Increasing Operational Efficiency With Kasten K10 V6.0

Image
We are excited to announce the release of Kasten K10 version 6.0, the latest and most advanced version of our industry-leading platform that provides enterprise-grade Kubernetes data protection and application mobility. This release helps customers scale their cloud native data protection efficiently. Kubernetes deployments are growing at an unprecedented rate. Gartner predicts that by 2027, more than 90% of global organizations will be running containerized applications in production. However, today’s market conditions are scarred with financial uncertainty and a shortage of cloud native skills. Therefore, you must ensure operational efficiencies are in place to unleash the full potential of your cloud native environments while protecting your data. Additionally, security remains an imperative as organizations focus on keeping their businesses running. With this release, we also continue to innovate in this growing ecosystem, so that you can take advantage of the best-of-breed inn...
Post a Comment

Veeam’s Anomaly Detection for Ransomware

Veeam’s Data Protection Trend report surveyed over 4,000 anonymous companies and found that 85% of organizations have experienced some form of ransomware in the past year. Given that a ransomware attack has a far greater chance of happening than a natural disaster, power outage or other disaster recovery (DR) event, it’s critical that IT organizations plan for quick recovery in the event of ransomware as discussed previously.

A crucial component for successful and quick recoveries is to identify the last known good backup that occurred. Without this, organizations can spend countless hours if not days attempting to restore data that is already corrupted. In fact, this report also discovered that companies took between one and two weeks to recover their data on average. This is much more time than it would take to recover from other DR events since much of the time is spent identifying and scanning for the last known clean backup.

Veeam has a three-tier approach to help companies identify the best point-in-time to recover from:

  1. Identify suspicious behavior on your actual production virtual machines (VMs) (for VMware and Hyper-V)
  2. Identify anomalies in underlying backup files
  3. Automatically scan backup files before restoring your machines into production

Identifying Suspicious Behavior on VMs

Making sure there is a recoverable backup is just the first step, but it’s also important that you monitor your entire environment for suspicious or unusual activity. Veeam goes beyond just looking at backup data for anomalies; it looks at the hypervisor and network level as well. These higher-than-normal writes on disk or CPU usage can be a sign that ransomware infected the machine. The goal of the alarm is to pinpoint the machine that is potentially infected before it can propagate to other systems.

The key to this alarm is in the historical view, however. This alarm is useful in identifying where ransomware potentially happened and what backups you should start to recover from.

Identifying Anomalies in Backups

Veeam’s Suspicious Backup File Size Analyzer lives up to its name. This alarm identifies patterns in your backup data. It also analyzes backups and looks for large numbers of file and block changes to your data. If an anomaly is detected, an alert will be sent to your system administrators.

This alarm can be easily integrated into Veeam’s main console, thanks to a brilliant script from Steve Herzig! If an anomaly is detected, it will show in the job statistics.

Simply take this script from github and place it in the post-script section of your backup jobs. Specify how many of the previous PITs you’d like to analyze in the “Depth” field and what amount of growth would be considered suspicious in the “Growth” field.

These first two steps give your business a good idea of what points in time you want to recover from. Without these steps, ransomware is the worst kind of disaster because of the countless hours or even days that are spent manually identifying when is best to recover from.

Automatically Scan Backups Before Restoring

Lastly, whether you proactively or reactively scan backups for malware, Veeam can scan your backup files before restoring machines into production. If malware is found, you can either abort the recovery or restore without attaching a network for deeper forensics.

Organizations can use any scanning tool that has a CLI. This can be Trend Micro, Bitdefender, Windows Defender, etc. Simply edit the XML file here.

Conclusion

Veeam is on a mission to help customers recover from ransomware. I have personally seen Veeam be the heroes many times for organizations who find themselves in trouble. Veeam believes that combining the steps above to identify a clean point in time with the fastest recovery options available in the marketplace is a great recipe to helping IT organizations sleep well at night.

The post Veeam’s Anomaly Detection for Ransomware appeared first on Veeam Software Official Blog.



Original post here: Veeam’s Anomaly Detection for Ransomware

Comments

Post a Comment

Popular posts from this blog

How to use a SOBR with Veeam Backup & Replication

Image
For those of us who have been in the business of backing up data for a while, we’re used to making copies of data on different types of media. I won’t date myself by mentioning reel-to-reel tapes, but the journey started with tape and then backing up data to block/file-based disk storage came along. More recently, a new kid on the block has become a popular destination for backed up data, object storage. Veeam started to use object storage as a target when we released Veeam Backup & Replication 9.5 Update 4 in January 2019 by introducing our use of AWS S3 compliant object storage via the Capacity Tier. A year later, we launched Veeam Backup & Replication v10 which featured support for object locking to provide data immutability for object storage. Immutability provides protection from ransomware attacks by locking the objects which prevents them from being modified or deleted by malicious software or humans. Today, Veeam Backup & Replication is protecting hundreds of petab...
Read more

How To Migrate a Veeam Backup & Replication Configuration Database to PostgreSQL

Image
Before Veeam Backup & Replication v11, the product used SQL Server to create and store its configuration database. It has always been possible to use SQL Server Express to store a Veeam Backup & Replication, however, this version of SQL Server had some critical limitations. In the 2022 version of SQL Server Express, the most relevant limitations were: Use of one socket or four cores Use of only 1.4GB per instance 10GB limit for databases In an environment of 500 machines or fewer, these limitations may not have an impact, but if you have a large backup environment, you had to migrate to one of the paid SQL Server versions to avoid these limitations. You can check the limits for each version of SQL Server 2022 by clicking this link . For V12 and with scalability, performance and licensing cost in mind, Veeam introduced the possibility of using PostgreSQL as a configuration database. PostgreSQL is a relational database management system that’s been used for over 35 years...
Read more

Use Snapshots to backup SMB File Shares on your NetApp ONTAP system

Image
update notice: The information in this blog post has been updated on April 1st, 2022. Since Veeam Backup & Replication version 10, it’s possible to back up NAS shares with the SMB (CIFS) and NFS protocol. One of the challenges with backing up large file shares is doing so in a consistent state. This blog post shows how to create a consistent backup of an SMB share hosted on a NetApp ONTAP based storage. NetApp storage snapshot, Microsoft VSS snapshot or Storage Integration? Veeam offers three ways to back up a NetApp ONTAP SMB share in a consistent state. With NetApp storage integration From a NetApp storage snapshot (without integration) With Microsoft remote VSS snapshot Using the storage integration is the easiest way to get the latest state with very few configuration steps. Using an alternative snapshot path allows complex scenarios like backing up from a SnapMirror/SnapVault location but it involves scripting or a schedule on NetApp to create and delete t...
Read more