Rubrik interprets backups and security as an increasingly broad concept. With Identity Resilience, it also wants to cover identities in addition to data and intercept them as an attack path. The goal is to prevent downtime as much as possible.
Identity Resilience must protect both human and non-human identities. Identity systems are complex infrastructures used by almost all large organizations, but they remain a consistent target for hackers. These include users, endpoints, agents, service accounts, processes, and applications. When these systems are compromised, attackers gain access to critical data and credentials, while disrupting them can hinder recovery after a cyberattack. It doesn’t matter how exactly someone gets in or who is fooled: the result is often the same.
“Identity systems are not only complex and hard to manage, but they have also become the primary gateway for attackers aiming to access an organization’s valuable data,” said Mike Tornincasa, Chief Business Officer at Rubrik. “Today, we signal our commitment to identity protection, to address our customers’ needs by detecting threats that target identities and proactively reduce identity risks, just as we have successfully done with data security.
Identity as the primary attack vector
According to Rubrik, the company already protects millions of identities worldwide. A recent CISA report shows that 90 percent of cyberattacks on critical infrastructure start with an identity compromise, which often leads to privilege escalation and lateral movement toward valuable business data. These threats develop gradually, making it crucial to understand not only the “who” and “what,” but also the “when” — how privileges or access patterns change over time.
Using time series data, Rubrik’s solution is designed to provide continuous visibility into identity changes, enabling earlier detection of suspicious activity. Just as Rubrik monitors and protects data, the announced capabilities are designed to identify, monitor, and protect critical, sensitive, and active identities, including non-human identities (NHIs) such as machines that use service accounts and access tokens.
Rubrik does not yet cover all of a company’s security needs. Rubrik partners remain essential in this regard. In 2024, for example, it announced a strategic partnership with CrowdStrike to better protect sensitive data, integrating CrowdStrike’s XDR platform with Rubrik Security Cloud. The company is also working with Cisco to make it easier to identify targeted attacks on data through integration with Cisco XDR. There are more examples, but this shows that Rubrik solutions, in all their diversity, complement the offerings of other security players.
Holistic approach to cyber resilience
Rubrik argues that identity management, identity protection, and data security are too often treated as separate products, managed by different teams within an organization. In contrast, Rubrik wants to combine these capabilities to offer new functionalities and a holistic view of identity and data. This is reminiscent of Okta’s definition of identity security, which is equally universal.
Comprehensive protection for complex environments
Identity Resilience offers several features to help organizations defend against attacks earlier and recover systems faster:
First, hybrid protection for Active Directory (AD) and Entra ID: With automated and orchestrated recovery workflows, organizations can recover complex hybrid identity environments—such as Active Directory forests and entire Entra ID tenants—faster and with more confidence than ever before. AD recovery can involve up to 22 manual steps, but Rubrik consolidates this into a user-friendly wizard, dramatically reducing complexity and recovery time.
In addition, it provides comprehensive risk analysis for human and non-human identities: With a unified view of identity providers that shows which human and non-human identities have access to sensitive data, organizations can identify dormant or orphaned accounts, detect risky privilege escalations, and expose problematic access combinations that traditional tools often miss.
Finally, Identity Resilience provides complete identity and data context: Instead of working with limited context from identity providers, organizations can link identity-based information to sensitive data context (e.g., healthcare, financial), privileges, and activity. This essential context can reduce remediation and strengthen the risk posture before a cyberattack, accelerating threat hunting and recovery during and after an attack.