Druva Launches Threat Watch to Deliver Proactive, Continuous Threat Detection

SANTA CLARA, Calif.--(BUSINESS WIRE)--Druva, the leading provider of data security, today announced the launch of Threat Watch, a zero-touch, automated cloud-native solution for proactive threat monitoring of backup data. Threat Watch is designed to continuously scan backup snapshots to identify dormant threats and indicators of compromise (IOCs), empowering IT and security teams to take action faster and validate a path to clean recovery.

Why Continuous Monitoring is Essential

Modern security strategies recognize that some threats will slip past primary defenses, which makes it critical to understand the data impact for incident response and cyber recovery. Because backups reflect production systems, they provide a clear signal for assessing impact and identifying clean recovery points. Threat Watch is designed to deliver continuous, peace-time monitoring of backup data and complements threat hunting activities that typically ramp up during an incident. As standards like DORA and SEC disclosure rules tighten reporting timelines, Threat Watch helps teams assess impact faster and prove data integrity.

"Cyber resilience isn’t just about having a copy of your data, it’s about the certainty that you can recover without reinfecting your environment," said Yogesh Badwe, Chief Security Officer at Druva. "Threat Watch brings a peace-time proactive monitor to what has historically been a war-time manual forensic process. With this new capability, we are giving customers the forensic evidence they need to meet strict regulatory windows and have clearer proof of what is safe to restore when the business is under pressure.”

Proactive Security with Zero Infrastructure

Built on Druva’s cloud-native architecture, Threat Watch scans backup data in the Druva Data Security Cloud, outside production environments and without requiring additional hardware or agents. This scan in-place approach avoids the delays of moving data to separate security tools and enables Druva to offer the industry’s only Data Movement Latency SLA. As a result, detection occurs in near real-time without impacting production performance or increasing infrastructure costs.

“Reporting timelines are getting tighter, and that puts pressure on teams to confirm what was impacted and what is safe to restore,” said Yong Jie Tan, IT Infrastructure Manager, at Woh Hup. “Threat Watch gives us ongoing visibility into backup health and the evidence we need to support both recovery decisions and audit requirements. It helps reduce uncertainty during an incident and strengthens our overall resilience posture."

Key benefits and outcomes of Threat Watch include:

• Curated IOC Library: Uses a curated and customer-configurable IOC library, including indicators from CISA, Google Mandiant Threat Intelligence, and Druva ReconX Labs, with support for customer-provided IOCs via upload or API.
• Early Threat Visibility: Continuous scans help minimize breach duration by identifying dormant threats in backup data.
• Safe, Lossless Cyber Recovery: Threat signals detected with Threat Watch feed directly into Druva’s cyber resilience portfolio of products. Powered by Recovery Intelligence, this enables customers to quickly understand blast radius, identify clean restore points, and reduce reinfection risk during recovery.
• Deep Analysis with DruAI: Built on Dru MetaGraph, Druva’s graph-powered foundation for real-time data intelligence Threat Watch will be able to output threat signals into DruAI to help teams prioritize risk, understand impact, and act with greater confidence.
• Compliance and Audit Readiness: Automated summary reports mapped to regulations including NIST, ISO, and DORA that prove "continuous monitoring" to auditors and insurers.

Threat Watch is generally available for cloud and data center workloads (including Amazon EC2, Azure VMs, and VMware VMs). Support for more workloads will be available soon.

Resources

• To see how Threat Watch combines with Threat Hunting to deliver comprehensive Threat Insights, view the demo.
• To learn how IT and security teams can both benefit from Threat Watch’s proactive threat detection, read the blog.
• To see how Threat Watch complements Druva’s cyber resilience capabilities, visit the website.

About Druva

Druva is the leading provider of data security solutions, empowering customers to secure and recover their data from all threats. The Druva Data Security Cloud is a fully managed SaaS solution offering air-gapped and immutable data protection across cloud, on-premises, and edge environments. By centralizing data protection, Druva enhances traditional security measures and enables faster incident response, effective cyber remediation, and robust data governance. Trusted by nearly 7,500 customers, including 75 of the Fortune 500, Druva safeguards business data in an increasingly interconnected world. Visit druva.com and follow us on LinkedIn, X (formerly Twitter), and Facebook.