Bringing IT and Security Teams together to Detect and Identify Cyber Threats
In today’s digital world, the increasing frequency and sophistication of cyberthreats is our new reality. As our reliance on technology grows, so does the potential for devastating cyberattacks that can cripple businesses, compromise sensitive data, and disrupt our interconnected world. Long gone are the days when a simple firewall at the edge of the network was considered adequate. Threats have evolved, and so have the tools and requirements that cybersecurity teams require to keep your data safe.
When it comes to cyberattacks, ensuring that you have a clean and secure backup is your last line of defense. However, in order to achieve true radical resilience, backup and security teams need to come together to swiftly and efficiently detect and identify cyberthreats.
Decreasing the time to uncover threats can make the difference between surviving a cyberattack or going out of business. For several years now, Veeam has provided customers with the ability to perform malware scans against backups. Secure Restore gave enterprises the confidence they needed to restore data while reducing the risk of reinfection. Now, with the release of Veeam Data Platform 23H2, we can help you reduce the time between infection and detection with Veeam Backup & Replication’s new malware detection capabilities.
As a pioneer and continued leader in data protection, Veeam has a long history of empowering customers with industry-leading features, without any added technical or licensing complexity. The newest addition to this extensive feature list is the ability to perform inline scans for indicators of compromise as part of the backup process itself. By leveraging AI and advanced machine learning, Veeam Data Platform can bring to light indicators such as significant changes in entropy or mass file deletion. As an additional layer of protection, guest file index data can be used to look for regularly updated known malware file types or other telltale signs such as ransom notes or .onion URLs.
Once a threat is exposed, the backup will be flagged as “suspicious” right within the console. This will provide you with the information you need to investigate further, as well as critical decision-making data when it comes to performing a restore.
As powerful as the inline malware detection engine is, it is not meant to displace tools that enterprises have already made significant investments in. Unfortunately, silos still exist between many data protection teams and in-house cybersecurity teams. Despite being on the same side, the flow of information between teams can be slow and sometimes disconnected. All too often, backup administrators are only brought into the fold after an incident has been detected, leading to significant delays when it comes to being brought up to speed. Tasks such as coordinating details about affected machines or time stamps related to incidents are essential to beating a cyberattack.
The new Veeam Incident API can unify data flow between IT and security teams and allow for not only near-instant infection reporting, but lets enterprises jump into action immediately as well. When an external cyber solution finds threats like suspicious activity or a ransomware attack, that vital information can be reported directly back to Veeam Data Platform. Once reported, any future restore points will be flagged as infected, providing quick identification to minimize the risk of reintroducing the threat upon restore. Additionally, the API can be configured to automatically perform a Quick Backup, which allows you to create a restore point as close to the point of infection as possible. This restore point can provide significant benefits to enterprises, including restoring individual, un-infected files or application items or retaining a copy of the restore points for future forensic analysis.
Centralized event analysis provides security teams with the ability to process and audit events from systems across an organization. According to our 2023 Ransomware Trends Report, 93% of ransomware incidents target backups as part of their attacks. Attackers know that a clean backup is the strongest defense for your organization, and they will go to great lengths to compromise them. As such, it has never been more critical to monitor and audit the actions being performed on your Veeam Backup & Replication server. With the new “Event Forwarding” setting, backup administrators can automatically stream information into any platform that can receive syslog. This added visibility will allow security teams to obtain a more holistic view of threats that may be lurking in the shadows.
To further this visibility, the powerful monitoring and analytics available within Veeam Data Platform can extend itself and provide full two-way integration with ServiceNow. If an alarm is triggered, Veeam ONE can automatically open and populate a ServiceNow incident, thus taking advantage of existing workflows. Since this is full two-way integration, when incidents are resolved within ServiceNow, they will also be fully communicated back to Veeam ONE to ensure a consistent and concise experience.
In order for enterprises to stand a chance against cyberattacks, there are some key actions that must be taken. First, they need to ensure that they stay informed about emerging threats, not just threats found in the wild, but about anomalies within their network too. Robust security practices must also be employed, from authentication and authorization, up to and including adopting a Zero Trust mindset. Additionally, organizations need to foster a culture of cybersecurity awareness.
Remember, the battle against cyberthreats is a collective effort. As we arm ourselves with knowledge and implement best practices, we contribute to building a more resilient digital ecosystem. The fight against cyberthreats is ongoing, and our commitment to cybersecurity is paramount. Stay vigilant, stay informed, and let Veeam help you shape a future where the devastating consequences of cyberthreats are mitigated through radical resilience.
You must be logged in to post a comment.