In the cybersecurity game of “You make a move, and I counter it,” here is a new one on me—Identity Resilience. OK, I’m not an expert in the field. Identity theft has been around for a long time. Resilience has become a current beneficial concept. This news from Rubrik blends the two concepts.
In brief:
Disrupt Identity-Based Attacks: Counter fastest-growing threat vector with advanced resilience for complex identity environments
Unified Protection on One Platform: Designed for data and identity security to eliminate vulnerabilities from disparate point solutions
Complete Resilience Coverage: Protect across on-premises, cloud, and SaaS with visibility into data and identity interactions to accelerate detection and recovery
In a world of nonstop cyberattacks, Rubrik announced April 24 its upcoming solution, Identity Resilience, designed to secure the entire identity landscape alongside data. Identity Resilience aims to protect the most common entry points for attackers – human and non-human identities (NHIs) – to help organizations maintain operations with minimal downtime.
Identity Resilience aims to address a blindspot in enterprise security. A critical piece of infrastructure utilized by a vast majority of organizations, identity remains a consistent target for hackers. When compromised, these identity systems grant attackers access to critical data and credentials, and their disruption can prevent cyber recovery. Rubrik’s solution is designed to secure this vulnerable authentication infrastructure that powers virtually every major enterprise.
“Identity systems are not only complex and hard to manage, but they have also become the primary gateway for attackers aiming to access an organization’s valuable data,” said Mike Tornincasa, Chief Business Officer at Rubrik. “Today, we signal our commitment to identity protection, to address our customers’ needs by detecting threats that target identities and proactively reduce identity risks, just as we have successfully done with data security.”
Similar to how Rubrik monitors and sustains data, the company’s anticipated capabilities are designed to identify, monitor, and safeguard critical, sensitive, and active identities, including non-human identities (NHIs) such as machines using service accounts and access tokens.
NHIs, which outnumber their human counterparts, are complex to manage and introduce vulnerabilities that are increasingly targeted by attackers who compromise and escalate privileges. Current identity security approaches fail to provide enterprises the capability to assess NHI risk, view data access, and track suspicious activity over time.
Too often, identity management, identity protection, and data security are siloed as different products run by different teams in an organization. In contrast, Rubrik uniquely aims to combine these capabilities to provide new capabilities, and a holistic view of identity and data.
Hybrid Protection for Active Directory (AD) and Entra ID: With automated and orchestrated recovery workflows, organizations can restore complex hybrid identity environments – like Active Directory forests and full Entra ID tenants – faster and with greater confidence than before. Active Directory recovery can involve up to 22 manual steps. Rubrik reduces that with an easy-to-use wizard, dramatically cutting complexity and time to recovery. As a result, these capabilities are among the fastest-growing in Rubrik’s history, safeguarding millions of identities and the sensitive data they access.
Comprehensive Risk Analysis for Human and Non-Human Identities: With a unified view across identity providers showing human and non-human identities who have access to sensitive data, organizations can identify dormant or orphaned accounts, detect risky privilege escalations, and expose problematic combinations of access that traditional tools often miss. Beyond visibility, organizations can track the risk associated with identities and target remediation by revoking identity access, data access, or both. This approach enforces the least privilege, shrinks their attack surface, and proactively shuts down potential identity-based threats.
Complete Identity and Data Context: Instead of working with limited context from identity providers, organizations can tie identity-based information with sensitive data (e.g., healthcare, financial) context, privilege, and activity. This critical context can reduce remediation work while strengthening risk posture before a cyber attack, thereby speeding up threat hunting and remediation during and after an attack.
Keeping track of the many changes within the cybersecurity solution ecosystem takes more time than I can devote. I’m glad my old colleague Greg Hale made that his focus. Rubrik first came to my attention just a couple of months ago. They did get a mention in a post several years ago as an executive invested in a company that never crossed my path again.
Rubrik’s unique proposition is resiliency. In this news, the company announced capabilities related to users of Google Cloud.
In its ongoing commitment to deliver comprehensive cyber resiliency, Rubrik announced April 9 upcoming capabilities designed to help ensure Google Cloud customers can quickly recover their business from a cyberattack or operational disruption.
“As organizations increasingly shift their business-critical data to the cloud, they’re confronted with new challenges in protecting sensitive information against rapidly evolving cyber threats—challenges their traditional security technologies simply can’t address,” explained Anneka Gupta, Chief Product Officer at Rubrik. “We aim to empower Google Cloud customers to address these challenges with confidence, enabling them to strengthen their cyber resilience, streamline data protection, optimize backup and recovery processes, and ensure business continuity in the face of any cyber incident.”
“For organizations navigating today’s complex cyber threat landscape, comprehensive cyber resiliency is non-negotiable,” said Stephen Orban, Vice President of Migrations, ISVs, & Marketplace at Google Cloud. “Our collaboration with Rubrik provides customers with the tools and technologies to establish isolated recovery environments on Google Cloud, fortified by the proactive security insights and expertise of Mandiant.”
Precisely designed for Google Cloud, this collaboration delivers:
Cloud-Based Isolated Recovery Environment in Google Cloud – Rubrik, in collaboration with Mandiant, is developing a cloud-based isolated recovery solution on Google Cloud. This solution is designed to enhance organizational cyber resilience by ensuring business-critical data backups are secure from cyber threats and efficiently, safely replicated to Google Cloud via Rubrik’s Secure Vault after an incident. By leveraging Rubrik’s Data Threat Analytics and Orchestrated Application Recovery Playbooks, combined with Mandiant’s periodic security assessments and Incident Response services, it aims to establish a secure recovery environment on Google Cloud, to enable swift core application restoration and business continuity.
Strengthened protection of Google Cloud Engine and Google Cloud SQL – New threat-analytics capabilities are planned for Anomaly Detection, Data Discovery and Classification, Turbo Threat Hunting, and Threat Monitoring. These capabilities are designed to work together to proactively detect cyber threats, accelerate incident response and recovery, and ensure sensitive data remains protected and compliant.
Enterprise-grade protection for Google Workspace – Rubrik’s solution is designed for Google Workspace customers, to help them protect their mission-critical SaaS data from cyber threats, insider risks, and accidental deletion, through newly-offered immutable backups, automated anomaly detection, and rapid, granular recovery.
Rubrik’s strengthened protection of Google Cloud Engine is available now. New threat analytics capabilities, expanded protection of Google Cloud SQL, expanded protection of Google Workspace, and Cloud-Based Isolated Recovery Environment are planned to be generally available at a later date.
A company called Armexa, new to me in the cybersecurity ecosystem, sent a release about an analysis they made regarding the thoroughness of risk assessments. They advocate a “bow-tie” method, detailed below. This is not my area of expertise, so I pass along as a tool in your belt.
The Blind Spots in Most Risk Assessments
Many cybersecurity assessments fall short because they only focus on one or two parts of the puzzle instead of the full picture. Here’s what often gets missed:
Only looking at external threats: Some assessments zero in on external threats like malware, phishing or hackers accessing the OT environment from the enterprise/business networks but overlook internal threats such as maintenance laptops, accidental misconfiguration errors, and unauthorized wireless access points that can bypass perimeter security controls.
Assuming compliance equals security: Publishing policies and following standards is important but just because an organization has them in place doesn’t mean they’re properly applied – or that they actually reduce risk.
Overlooking “double jeopardy” scenarios: Traditional risk models plan for one thing to go wrong at a time. But cyber incidents are intentional. Attackers can, and often do, take down multiple systems at once.
Focusing on vulnerabilities: Many assessments focus on discovery of vulnerabilities, such as outdated operating systems, known vulnerabilities (i.e., CVEs), weak passwords. Listing vulnerabilities is helpful, but without asking what would happen if the vulnerability was exploited, you’re not actually assessing risk
If you’re not linking security gaps to real operational and financial consequences, it’s almost impossible to know what really matters – or what to fix first.
The Three Elements Every Risk Assessment Should Cover
A truly effective risk assessment goes beyond simple gap analysis. It looks at the full picture by connecting three key elements:
Threats – What could cause a cyber incident?
Malware, phishing, ransomware
Human errors or insider threats
Unknown or unauthorized devices on your network
Vulnerabilities – Where are the weak spots?
Networks without proper separation
Devices that connect both IT and OT networks
Policies that are weak – or not followed at all
Consequences – What happens if something slips through?
Loss of control over key operations
Production downtime and financial losses
Safety hazards, regulatory fines, and environmental impact
Check out the web page for a discussion of weaknesses. Here they offer their better way to connect the dots—Bow Tie Analysis
Bow Tie Analysis is a visual method that clearly shows how threats, vulnerabilities and consequences are connected in a clear, structured way. It helps teams:
See how one issue can trigger a chain of events
Pinpoint which controls matter most, and whether they’re working
Understand what’s still at risk, even with protection in place
Meet regulatory expectations with a clear, easy-to-explain model
By mapping out risks in a straightforward, visual way, Bow Tie Analysis helps security teams and senior leadership understand where to focus – and where to take action first.
Is It Time to Rethink Your Approach?
If your risk assessment doesn’t connect threats, vulnerabilities and consequences, there’s a good chance some critical gaps are being overlooked. Cyber risk isn’t just an IT issue – it affects operations, finances and most importantly, safety.
More news from ODVA at Hannover. Following a presentation by a cyber security researcher at the annual meeting, everyone agreed that implementing CIP Security was a must have.
ODVA announced that a new pull model for configuration data is now available for CIP Security, the cybersecurity network extension for EtherNet/IP. This new profile is in addition to the existing pull model for CIP Security certificates which allows for efficient distribution of device authenticity information.
The CIP Security pull model for configuration information will allow for parameters in JSON format to be automatically available for EtherNet/IP network-capable devices. This new configuration data will make it possible for non-CIP devices, such as mobile phones and tablets, to access secure EtherNet/IP information and for hierarchical metadata to be more readily available. CIP Security now includes a pull model for configuration data and device certificates along with security properties, including a broad trust domain across a group of devices, a narrow trust domain by user and role, data confidentiality, device and user authentication, device and user identity, and device integrity.
The CIP Security pull model for configuration defines a file encoded format for delivering CIP Security configuration as well as a mechanism for a device to pull or query this configuration. The pull model for configuration is valuable when the traditional CIP object/server/attribute mechanism of delivering the CIP Security configuration is not appropriate. Use cases for the new CIP Security pull model for configuration include software that does not have CIP target functionality, such as with a mobile device application and with devices that are on a private network with Network Address Translation (NAT) that has configuration software on the public network. Additionally, the pull model for configuration can help improve device replacement by being able to automatically provide the needed communication configuration on top of automatically pulling the certificate. The CIP Security pull model for configuration can be delivered via a JSON file, which provides the advantage over the CIP object/service method of decoupling the configuration from the transport. The CIP configuration information structure is still retained when using a JSON format. The JSON file also includes a digital signature that allows for authenticity of the data, independent of the transport over which it is delivered.
“The addition of a CIP Security pull model for configuration makes it easier to replace devices to minimize downtime and allows for configuration data to be automatically provided to mobile devices and devices on a private network,” said Dr. Al Beydoun, President and Executive Director of ODVA. “CIP Security development is a continuous effort to help deter bad actors from accessing EtherNet/IP networks that enable efficient production in critical industries across the world.”
The importance of cybersecurity continues to grow as more devices than ever before are being connected by users to the network via wireless and Single Pair Ethernet (SPE) technologies. Additionally, the connection of the device level network to ERP and cloud systems to take advantage of the latest Artificial Intelligence (AI) analytics to optimize operations means that a defense in depth approach that includes device level security is imperative. CIP Security already takes advantage of robust, proven, and open security technologies, including TLS and DTLS for secure transport, hashes or HMAC as a cryptographic method of providing data integrity and message authentication, X.509v3 digital certificates, OAuth 2.0, and, OpenID Connect for authentication, and encryption to prevent reading or viewing of EtherNet/IP data by unauthorized parties. CIP Security now includes a pull model for configuration data to enable mobile device and private network connectivity along with improved device replacement. CIP Security is a robust device level security protection for EtherNet/IP that can help vendors and end users to prepare for regulations such as the European Union Cyber Resilience Act (CRA) and to achieve compliance with security standards such as IEC 62443. Visit odva.org to obtain the latest version of The EtherNet/IP Specification including CIP Security.
Rubrik has announced new capabilities to its cyber resilience offerings across cloud, SaaS, and hypervisors including Oracle Cloud Infrastructure, RedHat OpenShift, and more. Its new Identity Recovery for Active Directory and Entra ID addresses the key vulnerability to business operational recovery.
The innovations aim to provide customers with even more ability to anticipate breaches, detect potential threats, and recover with speed and efficiency no matter where their data lives.
Here is a list of new products.
Cloud Posture Risk Management (CPR): CPR addresses the lack of data visibility by automatically discovering and inventorying cloud data assets and identifying unprotected or sensitive data. CPR helps organizations make informed backup decisions and strengthen their overall backup posture by protecting only what truly matters, reducing risk and unnecessary costs.
Oracle Cloud Protection: Rubrik Security Cloud (RSC) is planned to support data protection for Oracle Cloud Infrastructure (OCI) —beginning with Oracle Cloud VMWare (OCVS) workloads and self-managed Oracle DB workloads operating OCI VMs. The solution is designed to enable customers to safeguard their cloud-based environments with the same robust, unified backup and recovery capabilities they rely on for other cloud and on-premises data.
Expanding Data Protection to PostgreSQL: Rubrik recognizes the critical importance of fortifying data defenses across all platforms. According to a recent Rubrik Zero Labs report, attackers are targeting backups in 96% of cyberattacks. By extending coverage to PostgreSQL, Rubrik ensures that one of the world’s most popular open-source databases thrives in the face of evolving digital threats. The comprehensive data security solution provides organizations with the assurance of maintaining data backup, availability, and recoverability.
Red Hat OpenShift Virtualization Data Protection: Sixty-percent of enterprises have adopted Kubernetes, emphasizing the critical need for cyber resilience solutions for their critical workloads. Rubrik’s new OpenShift support marks a significant step in securing these environments with comprehensive, automated, and immutable backups that deliver fast recovery from cyber incidents. Businesses have the flexibility to choose virtualization platforms for critical business processes without compromising manageability or cyber resilience.
Azure DevOps and GitHub Backup: For organizations using continuous integration and continuous development to accelerate innovation, Rubrik now protects Azure DevOps and GitHub with cyber resilient automated backups, granular recovery, extended retention, and robust compliance coverage for critical data stores.
Rubrik Cloud Vault (RCV) for Amazon Web Services, Inc. (AWS): RCV reduces the complexity and cost of managing a highly secure off-site archival location, with flexible policies and/or regions. RCV features immutable, isolated, logically air-gapped off-site backups combined with role-based access controls, advanced encryption, and retention locks to provide unparalleled confidence in data recovery.
Security and Resilience for Microsoft Dynamics 365: Rubrik’s enhanced protection for Microsoft Dynamics 365 aims to ensure businesses can secure their critical operational and customer data within a unified platform.
Sandbox Seeding for Salesforce: An intuitive user experience designed to allow users to select objects and records depending on specific criteria. This process aims to prevent seeding errors by thoroughly analyzing data selection size versus destination size availability before moving data to the sandbox environment. The goal of this solution, planned for 2025, is to save queries for future repetitive use, further expediting the sandbox seeding process.
With the introduction of Identity Recovery, Rubrik delivers the industry’s most comprehensive, automated, and secure solution for protecting hybrid identity environments across Entra ID and Active Directory (AD). Identity Recovery includes orchestrated Active Directory Forest Recovery to rapidly and cleanly restore entire identity environments – eliminating manual complexity and reducing downtime.
Advanced Security Features for Azure & Amazon Web Services, Inc. (AWS): Leveraging advanced machine learning and automation, new capabilities available today include Anomaly Detection, Data Discovery and Classification, and soon, Threat Hunting and Threat Monitoring. These capabilities are designed to work together to proactively detect and mitigate cyber threats, accelerate recovery, and ensure sensitive data remains protected and compliant.
Orchestrated Recovery for Azure VM: Rubrik is planning to extend its Orchestrated Recovery capabilities to the cloud beginning with Azure VM. By enabling customers to automate recovery sequences, schedule regular test recoveries, and generate comprehensive recovery reports, the solution is designed to reduce complexity and minimize the potential for human error.
Turbo Threat Hunting: Unlike traditional methods that scan one object at a time or require navigating multiple panes of glass, Turbo Threat Hunting scans at scale by leveraging pre-computed hashes stored within Rubrik’s metadata. This eliminates the need for file-by-file scanning, allowing organizations to rapidly pinpoint the exact recovery points free from malware or other threats within seconds — even in the most complex data environments. Internal testing found Turbo Threat Hunting scans 75,000 backups in less than 60 seconds.
Enterprise Edition for Microsoft 365: Delivering enterprise-grade security and resilience for Microsoft 365, Rubrik expands its capabilities for organizations to rapidly detect, respond to, and recover from attacks. New capabilities available for Microsoft 365 include Sensitive Data Discovery, which identifies and protects high-risk data before an attack happens, and Prioritized Recovery, which restores critical data first for fast operational recovery. Coming soon, Rubrik’s customers using Enterprise Edition for Microsoft 365 will also be able to add Anomaly Detection, Threat Monitoring, Threat Hunting, and Self-Service Recovery capabilities.
Om Malik recently posted a rant about how unfriendly consumer IoT is to its customers. The goal of almost all suppliers centers on sucking up as much consumer behavior as possible while preventing competitors from interoperating. I may have more on that later.
The rant came my way the day before this news item relating to security of connected devices in manufacturing. Reading Malik’s column, I wondered about the entire manufacturing IoT ecosystem—interoperability, ease of use, ease of adding new device, and, of course, security. In our case it’s not only suppliers sucking data from our systems, it’s also industrial espionage and attacks from outside.
This news discusses how three companies came together recently to devise a solution advance.
CyberArk and Device Authority, in collaboration with Microsoft, have launched a solution that strengthens and scales connected device authentication to enterprise applications with Zero Trust principles. It helps manufacturers reduce cyber risk from connected devices in factory floors and edge environments with robust identity security, automated access management and device lifecycle protection.
The manufacturing industry is rapidly transforming to digital, driven by the coming together of the Internet of Things (IoT) and Operational Technology (OT), with countless devices connected to optimize operations. Each connected device potentially introduces new cybersecurity vulnerabilities. The NIST reference architecture for IoT, introduced in May 2024, provides a structured approach to secure onboarding, continuous device management and threat monitoring across the device lifecycle. The collaboration between Microsoft, CyberArk and Device Authority helps organizations translate this framework into practical, scalable solutions.
Each partner brings essential capabilities to this end-to-end solution architecture for NIST compliance.
Through Microsoft Azure IoT and Defender for IoT, Microsoft enables secure, scalable device management and real-time monitoring. The cloud-edge integration ensures consistent device security, even in remote, air-gapped environments.
CyberArk’s modern privileged access management capabilities restrict unauthorized human access to critical devices and systems, enforcing user and device security policies without the need for time consuming, error-prone manual human intervention.
Device Authority automates secure device onboarding, identity credentialing and encryption, minimizing human error, accelerating incident response and maintaining data integrity through the connected ecosystem.
