Increasing Operational Efficiency With Kasten K10 V6.0

Image
We are excited to announce the release of Kasten K10 version 6.0, the latest and most advanced version of our industry-leading platform that provides enterprise-grade Kubernetes data protection and application mobility. This release helps customers scale their cloud native data protection efficiently. Kubernetes deployments are growing at an unprecedented rate. Gartner predicts that by 2027, more than 90% of global organizations will be running containerized applications in production. However, today’s market conditions are scarred with financial uncertainty and a shortage of cloud native skills. Therefore, you must ensure operational efficiencies are in place to unleash the full potential of your cloud native environments while protecting your data. Additionally, security remains an imperative as organizations focus on keeping their businesses running. With this release, we also continue to innovate in this growing ecosystem, so that you can take advantage of the best-of-breed inn...

Veeam’s Anomaly Detection for Ransomware

Veeam’s Data Protection Trend report surveyed over 4,000 anonymous companies and found that 85% of organizations have experienced some form of ransomware in the past year. Given that a ransomware attack has a far greater chance of happening than a natural disaster, power outage or other disaster recovery (DR) event, it’s critical that IT organizations plan for quick recovery in the event of ransomware as discussed previously.

A crucial component for successful and quick recoveries is to identify the last known good backup that occurred. Without this, organizations can spend countless hours if not days attempting to restore data that is already corrupted. In fact, this report also discovered that companies took between one and two weeks to recover their data on average. This is much more time than it would take to recover from other DR events since much of the time is spent identifying and scanning for the last known clean backup.

Veeam has a three-tier approach to help companies identify the best point-in-time to recover from:

  1. Identify suspicious behavior on your actual production virtual machines (VMs) (for VMware and Hyper-V)
  2. Identify anomalies in underlying backup files
  3. Automatically scan backup files before restoring your machines into production

Identifying Suspicious Behavior on VMs

Making sure there is a recoverable backup is just the first step, but it’s also important that you monitor your entire environment for suspicious or unusual activity. Veeam goes beyond just looking at backup data for anomalies; it looks at the hypervisor and network level as well. These higher-than-normal writes on disk or CPU usage can be a sign that ransomware infected the machine. The goal of the alarm is to pinpoint the machine that is potentially infected before it can propagate to other systems.

The key to this alarm is in the historical view, however. This alarm is useful in identifying where ransomware potentially happened and what backups you should start to recover from.

Identifying Anomalies in Backups

Veeam’s Suspicious Backup File Size Analyzer lives up to its name. This alarm identifies patterns in your backup data. It also analyzes backups and looks for large numbers of file and block changes to your data. If an anomaly is detected, an alert will be sent to your system administrators.

This alarm can be easily integrated into Veeam’s main console, thanks to a brilliant script from Steve Herzig! If an anomaly is detected, it will show in the job statistics.

Simply take this script from github and place it in the post-script section of your backup jobs. Specify how many of the previous PITs you’d like to analyze in the “Depth” field and what amount of growth would be considered suspicious in the “Growth” field.

These first two steps give your business a good idea of what points in time you want to recover from. Without these steps, ransomware is the worst kind of disaster because of the countless hours or even days that are spent manually identifying when is best to recover from.

Automatically Scan Backups Before Restoring

Lastly, whether you proactively or reactively scan backups for malware, Veeam can scan your backup files before restoring machines into production. If malware is found, you can either abort the recovery or restore without attaching a network for deeper forensics.

Organizations can use any scanning tool that has a CLI. This can be Trend Micro, Bitdefender, Windows Defender, etc. Simply edit the XML file here.

Conclusion

Veeam is on a mission to help customers recover from ransomware. I have personally seen Veeam be the heroes many times for organizations who find themselves in trouble. Veeam believes that combining the steps above to identify a clean point in time with the fastest recovery options available in the marketplace is a great recipe to helping IT organizations sleep well at night.

The post Veeam’s Anomaly Detection for Ransomware appeared first on Veeam Software Official Blog.



Original post here: Veeam’s Anomaly Detection for Ransomware

Comments

Popular posts from this blog

How to use a SOBR with Veeam Backup & Replication

How To Migrate a Veeam Backup & Replication Configuration Database to PostgreSQL

Use Snapshots to backup SMB File Shares on your NetApp ONTAP system