Features Ransomware protection on Veeam Backup and Replication - Case # 05262875

[raing sopheaktra]

Dear Veeam Support,

I have one question to ask you, which the features option and Veeam Backup Server can do for protection ransomware attack ?

Noted: I know some activity from your team like list (1-3), but all this activity look like not good or can’t accepted, so please check it.

1. Storing the backup on a "Hardened Repository". This is a special secure Veeam repository for storing backups that offers single-use credentials so that even if the Veeam server is compromised, the attacker will not have access to the backup files. It also offers Immutability - preventing backup files from being deleted or modified by either malicious users or malware/ransomware. There is plenty of detail in our User Guide here:
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
2. Storing a copy of your backups offline (e.g. tapes, rotated USB drives) - ransomware cannot encrypt backups that are not online.
3. General security best practices like using service accounts, limiting administrative users, password complexity/rotation requirements, timely security patching, etc.

Example: Step (2), Storing a copy of your backups offline (e.g. tapes, rotated USB drives) - ransomware cannot encrypt backups that are not online.
If I have a data backup file more than 200T, so if ransomware attack and what time that we can restore backup file back, cos all data important and we space long time to restore, so how we can accept it.

We are waiting your update.
Thanks.

Best regards,
RAING Sopheaktra

[HannesK]

Hello from Veeam R&D (it's the R&D forum),
I asked support to close the case because it seems to be a "how to" / "consulting" or "design" question. Support is available for "fix broken things".

1-3 are good recommendations in general. Everything fine there as far as I see.

With 200 TB, rotated USB drives are obviously not the best solution. But that's something support cannot be blamed for. Support fixes issues and is not a consulting partner Tape for example is fine with 200TB (or even much more)

So the question is: what is your question? There are many options described on the forums (forum search for ransomware provides lots of ideas). There is also a whitepaper on best practices. So you only need to decide what you like to do.

Best regards,
Hannes

[raing sopheaktra]

Dear Hannes,

Thanks for reply.

Veeam Backup Server can protect ransomware or not?
If have which the best option to protect?
I want to know which the option that Veeam can do for protect ransomware, so please kindly check.

I'm waiting your reply.

Best regards,
RAING Sopheaktra

[Mildur]

Hi Raing

Veeam uses storage technology to protect you against ransomware. If you don‘t use the right storage for your requirements, then the backup is not really protected against ransomware. Each user who can access the backup server and have or get admin permissions can remove backups. A storage must be in place which prevent that outside of veeam.

Use Linux hardened repos or Object storage with immutability support.
For Linux hardened repos, you can use physical server with built in disk. For Object Storage, you can buy your own or use a public cloud service. I heard that many uses wasabi for that as an example. But there are also others too.
This are backup repository types which protects your backups against ransomware.

With 200 TB Source Data, this are the only options I would use.

[HannesK]

Hello,

which the best option to protect?

As Veeam support, Mildur and me already said: Hardened Repository is the way to go for on-prem environments. As an alternative, you can also use object storage on-prem with with object lock capabilities (but for 200TB, that's probably oversized)

I hear from my colleagues that they are trying to find a partner that can help you in designing your solution. Doing consulting services via email / support / forum is the wrong way for an environment like yours (I just looked at the number of licenses you have)

Best regards,
Hannes

[raing sopheaktra]

Dear Mr.Hannes,

Well noted with thanks.

I know Veeam Support has scope to do, but I think technically should be known clearly.
How we can clear what my request ?
Which Team can provide more clear about this ?

Noted: My question, I want to know Veeam Backup Server can protect ransomware or not ? Yes or not ?
If can which the option ?

Or, Veeam Backup has only this option " Hardened Repository" that can acceptable.

Best regards,
RAING Sopheaktra

[HannesK]

Hello,
Disclaimer: I struggle to understand your English

Which Team can provide more clear about this ?

As far as I see, there is no Veeam Accredited Service Partner available in your county. The local Veeam sales team can help to find a partner that can help you. Veeam does not offer consulting services. All consulting services are done via partners.

Noted: My question, I want to know Veeam Backup Server can protect ransomware or not ? Yes or not ?

I assume that you mean "protect backups against ransomware"? If that's the question, then it was answered already multiple times with "yes". The options are
1) hardened repository or object storage with object lock
2) removable devices including disk and (WORM) tapes

If that's not the question, then maybe different wording can help to provide better answers.

Best regards,
Hannes

[raing sopheaktra]

Dear Mr.Hannes,

Disclaimer: I struggle to understand your English, Well noted with thanks, I will try improve myself more.

Ok, Veeam Support Services provide only solution when I have something error on Veeam Backup Server and don't offer consulting services like my question that I'm asking, right ?
And you say that Veeam Accredited Services Partner don't available in my country, if I want to understand more and clarify more which my question, so which team that I can continue to check ?

Noted: Option Protection ransomware on Veeam Backup Server
1) hardened repository or object storage with object lock
2) removable devices including disk and (WORM) tapes

Please kindly check, I'm waiting.

Best regards,
RAING Sopheaktra

[HannesK]

Hello,

Ok, Veeam Support Services provide only solution when I have something error on Veeam Backup Server and don't offer consulting services like my question that I'm asking, right ?

correct.

And you say that Veeam Accredited Services Partner don't available in my country, if I want to understand more and clarify more which my question, so which team that I can continue to check ?

your Veeam Sales representative / Veeam Systems engineer. They can help to find alternatives as they know the partners in your country better than I know.

Best regards,
Hannes

[raing sopheaktra]

Dear Mr. Hannes,

Well noted with thanks for e-mail.

I want to start deploy hardened repository at stage Backup Server, so I have some question ask to you.
What are advantages and disadvantage of hardened repository?
How hardened repository protects from ransomware?

I still one think not clear, hardened repository connection with Veeam Backup Server for store file backup job, why this option can protect form ransomware ?

If you don't understand my question, Please tell.

I'm waiting your update.

Best regards,
RAING Sopheaktra

[soncscy]

Hey Raing,

I don't mean to be harsh, but it sounds like you really need a consultant, not forums and not technical support.

Ransomware is lazy, in that it wants to hit as hard and fast as possible without a lot of complex work.

Hardened repo uses the linux chattr command to set the immutable flag, so to compromise the backups, you need root on the server hosting the backups themselves.

I don't mean to be accusatory, but this is extremely basic linux knowledge, and your question leads me to think you're more on the sales/management side of things. This is fine, but if that's the case, you need to let the various sales teams show you the white papers you need to report to your stakeholders.

I think you need to schedule a meeting with a demonstration team and prepare you questions in advance; else you're constantly going to be going "crazy" chasing answers. I'd also advise that you ask your stakeholders check the User Guide.

Understand that my statement isn't against you, it's a response to people in your position, who've I've dealt with a ton for my company. We occasionally get C-Level persons and Director level ones who have questions but they don't quite get the answers.

The best think you can do is to collect _all_ these questions, check them against the User Guide/your sales representative, and then check additional questions.

Write the Sales representative, or contact a Veeam Accredited Service Partner in your area and get a quote for a consultation/engagement. You need this, not the advice of community users.

I'm usually happy to answer some specific questions, but your questions can be found from the User Guide, and normally I'd bill at least 2 hours for such an engagement as your initial question is very broad and will lead to others

[soncscy]

> If I have a data backup file more than 200T, so if ransomware attack and what time that we can restore backup file back, cos all data important and we space long time to restore, so how we can accept it.

Also I must comment on this.

You must _not_ accept any evidence from this except a real test from your environment. There are literally thousands of combinations of hardware and software that could be in place, and even knowing your specific set up, it's possible your environment has invisible variables that make this impossible to predict.

I strongly advise you and your team do your own research and find an immutable option that works for you, and then do practical testing to determine what a DR situation looks like.

Even with the same vendor for drives, I would not expect the same performance until test evidence showed as such.

Pick a direction your IT team is comfortable with, then do practical testing to determine what your restore time looks like. That comfort aspect is the _most important part_, as expecting your team to behave rationally during an attack is foolish.

[raing sopheaktra]

Dear Mr. Soncscy,


I don't mean to be harsh, but it sounds like you really need a consultant, not forums and not technical support.
OK, Well noted with thank you for your reply.

Can I ask to you and your team one more, cos I try to review Veeam website and another website still don't see what is the advantage of Hardened Repository protect from malware, so your team can list some point?
what is advantage of hardened repository protect from malware can do ?
How does Hardened Repository word ?

I know you and team not provide consultant, but I want to you answer what you can.

I'm waiting your update.

Thank you.

Best regards,
RAING Sopheaktra

[HannesK]

Hello,
also soncscy is also green, he is a "Veeam Legend". He is not working for Veeam. Maybe we should change the colors... good point

is the advantage of Hardened Repository protect from malware

just to clarify: Hardened Repository protects against encryption of backups by malware. Veeam is a backup company. If you are searching for something that is helping against ransomware for your production environment in general, then a security software vendor would be the way to go. Veeam does backup (including protecting these backups against malware)

for Hardened Repository:
1) please see the link Mildur posted above: https://helpcenter.veeam.com/docs/backu ... ml?ver=110
2) please see the sticky forum FAQ: post402811.html#p402811
3) please see the blog post on Hardened Repository external audit: https://www.veeam.com/blog/hardened-rep ... iance.html
4) please see the Hardened Repository whitepaper: https://www.veeam.com/wp-guide-protect- ... ckups.html
5) please see the general security whitepaper I linked in my earlier post: https://www.veeam.com/wp-protection-you ... mware.html

Best regards,
Hannes