Dru Investigate simplifies cyber investigations and helps users uncover data threats

Druva launched Dru Investigate, a gen AI-powered tool that guides data security investigations using a natural language interface.

With Dru Investigate, users across IT, security, legal, and privacy teams can swiftly identify and mitigate data risks, without needing to write complicated queries. Built on Amazon Bedrock, an AWS service to easily build and scale generative AI applications with foundation models, Dru Investigate leverages Druva’s insights from protected data to streamline cyber and legal investigations.

Data is increasingly at risk, and customers frequently conduct thorough investigations to understand the extent and impact of threats to their data. When investigating an incident to contain and remediate a threat, security teams need to understand complex attack patterns, such as malware gestation, score, and sprawl – the answers to which all lie in the data and systems.

Additionally, legal and privacy teams need to understand sensitive data protections and potential employee misconduct such as intellectual property theft or fraud. Unfortunately, it’s difficult to uncover these insights because it requires security teams to understand applications and build complex search queries across disparate data sources before they can analyze data for insight.

Dru Investigate is designed to empower users to investigate potential data risks with natural language queries so they can quickly understand their data – even guiding them when they do not know what to look for. When used, this AI-enabled capability significantly streamlines and simplifies investigative processes and drives faster outcomes, whether remediating and recovering from a threat or upholding rigorous data compliance.

“During cyber investigations, security teams know what data they need, but often don’t know where to find it – while IT teams know their data but not what the security team needs,” said Stephen Manley, CTO of Druva. “Druva connects these teams with the insight and centralized access to the right data at the right time. Built on Druva’s experience helping customers respond to incidents, Dru Investigate helps guide teams through investigating and analyzing protected data using a natural language interface so customers can take action sooner to remediate and recover from threats.”

“Druva is driving AI innovation with the power of the AWS cloud and Amazon Bedrock,” said Baskar Sridharan, VP of AI and Infrastructure at AWS. “Dru Investigate is an ideal, real-world example of how AI can tangibly and positively impact organizations and people today, across a wide range of functions. Advanced cyber threats necessitate AI-driven response, and we’re proud to partner with Druva to bring intelligence to data security.”

Threat investigation with natural language queries

With AI and natural language processing capabilities, Dru Investigate simplifies data investigations, dramatically accelerating decision-making and facilitating collaboration in high-pressure situations.

With the initial release of Dru Investigate, users can analyze the genesis, scope, and impact of cyber threats, even when they don’t know where to look. Dru Investigate empowers customers to:

• Safeguard backup environments: Detect if attackers are misusing admin credentials by spotting unusual behaviors, like creating shadow accounts or destroying backup data, and take action to address potential breaches.
• Identify anomalies in data: Pinpoint unusual data activities – such as sudden file encryption or mass deletions, which could indicate a ransomware attack – and directly search file activities to gauge the extent of any threat.
• Find and remediate intrusion and related evidence: Search across all protected data to find indicators of compromise and artifacts for quicker remediation and recovery.

Built on Amazon Bedrock, Druva’s suite of Dru AI products are designed to keep data secure. Dru AI products do not access or learn from customer data, which is encrypted on the Druva platform and is not shared with any third parties. Designed with isolated large language models (LLMs) and private Retrieval-Augmented Generation (RAG), Dru Investigate ensures secure analysis and works exclusively with an organization’s metadata to safeguard its sensitive information.

This AI innovation follows an announcement last month introducing Dru Assist, an AI-powered support system that actively addresses key customer needs. More than just answering queries, Dru Assist anticipates user needs and delivers instant solutions to provide the best customer experience.

“Dru Investigate exemplifies the power of AI – it streamlines the investigation process to find, analyze, and mitigate data risk,” said Bill Teeple, Director of IT at NeuroPace, a medical device company focused on transforming the lives of people living with epilepsy. “Rather than building complex search queries, simply being able to just ask questions and instantly access insights will save a lot of time and speed up decision-making. Data lives everywhere and is constantly being generated, and I see Dru Investigate speeding up my ability to analyze and act on critical data.”

“The race is on for the deployment of AI in data protection and cyber recovery applications,” said Phil Goodwin, research vice president, IDC. “While the industry is full of hype, we believe IT organizations will take a very practical approach to adopting AI. Most commonly, this will be specific use cases delivered by vendors as enhancements to their solutions. Druva’s Dru AI copilot is an example of such an approach that will help ITOps and SecOps teams with faster, more accurate cyber detection and response.”

Druva hosts and manages all infrastructure for the AI models in its Data Security Cloud, without requiring additional infrastructure from customers. Dru Investigate is now available to all customers at no extra cost.