Rubrik links Microsoft Defender to speed identity recovery
Rubrik has introduced an integration with Microsoft Defender designed to help organisations respond more quickly to identity-based attacks.
The integration connects Microsoft's identity threat detection with Rubrik's identity rollback and recovery tools. According to Rubrik, the combined setup is intended to move customers from detection to remediation and recovery in hours rather than days.
Identity systems have become a prime target for attackers because they can open access to wider networks and services. Rubrik cited research from its Zero Labs unit showing that 90% of IT and security leaders view identity-driven cyberattacks as their organisation's top concern.
Many security products focus on detecting suspicious behaviour but leave investigation and restoration to manual processes. Rubrik's latest move aims to address that gap by feeding alerts from Microsoft Defender into identity recovery workflows.
That allows security and identity teams to examine incidents, identify changes linked to an alert, reverse malicious modifications, and restore what Rubrik describes as a trusted identity state across hybrid environments, including Active Directory and Entra ID.
Attack Response
Customers will be able to correlate threat alerts with identity changes to understand an attack's impact more quickly. They will also be able to reverse malicious identity modifications without carrying out full domain restores and restore identity states from immutable recovery points.
The emphasis on hybrid identity reflects how many large organisations now run a mix of on-premises and cloud-based directory services. In practice, that can make recovery harder because suspicious changes may spread across several connected identity stores.
Rubrik has spent the past 15 months expanding its identity product set. It has added recovery for Active Directory and Entra ID, widened protection to environments using multiple identity providers including Okta, and launched Identity Resilience tools to help customers investigate incidents and reverse malicious changes.
The Microsoft Defender integration extends that strategy by tying Rubrik's recovery technology more closely to external security tools. The company has also built integrations with other platforms, including CrowdStrike Falcon Identity Protection.
Anneka Gupta, Chief Product Officer at Rubrik, set out the company's view of the challenge facing security teams.
"Detection is only half of the battle," Gupta said. "Organisations need the ability to quickly and surgically reverse malicious identity changes and completely restore their infrastructure. By combining Microsoft Defender's threat detection with Rubrik Identity Resilience, we give security and IAM teams the power to move from a detected compromise to a trusted, recovered state in hours, instead of days."
The announcement underlines the growing importance of identity protection in cybersecurity spending and product development. As attacks increasingly focus on credentials, privilege escalation, and directory manipulation, suppliers are trying to offer tools that do more than raise alerts.
For customers, one practical issue is the disruption caused by broad recovery measures such as restoring an entire domain. A more targeted rollback process could reduce downtime and limit knock-on effects for users and connected systems.
Immutable recovery points are another notable element of the offering. They are intended to give organisations a verified state to return to after an attack, reducing the risk that a restored identity environment still contains malicious changes.
The integration also highlights how cyber suppliers are trying to combine detection and recovery into a more unified response model. Rather than treating backup, identity protection, and threat monitoring as separate functions, vendors increasingly present them as parts of a single operational workflow.
Rubrik said joint customers of Rubrik and Microsoft Defender can now investigate incidents, reverse malicious identity changes, and restore trust across hybrid identity environments, including Active Directory and Entra ID.