top of page
Writer's pictureMatt Tyrer

Data Protection: Competitive News Makers (June 2024)

There's a lot going on in the data protection and cyber security markets - it can be hard to keep up with all the news. That's where The Competitive Corner's Newsletter comes in, to help curate and distill the most pertinent movers and shakers each month to make your job easier.


June was a busy month in the data protection market with a lot more announcements and news than I could capture in this newsletter (unless it was a news BOOK), so I had to do some serious curation for brevity. Key newsmakers include #Rubrik, #Veeam, #Cohesity, #Clumio, #Veritas and #Varonis. Below you'll find a breakdown of why these news items matter to you, links to the original articles, and related blogs for further research and insights.

 

June 2024 Competitive Headlines:

(click any headline to jump directly to the analysis)


 

Rubik returns to data backups at Forward 2024



Why it Matters?


In this TechTarget article we find a good roundup of the May 2024 Rubrik virtual event and highlights. Obviously, the key on the messaging front was the pivot back to backups - something many had been disgruntled with Rubrik about in terms of over-rotation to security last year.


In addition to this shift in messaging, Rubrik announced several future updates to their technology such as expanded support for anomaly detection and more focus on their DSPM solution (via the Laminar acquisition). There were new workloads added to their core backup/recovery platform such as S3, Azure Blob, and Azure Data Lake support via their NAS Cloud Direct technology (Igneous acquisition). They also had several demonstrations of their Ruby AI product.


Overall, while there were no groundbreaking announcements or launches at the event, Rubrik appears to be working to get their new IP productized and on the market for customers.


 

VeeamON 2024


[Link to Original Article ]


Why it Matters?


Rubrik wasn't the only vendor holding an event as Veeam hled their 10th annual customer conference in May 2024. Highlights of the event include a showcase of the Veeam AI Copilot, previews of their upcoming M365 v8.0 release, and even a quick glimpse of their new UI coming in the latest VeeamONE and VBR v13 products next year.


At VeeamON24, they published their 2024 Ransomware Trends Report - This 20 page document is also a marketing tool for their new Coveware solutions acquired recently. Look for Veeam to use the report to push mindshare and awareness for Coveware's offerings as they look to upsell into larger security minded customers with this white glove type professional service engagement.


 

What's new with Cohesity DataProtect delivered as a service (DPaaS)


Why it Matters?


Cohesity has been slow to expand their DPaaS offering, but recently published a "What's New" article rounding up the new capabilities added to their DPaaS solution over the past few months. Many of these were covered off in other blogs, but it looks like they are finally adding in some self-service capabilities for M365 - something many other vendors have offered for some time.


In a separate announcement, Cohesity as eager to announce that their DPaaS solution had achieved StateRAMP authorization. This is a certification we've seen many cloud backup solutions targeting as it is a faster approval process compared to FedRAMP.


 

Clumio anoints new CEO as co-founder steps down



Why it Matters?


After 7 years, the Clumio founder is stepping down and the current CRO (Rick Underwood) will be assuming the role of CEO. While Clumio has had some good funding recently, they've also had some "identity crises" over the years as they've killed off their M365 product only to reintroduce it a few months later, removed support for on-prem workloads, and let go of half their sales staff. Focused on the AWS side of things, it will be interesting to see if new leadership will have them expand into other

clouds and broader workloads.


 

Rubrik Reports First Quarter Fiscal Year 2025 Financial Results



Why it Matters?


There was a significant growth in ARR and subscription - now some of that can be attributed to conversion of perpetual into subscription customers, but still a 46% growth is nothing to scoff at. Most impressive was the 41% growth of $100k+ customers. However, Rubrik did provide guidance that they were still going through $100M in cash - which is pretty high…


This beat by Rubrik was largely expected as they carry momentum from the IPO itself, but it will be the next 6 months that will be critical in determining their overall health and viability long-term.


Regardless of what appears at face value to have been a good initial quarter for the company, the stock dropped nearly 9% over the next 24 hours of trading, but it did recover later to finish the week nearly back to its IPO launch price. This was likely due to a number of initial investors cashing out for a quick buck and may have waited for first quarter earnings before doing so. This will be Rubrik’s BEST earnings report (as they literally had nothing else to compare against in terms of performance to the street), so theory is to sell high. They are guiding to $100m in cash burn…that’s insane. So I’m

wondering if that is keeping away quality investors.


 

KB4585: Veeam Recovery Orchestrator Vulnerability (CVE-2024-29855)



Why it Matters?


Another day another Veeam CVE, although this one is certainly a lot harder to exploit than the other 5+ from last quarter...this one is rated 9/10 in severity.


The vulnerability appears to only impact Veeam Recovery Orchestrator (used for VMware DR

automation) and is fixed in more recent builds. The flaw allows a hacker to access the VRO web UI with administrator privileges - the caveat to the attacker though is that they have to know the exact username and account role within VRO AND that username also has to have an active access token in order for the hijack to be successful. So, the likelihood of this happening is probably pretty low, but this is still 6+ CVEs from Veeam so far this year...


 

New "Fog" Ransomware Targets Schools via Hacked VPNs



Why it Matters?


Looks like there's a new ransomware version out called "Fog" and it's attacking schools via compromised VPN credentials. Once inside the network, the attackers disable Microsoft

Defender and Fog will also encrypt VMDK files in Virtual Machine (VM) storage, and will delete backups from object storage in Veeam and Windows volume shadow copies. The encrypted files carry the .FOG extension. Finally, the ransomware will drop a note, instructing the victims on how

to get in touch and try to decrypt the system. It does not appear as though any exfiltration is happening as a result of these attacks so far.


 

Introducing Cohesity clean room design



Why it Matters?


It appears as though Cohesity has some FOMO regarding all the news recently around Clean Rooms (well done on Commvault for that), and Cohesity doesn't want to be left out anymore. So, they've launched a new "solution" (and I use the term very loosely) called Cohesity Clean Room Design. The blog and solution pages all read as a best practices design manual, but there's no actual product or package or offering here -- it's all marketecture and services.


Essentially, this "Clean Room" solution is simply a consulting design engagement to help the customer use the Cohesity technology to support their IRE/CleanRoom plans that are probably already in place.


 

Varonis Achieves FedRAMP "In Process" Designation



Why it Matters?


Varonis announced this week that their cloud-based solution has achieved the FedRAMP "In Process"

designation. Varonis has an extensive portfolio of data governance, security, DSPM, sensitive data

classification/management, DLP, and more - a portfolio that has been built over time through various

acquisitions and organic development. Over the past several years Varonis has been actively migrating their products from a traditional on-prem and infrastructure heavy deployment model to being delivered as a SaaS consumption service. It is my understanding that most, if not all, of their products are now available via their cloud and achieving FedRAMP status will be a good stepping

stone for them to continue to expand in the federal market.


 

Veritas Simplifies Visibility into Unstructured and Sensitive Data



Why it Matters?


Veritas (or the soon to be spun-off “DataCo” part of it) is still actively developing their products it seems as they have announced a new release of their Veritas Data Insight solution for sensitive data monitoring/classification. This new release has some performance improvements, but the main

"pizzazz" is that the solution is now available as SaaS. Previously, the Data Insight product needed to be deployed in the customer environment with its own set of index servers and storage, so this shift to SaaS certainly makes it much easier to consume.


It's unclear exactly which cloud this service is coming from (possibly Azure?), but now customers have the choice in terms of a traditional deployment or the cloud.


 

Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.

16 views0 comments

Comments


bottom of page