Rubrik at the Black Hat USA 2024 conference today revealed it is partnering with the Mandiant arm of Google to reduce the amount of time organizations require to recover from a cybersecurity breach.

Steve Stone, head of Rubrik Zero Labs, said the alliance will result in the threat monitoring capabilities developed by Mandiant being embedded into the Rubrik backup and recovery cloud service.

In addition, the two companies will make available a Rubrik Clean Room Recovery service to enable organizations to store their data in a clean Google Cloud environment or multi-cloud environments to simplify recovery.

Finally, the two companies will jointly make available incident response teams to help organizations recover from cyberattacks and become more resilient to attacks before they are launched.

Rubrik already provides threat-hunting and threat-monitoring capabilities to identify safe recovery points. Mandiant Threat Intelligence collected from thousands of endpoints will augment that capability, said Stone.

Recovering from ransomware attacks has become more challenging because cybercriminals may be present in an IT environment for multiple days. Determining how far back an organization needs to go to recover a pristine copy of data that hasn’t been infected by malware today often requires a lot of time and effort.

In fact, in many cases, cybercriminals are betting organizations will find it easier to ransom their data than to recover a pristine copy of it. The Rubrik Clean Room Recovery service hosted on Google Cloud ensures that pristine copies of an organization’s most critical data are readily available, said Stone.

Most organizations today are rightly focused on trying to prevent cyberattacks but despite those efforts, a breach is all but inevitable. The longer it takes to discover and contain a data breach the more costly it becomes. The more organizations prepare for such incidents by embracing data protection platforms the faster they can recover. As a result, more organizations are now focusing on ensuring they can attain and maintain higher levels of cyber resiliency.

The challenge is those efforts often require a level of collaboration between cybersecurity professionals and IT operations teams that are typically responsible for managing the data protection platforms. In an ideal world, the detection of a breach would automatically kick off a series of processes to first determine the scope of the breach, and the organization’s ability to recover any data that might have been encrypted by a ransomware attack.

Unfortunately, far too many organizations are learning the need to have that capability after a crippling breach has already occurred. Hopefully, with major breaches now being reported almost daily, more organizations are putting in place the automated workflows required to protect as much data as possible.

In the meantime, IT teams should assume that malware capable of encrypting their data is already present in their IT environments. The challenge now is detecting as much of it as possible before it is data-activated in a way that is designed to cause the maximum level of disruption possible.