Rubrik has done a deal with CrowdStrike and its Next-Gen Identity Security so that customers can reverse malicious identity changes and restore identity providers back to a safe state.
Rubrik has already done a deal with CrowdStrike to send data to its malware-detecting Falcon XDR (Extended Detection and Response) and look for threats in Rubrik backup data. Commvault has done a similar deal with CrowdStrike. Now cyber-security concerns are focussing on identity, as malware attackers may well log into a victim organization’s websites after having gained access credentials, by phishing attacks for example. Rubrik’s Identity Resilience offering can work bi-directionally with CrowdStrike to roll back malicious changes and return identity systems to a secure, immutable state.
Rubrik’s Chief Product Officer, Anneka Gupta, stated: “By expanding Falcon Next-Gen Identity Security with rollback and recovery, we’re giving customers a complete solution – detect, adapt, and reverse – that minimizes disruption and keeps operations running in the face of identity-based threats.”
Daniel Bernard, Chief Business Officer at CrowdStrike, matched this, saying: “Enterprises need more than detection – they need identity security that can adapt, defend, and outpace today’s adversaries. Together with Rubrik, we’re delivering unified identity security that combines CrowdStrike’s AI-driven protection with Rubrik’s rollback innovation. The result is simple: customers stop identity attacks faster, minimize business disruption, and strengthen resilience across hybrid environments.”
Rubrik Identity Resilience (RIR) integrates identity security with risk detection and threat response. Customers can monitor identity changes in real time for forensic analysis, improve collaboration between security and IAM teams, and continuously assess identity risks across human and non-human identities. Rubrik says RIR “can quickly identify and address overprivileged or misconfigured accounts before they are exploited.”
CrowdStrike’s Falcon Next-Gen Identity Security protects an accessing entity’s identity, whether it be human, non-human machine or app, and AI agent , across an identity lifecycle, blocking initial access, preventing privilege escalation, and stopping lateral movement.
The combined RIR-CrowdStrike integration provides:
- Real-time identity threat detection and malicious change correlation. Falcon Next-Gen Identity Security provides AI-driven correlation of suspicious changes across identity providers (IdPs) such as Active Directory, Entra ID, and Okta. Rubrik ingests those alerts and identifies the malicious changes made by the compromised identity.
- Rollback of malicious changes. Rubrik Identity Resilience recovers and rolls back malicious actions, restoring them to a known, safe state, leveraging immutability to prevent re-exploitation. In a worst case scenario, Rubrik delivers a full, clean IdP recovery.
- Accelerated investigation and workflow in Falcon console. With Rubrik Security Cloud’s integrations with Falcon Fusion SOAR, Next-Gen SIEM, Falcon Threat Intelligence, and Charlotte AI, security teams can streamline the investigation and response process by initiating rollback actions, tracking completion, and orchestrating recovery workflows.
RIR is generally available. The Rubrik-CrowdStrike identity resilience integration is available on the CrowdStrike marketplace. Find out more about RIR and its CrowdStrike partnership here. Download a Rubrik Identity Resilience datasheet here.
