❗ Terms and Conditions:
Druva's Managed Data Detection and Response Service is available only to Druva and Dell customers. MDDR is an advanced-release product/service and is subject to Druva’s Early Access Addendum. The MDDR Service is provided “as is”. Druva makes no promises with regard to response times.
Overview
Managed Data Detection and Response Service (MDDR Service) is a managed service that offers round-the-clock monitoring, detection, and response for your backups in Druva. It provides monitoring & notification for the threat indicators listed in the table below.
As part of MDDR Service, Druva provides the following capabilities:
Detection
Key backup threat indicator monitoring: Our MDDR service monitors key threat indicators that could compromise your backed-up data. This includes identifying anomalies, suspicious activities, and potential breaches.
Response
Playbooks for various incident scenarios: In the event of a detected threat, our MDDR service employs predefined playbooks tailored to various incident scenarios that provide a structured response strategy designed to help mitigate threats. Each playbook is crafted to address specific types of incidents, from malware attacks to data breaches.
Key Features and Benefits
24/7 Monitoring: The MDDR Service operates around the clock, continuously surveilling your backup systems to detect and address potential threats.
Proactive Threat Management: The MDDR Service proactively identifies potential risks by monitoring key threat indicators and advanced monitoring tools.
Structured Incident Response: Using detailed playbooks ensures a systematic and efficient response to various incident scenarios, minimizing downtime and data loss.
Get started with MDDR Service
How to access MDDR Service?
This service is automatically built into the Druva Cloud Platform and is available as part of your backup subscription. For information on how to get started, please contact your account manager or customer success manager. You may also contact support for further assistance or questions.
❗ Important:
MDDR Service is not available for GovCloud and SFDC customers.
What do we monitor using the MDDR Service?
MDDR Service monitors a range of events. The following table provides information about the types of events monitored for different Druva products*:
Device and User Account Alerts
For Endpoints, Microsoft 365, and Google Workspace | Snapshot Deletion
For Enterprise Workloads | Backup Set Deletion
For Enterprise Workloads | Backup Set Disabled
For Enterprise Workloads |
|
|
|
|
* Threat indicators are subject to change at Druva’s discretion.
How do we action MDDR alerts?
Druva has implemented a proactive approach to handle MDDR alerts. Systems are configured to automatically generate cases upon receiving an MDDR alert. This automation helps to streamline the initial response process, reducing response time. The process includes:
Manual Validation: Once a case is created, the Druva Incident Response team triages alerts, investigates them, and verifies them to weed out noisy, false positive alerts.
Admin Verification: The alert is validated, and the Druva Incident Response team contacts all administrators associated with the account. The purpose is to verify whether the event was planned or an unexpected incident.
Critical Alert Actions: For snapshot deletion alerts, which are categorized as critical alerts, Druva implements staggered data deletion from the Druva cloud for deleted or expired snapshots.