Senior Staff Cloud Security Engineer

Druva has launched Deep Analysis Agents, AI-powered tools that automate forensic and compliance investigations, completing multi-day tasks in 8 to 10 minutes. The agents, built on Druva's Dru MetaGraph platform, independently analyse telemetry, logs and identity data across systems to produce ready-to-share reports. The release includes Agentic Memory, enabling DruAI to store and recall organisational information over time whilst personalising responses based on user roles. The platform now supports image-based assistance, allowing users to upload screenshots for guided troubleshooting. Deep Analysis Agents operate on zero-trust architecture meeting global compliance standards including FedRAMP and SOC 2. Customer data remains encrypted and is never used to train language models. The features are now generally available.

Druva expands DruAI with agentic workflows, Deep Analysis Agents. Key Takeaways * Druva launched Deep Analysis Agents designed to automate multi-day forensic and compliance investigations and return finished reports in minutes. * The update adds "Notify Me" background workflows, Agentic Memory for persistent context, and role-aware personalization. * Druva reports more than 3,000 active DruAI customers and says usage has contributed to a decline in support case volume. Druva today (Feb. 24) announced an expansion of its DruAI platform, introducing Deep Analysis Agents and new agentic workflow capabilities aimed at automating complex forensic, compliance and operational investigations. The release advances DruAI beyond what Druva previously positioned as a conversational copilot. "IT teams are drowning in evidence collection and manual reporting," said Stephen Manley, CTO at Druva. "This release turns AI from a conversational assistant into a partner that completes work. We are enabling teams to delegate multi-day investigations to agents that finish in minutes and deliver a final report that can be immediately shared with security, compliance, or operations teams." Deep Analysis Agents and 'Notify Me' Workflows At the center of the update are Deep Analysis Agents - long-running agents designed to break investigations into steps, coordinate across systems and synthesize findings into a consolidated report. Druva said investigations that previously required two to three days of manual effort can now be completed in approximately eight to 10 minutes, with output formatted for direct use by security, compliance or operations teams. A new "Notify Me" workflow allows users to trigger a deep analysis and let it run in the background. Once complete, DruAI emails a synthesized report, reducing the need for interactive sessions during extended investigations. The enhancements are built on Dru MetaGraph, described in the blog as Druva's tenant-specific, graph-powered intelligence layer designed to understand relationships across backups, identities, configurations, telemetry and audit artifacts. The company said this foundation enables DruAI to move from answering individual questions to executing multi-step investigative workflows with continuity and context. Druva, which specializes in cloud-native data security, protection, and recovery across enterprise environments, also introduced Agentic Memory, which allows DruAI to retain short-term session context and structured long-term organizational knowledge. According to the company, this enables cognitive continuity across sessions and semantic learning of organization-specific terminology. The result is role-aware and preference-aware output tailored to IT administrators, security operations center analysts and compliance officers. The blog post cites adoption metrics for DruAI, reporting more than 3,000 active customers, over 17,000 total conversations and a 67% case resolution rate. Druva said usage has contributed to a 12.6% quarter-over-quarter drop in support case volume, equivalent to 550 fewer cases. The update also adds multimodal capabilities, allowing users to upload screenshots of error messages, alerts, configuration pages or other system behavior directly into the console. DruAI interprets the image and provides guided troubleshooting steps, extending analysis beyond log files and metadata. The announcement included a customer perspective from Goodwill Industries of the Valleys. "For the first time, we have an AI tool that delivers actionable insight right out of the gate," said Hunter French, senior vice president for Impact Services at Goodwill Industries of the Valleys. "It analyzes weeks of log data and surfaces findings we can immediately put to work, saving hours of compliance reporting and manual review." Druva said the new capabilities are generally available. David Ramel is an editor and writer at Converge 360.

Druva Threat Watch offers continuous threat monitoring of backup data. Druva announced the launch of Threat Watch, a zero-touch, automated cloud-native solution for proactive threat monitoring of backup data. Threat Watch is designed to continuously scan backup snapshots to identify dormant threats and indicators of compromise (IOCs), empowering IT and security teams to take action faster and validate a path to clean recovery. Security strategies recognize that some threats will slip past primary defenses, which makes it critical to understand the data impact for incident response and cyber recovery. Because backups reflect production systems, they provide a clear signal for assessing impact and identifying clean recovery points. Threat Watch is designed to deliver continuous, peace-time monitoring of backup data and complements threat hunting activities that typically ramp up during an incident. As standards like DORA and SEC disclosure rules tighten reporting timelines, Threat Watch helps teams assess impact faster and prove data integrity. "Cyber resilience isn't just about having a copy of your data, it's about the certainty that you can recover without reinfecting your environment," said Yogesh Badwe, Chief Security Officer at Druva. "Threat Watch brings a peace-time proactive monitor to what has historically been a war-time manual forensic process. With this new capability, we are giving customers the forensic evidence they need to meet strict regulatory windows and have clearer proof of what is safe to restore when the business is under pressure." Proactive security with zero infrastructure. Built on Druva's cloud-native architecture, Threat Watch scans backup data in the Druva Data Security Cloud, outside production environments and without requiring additional hardware or agents. This scan in-place approach avoids the delays of moving data to separate security tools and enables Druva to offer the industry's only Data Movement Latency SLA. As a result, detection occurs in near real-time without impacting production performance or increasing infrastructure costs. "Reporting timelines are getting tighter, and that puts pressure on teams to confirm what was impacted and what is safe to restore," said Yong Jie Tan, IT Infrastructure Manager, at Woh Hup. "Threat Watch gives us ongoing visibility into backup health and the evidence we need to support both recovery decisions and audit requirements. It helps reduce uncertainty during an incident and strengthens our overall resilience posture." Key benefits and outcomes of Threat Watch include: * Curated IOC library: Uses a curated and customer-configurable IOC library, including indicators from CISA, Google Mandiant Threat Intelligence, and Druva ReconX Labs, with support for customer-provided IOCs via upload or API. * Early threat visibility: Continuous scans help minimize breach duration by identifying dormant threats in backup data. * Safe, lossless cyber recovery: Threat signals detected with Threat Watch feed directly into Druva's cyber resilience portfolio of products. Powered by Recovery Intelligence, this enables customers to quickly understand blast radius, identify clean restore points, and reduce reinfection risk during recovery. * Deep analysis with DruAI: Built on Dru MetaGraph, Druva's graph-powered foundation for real-time data intelligence Threat Watch will be able to output threat signals into DruAI to help teams prioritize risk, understand impact, and act with greater confidence. * Compliance and audit readiness: Automated summary reports mapped to regulations including NIST, ISO, and DORA that prove "continuous monitoring" to auditors and insurers. Threat Watch is generally available for cloud and data center workloads (including Amazon EC2, Azure VMs, and VMware VMs).