00:00
Good afternoon, folks. My name is Ray Felix. I'm the area vice president for Rubric's Technical Product and Alliance's team. I'm joined today on stage by my very good friend and esteemed colleague, the field CTO for the Americas, Mr. Jason Cook. Today we've been asked to come in and talk to you a little bit about rubric,
00:19
a little bit about our, uh, partnership with our friends at Pure Storage, and more importantly, um, to bring you up to date on some of the things that we are co-developing to bolster your cyber resilience. So we're gonna go ahead and get started. Folks, there's this uh very disturbing trend that's begun to emerge in the cybersecurity
00:40
space over the last few years. We are dumping money in preventative measures, trying to prevent the inevitable. Last year alone, year over year, the budget on cybersecurity spending went up 180%. And what do we get for that, for that extra money that we threw at the problem? Well, we got a 128% increase.
01:03
And the same time span on ransomware attacks, we got a 72% increase in the number of data breaches. And the cost of recovering from either one of those scenarios also went up another 22%. Now at Rubric we're in the business of recoverability we wanna make sure that your data is clean, is available if and when you need us and to that end we have to spend a
01:33
lot of time working with customers and understanding what it is that you face day in and day out. So we built a think tank, Rubric Zero Labs. They go out and talk to customers, they're industry analysts. During a recent survey, they revealed that 98% of the folks we spoke to, almost every single one.
01:54
Had significant challenges around data visibility. What does that really mean though, folks? It means we know how much data we have, we just, we're not really sure what it's being used for or whether it's really being used at all or whether it's even clean and free of malware. What are we what are we protecting? What are we housing?
02:18
Now, that same survey also revealed that 66% of these folks felt like that very same data was growing faster than their ability to protect it. So the problem's compounding. As IT architects, we pride ourselves on the applications we support, the infrastructures we build, the services we provide.
02:43
But I think all of us are very accustomed to being asked to do more. With less at that, you know, you come back tomorrow, there are more servers, there's more files, there's more data, there's more risk. To our business, to ourselves, to our livelihoods. And the most disturbing statistic of all is, folks, there are entire industry set up.
03:12
To steal this data and sell it back to us. And when they do get their hands on that intellectual property, they're doing so by compromising our identities. They're stealing our logins, our passwords. And stealing our data and ransoming it back to us. So look, I've been with Rubric a decade at this point, just hit my 10 year anniversary,
03:37
and it's the last 10 years with the company have really taught me anything. It's that the products. That people rip out of the data center. And replaced with rubric. They were just built for an entirely different purpose.
03:49
They were built for simple data loss. I deleted a file by accident. I overwrote something. They weren't born in this modern era of the cyberattack where ransomware's on the news every other night. Uh, Jason, could you talk to us a little bit about what cybersecurity, what cyber recovery looks like?
04:12
I would be delighted to, and thank you, Ray, for that context. So now we know what the problem is, which is in the world of disaster scenarios, most of which are very well understood, and I imagine all of you already have mechanisms to address if I were to ask you. What do you do when a user deletes a file? You have a mechanism for that.
04:33
What happens when a patch or an upgrade goes wrong? You have a mechanism for that. But if I ask you what happens when you experience a cyberattack or a cyber breach, that generally leads to some puzzled looks and a few more questions because it's hard to know exactly how that's going to manifest. Is it going to be a denial of data attack which
04:54
would include some kind of data deletion, data encryption? Will it be a data exfiltration attack where a threat actor or an APT is trying to siphon out intellectual property, customer information, patient information? Um, whatever, uh, industry-related, uh, specifics apply. That is a wholly different disaster scenario that has to be treated differently and as Ray
05:17
said, where we are today is that despite best efforts to thwart those attacks to detect them, and let's not kid ourselves, thousands if not tens of thousands, maybe even millions of attacks are prevented each and every day, but it only takes that one to get through and they are. So in that context, now if you look at a global cyber resiliency strategy that has to include
05:41
recovery with equal measure, and that's why we at Rubric talk about that particular disaster scenario so much is because it is different and it belies a whole new set of required capabilities in order to address it. It doesn't invalidate the other scenarios, of course, our solution is designed to address those as well, but cyberattacks are just a little bit special.
06:03
And if you look at the nature of an attack, there's a profound series of questions that generally get posed when a breach of any kind happens, namely, do I even have backups and recovery copies that I can go to? So many attacks, in fact, the overwhelming majority of denial of data attacks or encryption events. Include a tax on backups and as Ray spoke,
06:26
legacy architectures have a problem addressing that because they maintain backups and repositories which are not immutable or have data security controls layered in and thereby threat actors are able to compromise those and crypt those or delete those, or perhaps they attack the backup application themselves, you know, they trick the backup application into thinking that at some point in the future they
06:47
prematurely expire backups and now we don't have recovery points. But there are so many more questions that really start to straddle the line between infrastructure operations and security operations because there's a forensics and analytics component that goes along with that, and that is, do I have a sense of what the blast radius of or scope of an attack is,
07:10
you know, if you look. Talk to so many incident responders, that's the hardest part after an incident has been declared, is to figure out what happened, who or what is patient zero, and is the infection still resident? Are the tools still resident in the recovery copies because nobody wants to recover and get reinfected again.
07:29
And that's why most incident responses and recovery operations post-incident take somewhere between 30 to 31 days. To respond and that's not all that tenable in today's world when revenue gets measured and countered in seconds. So that is why for a recovery solution today you really have to think about not only
07:52
do I have data security controls resident within my recovery environment such that I can always depend on them even when I experience something like a cyberattack, but also do I have a set of security focused analytics which are looking at those backup copies to determine where threats are, what specifically was attacked, and To the point of governance and regulatory and risk equations,
08:15
what level of data sensitivity might I have and what am I doing about it proactively? And that folks really is the basis of the rubric platform and portfolio. Our primary platform nomenclature is called Rubric Security Cloud. And what Rubric Security Cloud does, well, firstly and foremost, it protects and secures data wherever it is created, wherever it is served,
08:37
whether that's on premises, the public cloud, SAS applications, and of course, perhaps the greatest repository of risk these days, vast repositories of unstructured data, right? We layer in a variety of different capabilities beyond just the protection of security of that, which of course includes inherent data security controls like immutability anddability,
09:00
network attack or time attack prevention technologies such as a monotonic clock, and a variety of other mechanisms which are designed to safeguard those recovery copies so that you know you can always depend on them, just as you do for any other disaster. But then there's more, a rich set of cyber analytics capabilities that ride on top of those backup copies that can look for anomalous behavior like high levels of entropy or
09:24
randomized encryption. An engine which will investigate recovery copies for indicators of compromise or malware and remove them from those recovery copies so that when you go to action those recovery copies at distance or in place or in any scenario to isolated recovery environments, what have you, you have the sanctity of knowing you've removed the threat,
09:45
you can recover that one time and you can hasten that cyber recovery timeline, which is so important post incident. Rubric's platform is 100% API extensible. We use APIs like GraphQL, REST, as well as webhooks to port our information out into a variety of different security operations tool sets as well as automation and orchestration capabilities.
10:09
So when you think about EDRs, you think about MDRs, SIMs, sores, you name it, now security operations teams can get at threat intelligence, particularly indicators of compromise, various indicators of malicious behavior, sensitive data that is perhaps in breach of policy of governance and compliance within their tool sets. And what emerges is a much better approach to
10:32
cross-functional alignment between infrastructure operations and security operations. Like I can tell you from direct experience that's going to matter in a breach. Those are two entities that are going to have to work together that may not always do or are used to, but certainly when that happens, that's when they absolutely all have to come to
10:49
the table with their respective interests, which ultimately is mitigating business risk, hastening the recovery cycle, and getting the business back to revenue as quickly as possible. The reason we're all here. Rubric and Pure, two industry leaders have partnered together to deliver this outcome to our mutual customers, and we call it the cyber resiliency stack.
11:13
The idea is manyfold. Number one, it's to use best of breed technologies from bolt manufacturers, the ones from rubric that I've described, but from pure, of course, the flash array as well as flash blade. To create an end to end cyber resilience and cyber recovery solution that will allow customers to deliver global cyber resilience irrespective of the disaster scenarios that
11:34
befall them. That would include all of the different security focus capabilities from both pure and rubrics such as secure mode snapshots, all of the different uh analytics capabilities that I mentioned with rubric, the secure vault capabilities that we provide, as well as for lengthier term or longer term retention copies a fast all flash-based recovery tier that regardless of from how long
11:58
we have to go back, we know our recoveries will be quick, and that's with Flash Blade. But we aren't stopping there and today is a day about announcements and creating unique integrations that really separate this solution from the herd, but I can't underscore enough and more importantly, the idea is is to bring in
12:16
something into your environments which is pre-integrated, pre-validated. To deliver that end to end cyber resilience and cyber recovery outcome, which ultimately leads to reduction of uh business risk. So in the spirit of sharing things that are new and exciting, that are extending our capabilities, I'll turn it back over to Ray to share that.
12:35
Thank you, buddy. You bet. All right gang. Uh, so when we launched the cyber resilience stack back in September, that third tier, in order to secure the data on that archive, we launched bucket level immutability. The goal there is just to prevent bad actors, malicious deletions of that last
12:55
known good copy of data. Now bucket level immutability does a fantastic job with that, but it's a little less than efficient when it comes to space utilization. So our friends at Pure have been. Hounding us if you will, for the last couple of years and we finally finished off Object lock
13:12
uh for for that third tier for that archive piece and think of this as the more space efficient successor. You're not gonna have to sacrifice the security or the speed of recovery of that archive, but we can now age objects out individually instead of setting a policy for the entire bucket. So it's gonna help you save a little bit of money in the long run.
13:34
Uh, there is one feature I would be, uh, I'd feel guilty if I didn't call it out for you. It was, uh, part of the cyber resilience stack that reference architecture that's been part of our product line for quite some time. It's called Instant archive and it pairs really well with this. Here's where instant archive fits into the picture.
13:54
When you build a policy with rubric, you determine the frequency, the retention, the archive, the replication requirements for your data, and then you throw the apps in and it takes care of the rest. There's a check box in there and if you enable this box instead of just aging older data out of the cluster. It can mirror the entire contents of the policy
14:19
itself. That's data plus metadata in that archive. So when might you have a use for this? Well, if I took that flash blade and put it at a secondary site and that primary site, I suffered a catastrophic loss. Like let's say that entire data center, maybe even that entire cluster is gone offline, hardware completely crushed.
14:44
I can plug in and bootstrap a brand new rubric cluster and point it at this archive it's never seen before and because that entire catalog is there all metadata and data doesn't even need to be the same model. We could switch hardware, switch capacities, switch manufacturers. I can now pick and choose with surgical precision, individual objects, files, even entire.
15:11
Uh, workloads that I want to download and recover from that archive. So if you haven't had a chance, be sure to check that instant archive box. Uh, last but not least, folks, look, I know the real reason most of you are probably sitting in here as you heard our buddy Chad Kenny this morning up on stage with, with Charlie talking about pure one workflow automation.
15:36
See a lot of folks snapping picks too snap away. Uh, so this is their ecosystem. Pure's ecosystem to partner with companies just like Rubric to help you to make more of the data that you already own. Now, in order to take care uh take uh make use of this platform, you have to build a recipe.
15:57
First recipe they built is Rubrics, cyber resilience visibility recipe. I have to say that really slow because it's a mouthful. Uh, folks, the goal of this recipe is to give you visibility into that first tier of the cyber resilience stack. So what we launched back in September, you've got flash array being protected by Rubric
16:22
Security cloud with threat analytics, anomaly detection, sensitive data, all of our enterprise suite. Analyzing the contents of your catalog, archiving out to that flash late, locking the data down with bucket level of immutability. Now you've got object lock for that.
16:41
And where this changes the first tier is we recommended that you turn on. Uh, uh, safe mode snapshots. Create a first tier of defense because the reality is that a cyberattack, they're gonna come after everything. They're gonna come after the 1st, the 2nd, the 3rd copy,
16:59
so the more copies of the data that you have, the better a chance you have of recovery. But if we're gonna turn on safe mode snapshots, even though they're indelible, even though they're quorum authorized, how do we ensure the sanctity of the data that we're snapshotting? Because that's probably where the infection's gonna start, right?
17:20
So with this integration, what we're doing the the recipe correlates the infected data that we quarantine in rubric with the volumes and the snapshots where the data came from and we tag that information directly inside of pure directly in their UI. So folks, in layman's terms, what this really means is 1.4 million indicators of compromise from folks like Mandian.
17:50
We're looking for Yara rules. We're looking for nasty file hashes inside of your entire backup catalog. We're looking for anomalies. We're trying to find data that's been encrypted on the hypervisor or encrypted in the file system, or all of a sudden we had everything in our file system overwritten and replaced.
18:11
Overnight. Rubric's gonna quarantine that data and share that information directly back with the pure flash array, so that now when you go to roll back hundreds of terabytes. In near zero time with a snapshot, you can do so with clean copies. If you're a pure administrator, you won't even have to log into rubric to take advantage of
18:36
this. So threat analytics, visible directly in the flash array. We're really excited to get this into your hands and folks, the most beautiful part about all of this is that if you're a customer, if you're running that entire stack, that this isn't something we're gonna sell to you, it's something we're gonna give to you. We wanna make sure that folks can make the most
18:58
of their data. You'll just be able to download it, tweak a few parameters, and you'll be off to the races. All right, you've suffered through me enough. Home stretch game, Cookie. Got you covered. Everyone, thank you so much firstly for attending.
19:13
Obviously at this great event, there's clearly choice in the sessions that you can attend, so we're honored and humbled that you chose ours. Thank you so very much. You've heard about the problem that uh besets us, which is perhaps one of the greatest existential threats to businesses, governments, and quite frankly,
19:32
us as consumers is cyberattacks. And it's really nothing to be afraid of, it's just something to plan for. And that really is the basis for everything that we've talked about here, not only the rubric technology that I've reviewed with you, but also the integrated and pre-validated design as well as the extensions and software
19:52
that we're delivering with Pure. We couldn't be more excited about this capability. And the outcome, not only in value but capability it's going to bring to our mutual customers. And that again is assured cyber recovery irrespective of any disaster, but certainly and most notably a cyber attack.
20:13
We're gonna open it up to questions now. We've got a microphone. We are recording this session, so if you could speak into the mic when you ask. Also remind that uh in the expo hall, our experts are there working that booth. So if you have questions you think of later, by all means stop on by and ask away. Guys, again, thank you so much for attending the session.
20:32
Could be more pleased with the turnout. Thank you very much. I hope you have a great rest of the session.
