IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Accelerating Ransomware Recovery with Rubrik Threat Hunting for U.S. Government

At this point, it is clear: cyber attacks from nation-state adversaries persistently threaten local, state, and federal governments, as well as educational institutions.

It is not a matter of if bad actors can penetrate existing security controls, as they are already doing so and will continue to do so. Whether it is due to one unpatched machine or one user clicking on a link in an email, we believe cyberattacks are inevitable.

The ability to recover from cyberattacks is critical for the safety of the citizens who rely on our nation's critical institutions and essential infrastructure. Anyone who has lived through a cyberattack knows that recovering data afterward is extremely difficult. Cyber recovery is often slow and complex because it requires navigating through numerous steps before actual recovery can occur.

You have to answer some critical questions like:
  • What was the scope of the attack? What data and applications were impacted?
  • What point should we recover from to avoid reinfection?
  • How do we reduce the risk of reinfection upon recovery?

This is where Rubrik Threat Hunting comes into action. It empowers IT and Security teams with insights into the initial point, scope, and time of infection to prevent malware reinfection.

In the event of a malicious cyber event, the ability to recover data and applications with speed and confidence is paramount for maintaining mission continuity.

“Imagine recovering from a cyberattack, only to find out that your organization has accidentally reintroduced the malware back into the system. After the costly downtime, psychological impact, and reputational damage — you’re back at square one,” said Anneka Gupta, Chief Product Officer at Rubrik. “Pinpointing the point, scope, and time of the infection can be nearly impossible without the ability to analyze the history of data for indicators of compromise. Rubrik Threat Hunting provides this deep level of intelligence, designed to enable federal and state governments to be confident in their cyber recovery.”

Finding Malware and Avoiding Reinfection

Now with Rubrik Threat Hunting, government entities can directly scan their backups for indicators of compromise, including ransomware. With this added intelligence, organizations can more accurately identify the last known clean copy of data in order to prevent reinfection during and after recovery.


This allows organizations to verify the integrity of backups and other assets before restoration, and thereby adhere to The National Institute of Standards and Technology (NIST)’s recently updated Cybersecurity Framework guidance as part of its Incident Recovery Plan Execution.

Other recent enhancements to Rubrik Security Cloud - Government include:

Data Threat Analytics:
  • VM encryption detection: Receive anomaly alerts for VM-level encryption activity, quickly assess the blast radius, and recover from such attacks. 
  • Anomaly Detection for Nutanix AHV and Microsoft Hyper-V: Assess the cyberattack blast radius and identify malicious activity, now available for two new workloads.

Data Protection:
  • Quorum authorization: Enforce the requirement of getting quorum approvals for performing data-modifying actions in Rubrik Security Cloud - Government.
  • Granular control over password complexity rules for local users: Set policies in Rubrik Security Cloud - Government that ensure users set strong, complex passwords and prevent password reuse.

Protection of New Workloads:
  • IBM Db2 protection: Automatically discover and protect Db2 databases while unifying data protection with Rubrik Security Cloud - Government. Perform restore operations with your existing Db2 tools and processes.
  • Microsoft Active Directory: Ensure the data users and applications need to authenticate and enforce access controls are readily available and quickly recoverable. Automatically discover and protect Active Directory data and support recovery of complete domain/domain controllers and individual objects.

  • Zscaler DLP integration: Discover and classify sensitive data out-of-band from production systems to more effectively prevent the loss of critical business data and double extortion ransomware. Learn more

To date, Rubrik Security Cloud - Government has achieved:
  • StateRAMP™ certification
  • “In Process” FedRAMP® Moderate status and 
  • TX-RAMP Level 2 Authorization
  • Security attestations for Criminal Justice Information Services (CJIS) Security Policy and Family Education Rights and Privacy Act (FERPA) security conformance

Rubrik has a long history of securing data for federal, state, local governments and educational institutions. Hundreds of state and local governments nationwide rely on Rubrik, including the Lewis County Public Utility District, San Joaquin County, and South Louisiana Community College.
Rubrik delivers instant application availability to hybrid cloud enterprises for recovery, search, cloud, and development. By using the market-leading Cloud Data Management platform to provide instant access with self-service, customers mobilize applications, automate protection policies, recover from Ransomware, search and analyze application data at scale on one platform.