There’s no doubt about it: identity is a core component of the modern cyber resilience strategy. While the end goal of many cyber attacks is the data, identity is a growing attack vector that continues to be targeted. According to IDC, 71% of ID-related attacks used stolen or compromised identity credentials.
Identity impacts pretty much everything: if your identity services are unavailable for any reason, your business is down because nobody can authenticate against your business applications. Active Directory and Entra ID are the most common identity platforms in the enterprise—often used together in hybrid cloud configurations, which makes them prime targets for cyber threats.
To address this vulnerability, we are thrilled to announce Rubrik Identity Recovery, a groundbreaking product that has been designed from the ground up to offer unparalleled protection for your Active Directory and Entra ID infrastructure.
While there are tools that can do forest recovery, they rely on third-party backup tooling. Rubrik Identity Recovery provides an immutable data protection platform; a robust and user-friendly solution that can recover entire AD forests all the way down to individual attributes. This helps organizations minimize the risk of identity-related data loss and protect business continuity in the face of potential security incidents.
The Importance of Identity Protection in Cyber Resilience
In today's dynamically evolving threat landscape, cyber attacks are becoming increasingly sophisticated and pervasive. As attackers continually target the core identity repositories of enterprises, it has become imperative for organizations to fortify their cyber resilience efforts by prioritizing protecting their identity data.
True cyber resilience means accepting that breaches will happen. A complete cyber resilience strategy hinges on the ability to promptly recover from security incidents and ensure the continuity of critical business operations.
As your key partner in cyber resilience, Rubrik already provides a data security platform that delivers complete cyber resilience across enterprise, cloud, and SaaS. Built with a zero-trust design and powered by machine learning, Rubrik Security Cloud automates data policy management and enforcement, safeguards sensitive data, delivers data threat analytics and response, and orchestrates rapid cyber and operational recovery by surgically and rapidly restoring impacted apps, files, and objects.
Also delivered through Rubrik Security Cloud, Rubrik DSPM manages the lifecycle of your critical sensitive data, minimizes the risk of oversharing, and identifies suspicious activity in near real-time so that action can be taken to respond appropriately.
Now, with Rubrik Identity Recovery, organizations can augment their resilience posture by proactively securing their Active Directory and Entra ID infrastructure, positioning themselves to swiftly respond to and mitigate the impact of potential threats.
Key Features of Rubrik Identity Recovery
Comprehensive Recovery: Rubrik Identity Recovery allows organizations to recover entire Active Directory forests down to individual object attributes, as well as Entra ID objects, Enterprise Apps, and App Registrations. By offering an extensive recovery scope, organizations can rest assured that their critical identity data is secure and can be swiftly restored in the event of an incident.
Built on Native Capabilities: Identity Recovery builds on the same core Rubrik platform that businesses trust as their backstop for cyber resilience, with native immutability so that you can be confident in your ability to recover identity data.
Simplified Restoration: The product's intuitive interface and streamlined workflows enable organizations to initiate and manage recovery processes with ease, reducing the complexity typically associated with identity recovery. Recovering entire Active Directory forests, whether in-place or in a cleanroom environment, is entirely orchestrated by Rubrik Security Cloud. Select your recovery options, kick off your recovery, then grab a coffee while Rubrik handles what would normally be a chain of complex manual activity.
Enhanced Security: With Rubrik Identity Recovery, organizations can enhance their security posture by ensuring the resilience and recoverability of their identity infrastructure, thereby mitigating the impact of potential security breaches.
The Challenges of Recovering Active Directory At Scale
Active Directory is a multi-master, highly distributed identity platform. Its distributed nature provides a degree of survivability, and it is not unheard of for businesses to rely on this high availability to provide resilience. At the same time, this very distributed nature means that in the event of the compromise of a single Active Directory Domain Controller, the entire domain and potentially the entire forest are compromised. With this in mind, it is important to consider how you might recover if such a thing happens.
Some organizations leverage host-based or virtual machine-based backups to capture the entire system state for a full rollback in the event of an incident. While this can work and is a good way to handle traditional business continuity/disaster recovery requirements, consider whether you should trust the state of the operating system in the event of a cyber incident: AD is a major target for adversaries simply because it holds the keys to the kingdom. If they can compromise the operating system on a Domain Controller, they may be able to leverage sysvol to replicate any malware in use to other DCs.
Rubrik Identity Recovery makes it simple to recover the state of Active Directory to net new (and, as such, clean of infection) Windows hosts, even to a new IP schema if you need to start from scratch in a clean room. Alternatively, if your security team is happy that your DC OS can be trusted, you can also recover in place.
Another challenge that many organizations have is the complexity of Active Directory, especially when it comes to multi-domain forests. Which servers hosted DNS? DHCP? Where were the Global Catalogs? What about the Flexible Single Master Operator (FSMO) roles? How does all of this stitch together, with all the interrelationships and trusts between the forest root, tree, and child domains? Microsoft maintains excellent documentation for the recovery of Active Directory domains and forests, but a quick look at that documentation shows clearly how complex this process can be (29 pages!).
Rubrik Identity Recovery simplifies the whole process with a wizard-driven approach that drives the orchestration of the recovery of entire forests from immutable backups. Kick off the recovery process, then grab a coffee while Rubrik handles the rest. No manual interaction is required once you’ve told Rubrik Identity Recovery how you would like to recover. And because this supports alternate host recovery, you can even do this in an isolated environment for testing purposes. Validate your recoveries without impacting Production!
From Global To Granular
While recovery at scale can be a challenge for identity platforms, so can identifying how a single object has changed between the state of a selected backup and the current live state.
Rubrik Identity Recovery makes it simple to do this comparison—selecting a point-in-time state of an object from backup and showing how it differs from the current live state. This capability makes it easier to identify potentially malicious activity, such as an account being added to highly privileged groups, having its phone number changed, or enabling dial-in privileges (which might be used as a backdoor when an attacker establishes persistence within a target environment). These attribute changes can then be easily rolled back to the state in the backup without otherwise affecting those objects.
The Hybrid Cloud - What About Entra ID?
Today many organizations leverage a hybrid cloud approach, where some identities are held on-premises and some in the cloud, or even with identities replicated from the enterprise to the cloud. This is especially seen where businesses are leveraging Microsoft 365. Rubrik Identity Recovery can also help in this space with the ability to protect and recover objects (including users, groups, and roles), Enterprise Apps, and App Registrations. All of this, from a single, simple user interface in Rubrik Security Cloud.
What’s Next?
Rubrik Identity Recovery reflects Rubrik’s unwavering commitment to creating innovative and robust solutions that fortify defenses against evolving cyber threats. A comprehensive, native, and user-friendly identity recovery solution from Rubrik can bolster cyber resilience and safeguard your most critical digital assets.
We invite you to explore Rubrik Identity Recovery and experience the peace of mind that comes with having a resilient and recoverable identity infrastructure. Together, let's fortify the defenses and ensure the continuity of your business operations in the face of adversities.
If you’d like to learn more about Identity Recovery, including a guided hands-on lab, sign up now for the next Virtual Camp Rubrik.