containment:
Auto-Quarantine: Infected snapshots are isolated immediately upon detection.
Instant Alerts: Notifications are dispatched via SIEM integration, email, and in-app alerts.
Clean Point Recovery: Integrates with Recovery Insights to provide insights about the last clean snapshot.
Comprehensive IOC Libraries:
Druva Managed IOC Library: Powered by Google Mandiant, CISA, and Druva’s own ReconX Labs.
Custom Library: "Bring your own IOCs" by uploading custom IOCs tailored to your environment.
Detailed Reporting: Access in-depth reports at the snapshot level to see exactly which files are infected, along with Audit-Compliance and Scan Summary reports for full visibility.
Workload Support: AWS EC2 & EBS, Azure VMs, and VMware (Data Center).
Licensing: Included in the Premium Security SKU.
Access Path: From the Druva Cloud Platform Console, go to Global Navigation Menu > Cyber Resiliency > Posture & Observability > Threat Watch.
Here's a quick overview video of the feature
Here's a quick overview video of the feature
🔍 Threat Watch vs. Threat Hunting
Threat Watch works alongside Threat Hunting to provide a multi-layered Defense in Depth strategy:
Feature | Monitoring Type | Primary Use-Case |
Threat Watch | Always-on, Automated | Proactive detection and automated containment. |
Threat Hunting | On-demand | Forensic investigation and manual incident response. |
For more information, see Threat Watch.
Alternatively, you can use Threat Watch APIs to perform Threat Watch related actions.
January 08, 2026
Enhancement
Get enhanced Data security for Azure SQL with Rollback support
You can now use the Rollback action to recover your Azure SQL backup data. This feature allows you to restore deleted backup data for Azure SQL backup sets within a configurable window, protecting against both accidental and malicious deletion.
For more information, see Rollback Actions.
Customer Action: None
To know about supported entities of Rollback Action, see support matrix.
January 01, 2026
This release has minor bug fixes.
December 18, 2025
This release has minor bug fixes.
December 04, 2025
This release has minor bug fixes.
December 01, 2025
Enhancement
Support for India storage region for Azure Cloud Storage for Enterprise and AWS Workloads
Security Posture & Observability, Advanced Ransomware Recovery, and Threat Hunting features currently supported for Enterprise Workloads (File Server, NAS, and VMware) and AWS Workloads (Azure Virtual Machines and EC2) will also be supported in India storage region for Azure Cloud Storage.
For more information about Azure Cloud Storage, see, Enterprise Workloads release notes.
November 20, 2025
This release has minor bug fixes.
November 06, 2025
This release has minor bug fixes.
November 03, 2025
Enhancement
Transition to Cloud-Based VMware Data Anomalies
❗ Important
This feature is under early access and is available for limited customers.
A significant enhancement has been made to the collection of Data Anomalies for VMware resource types.
The Change:
We are transitioning from the current agent-based model to a streamlined, cloud-based architecture (agentless).
This enhancement provides flexible, agentless deployment for zero-touch, credential-free protection.
Key Benefits:
Enhanced Security: Eliminates the need to share or store root/administrator credentials for the guest VM. You no longer have to provide guest OS credentials for the Data Anomalies feature to function. This improves the overall feature adoption and customer experience.
Simplified Operations: Reduces operational overhead by removing the dependency on an installed agent within the guest VM.
Increased Efficiency: Data collection no longer requires the VM to be powered on, improving flexibility and resource utilization. Provides zero-touch UDA configuration for VMware virtual machines.
Automated, Efficient Data Anomalies: Zero-touch Data Anomalies configuration for VMware VMs. Data collection no longer needs powered-on VMs, optimizing flexibility and resource utilization.
Modern Architecture: Aligns VMware Data Anomalies with a secure, scalable, and cloud-native architecture.
Customer Action required: To ensure your environment is ready to benefit from this simplified, agentless protection immediately, we require you to update your VMWare Backup proxy to version 7.0.8 or higher.
For more information, see Cloud-Based VMware Data Anomalies (Agentless).
October 23, 2025
This release has minor bug fixes.