❗Important: Check the supported workloads at Feature support matrix.
June 20, 2026
Feature
Cyber Recovery Plans for VMware
Introducing Cyber Recovery Plans to ensure business continuity during cyberattacks by transforming slow, manual recovery into an automated, threat-aware operation. Unlike traditional disaster recovery designed for power outages or hardware failures, this feature is specifically engineered for administrators to defeat modern cyber threats.
With this feature, administrators can:
Perform Threat-Aware Recovery: Automatically scan for malware before data enters the office network to avoid restoring viruses along with the data.
Establish Compliance Confidence: Prove protection and preparation to auditors with automatically generated Proof of Recovery reports.
Utilize a Secure Sandbox: Use an Isolated Recovery Environment (IRE) to test and clean systems in a fenced-off area before they go live.
Improve Speed and Accuracy: Restore an entire business application stack with a single action instead of manually restoring individual servers.
Execute Targeted Recovery Modes: Choose between a Scheduled Cyber Recovery Testing Plan (SCRT) for automated "fire drills" or a Live Incident Recovery Plan (LIR) to restore critical resources in a secure environment using verified, clean snapshots.
This update enhances overall cyber resiliency and recovery efficiency by automating the identification of clean snapshots and providing isolated environments for safe data restoration.
For more information, see Get Started with Cyber Recovery Plans for VMware.
Recovery Intelligence for Azure Virtual Machines (Azure VM)
Ensure your recovery is clean before you even hit "Restore." We have introduced advanced threat hunting capabilities into the recovery workflow, allowing you to identify non-impacted snapshots and eliminate the risk of re-infecting your environment.
As part of the Recovery Intelligence feature, the Azure VM Recovery Point tab used for the restore workflow will now include a new Cyber Recovery tab for real-time, recovery-focused visibility, empowering you to better protect and restore Azure VM backups.
Pre-Recovery Threat Hunt: Every recovery now includes an option to perform a threat hunt, helping you pinpoint the exact "clean" snapshot needed for a successful restore.
Recovery Intelligence: Gain immediate visibility into the health of your snapshots with automated intelligence that populates critical data about each restore point.
Integrated Restore Scans: Before committing to a restore, perform a Cloud-based IOC (Indicator of Compromise) scan and AV (Antivirus) scan on your selected restore point to verify it is free of malware.
❗Important:
To view and access the Recovery Intelligence feature, you must have either a Security Posture & Observability, Accelerated Ransomware Recovery, or a premium license.
To view and access the Recovery Intelligence details for the Threat Hunting feature, the Premium license is mandatory.
For more information, see
Cloud-Based Data Anomaly support for Azure Virtual Machines
We have extended our Data Anomalies capabilities to support Azure Virtual Machines.
This feature allows you to proactively monitor cloud backups for suspicious activity without manual oversight or complex software management.
Zero-Touch Deployment: Benefit from flexible, agentless protection. This feature is entirely credential-free, requiring no local installations or heavy maintenance.
Proactive Data Anomaly Detection: Our intelligent algorithm monitors backups for unusual spikes in file additions, deletions, modifications, or encryption—helping you identify ransomware or insider threats in real-time.
Customizable Security: Define your own detection thresholds or stick with our "Recommended" defaults. Settings can be managed via Cyber Resilience > Data Anomalies > Settings.
Actionable Insights: Stay ahead of risks by reviewing alerts in the Cyber Resiliency > Posture & Observability > Data Anomalies > Anomalies tab to ensure your data remains untampered.
For more information, see Data Anomalies Settings.
May 11, 2026
Feature
FedRAMP Authorization for Druva Cyber Resiliency
Druva has achieved FedRAMP authorization for its Cyber Resiliency suite, extending advanced security capabilities to File Server, NAS, and VMware workloads within the Druva FedRAMP cloud.
Federal agencies can now leverage these certified features to proactively detect risks and ensure data integrity in high-compliance environments.
For more information, see the Enterprise Workloads FedRAMP release notes.
February 21, 2026
This release has minor bug fixes and enhancements.
January 10, 2026
Feature
Cyber Resiliency Readiness Score for a stronger Security Posture
We are excited to introduce Cyber Resiliency Readiness Score.
The Cyber Resiliency Readiness Score gives you a clear, real-time view of your organization's resilience posture. It is an interactive widget that not only tracks your readiness but also makes it easy to configure your Cyber Resilience settings on the fly.
You will find the scorecard placed on both the Druva Cloud platform dashboard and the Security Center.
This update is designed to help you quickly understand and adopt all of our comprehensive security offerings.
Access Path: Navigate to the Cloud Platform Console dashboard > Cyber Resiliency >Readiness Score.
Key Updates:
Interactive Readiness View: A new card provides a clear, actionable score of your current security readiness, with a sunburst chart and list view for a comprehensive overview. In addition, you can also configure your Cyber Resilience settings on the fly using the edit options.
Flexible Workflow: You can skip steps and return to complete them later.
Proactive Notifications: The system will notify you of any incomplete security configurations.
Full Feature Visibility: Easily explore all available Cyber Resiliency features.
Seamless In-app Help: Help content for features now appears directly within the UI console.
Key Benefits:
Simplified Adoption: Get up and running with essential security features faster and with less effort.
Full Visibility: Avoid missing out on powerful security configurations crucial for protecting your data.
Proactive Security: Ensure your environment is aligned with security best practices from the start.
Customer Action Required: None
For more information, see Security Center.
Enhancement
Deprecation of a few Restore Scan APIs
We have deprecated the following Restore Scan APIs with this release:
Lists all the current configured file hashes
Add new file hashes
Delete the file hashes
Customer Action Required: If your current integrations or scripts utilize these Restore Scan APIs, you must migrate to our new Threat Intel APIs. These new APIs are enhanced and more robust, serving as direct replacements.
October 11, 2025
Enhancement
Druva Published IOC Set: Now Standard for Accelerated Ransomware Recovery license holder
We are excited to announce that Druva Published IOCs are now available to all customers with an Accelerated Ransomware Recovery license!
This key feature, previously a Premium exclusive, delivers proactive threat intelligence to better detect and respond to ransomware. Our goal is to make advanced security widely accessible, strengthening recovery readiness for more customers. For more information, see IOC Library and Threat Intelligence.
July 26, 2025
Feature
Federal Risk and Authorization Management Program (FedRAMP) support for Cyber Resiliency features for Endpoints and Microsoft 365
We are excited to announce that the GovCloud will now support Cyber Resiliency features for Endpoints and Microsoft 365. For more information, see the Endpoints GovCloud Release Notes and Microsoft 365 GovCloud Release Notes.
Druva integration with Microsoft Sentinel
We are excited to announce Druva's integration with Microsoft Sentinel.
With this integration, you can better manage ransomware detection, response, and recovery by facilitating better collaboration between IT SecOps tools.
Key features available with this update:
Druva Events Data Connector: Receive Druva Security & Operational Events right into your Microsoft Sentinel. Receive alerts for suspicious admin activities, data anomalies like file additions, deletions, modifications & encryption, unusual data access events, and backup policy changes.
Quarantine Playbooks: Manage Ransomware Response by quarantining infected backup snapshots on the impacted resources, which helps safeguard your system from further infection by barring users or administrators from downloading or restoring data.
Here’s the Druva app for Microsoft Sentinel.
For more information, see Druva app for Microsoft Sentinel.