-
- Influencer
- Posts: 15
- Liked: 1 time
- Joined: Dec 04, 2014 4:59 pm
- Full Name: Albert Gostick
Built-in ransomware mitigation?
Hi,
A customer of mine has indicated that the new(er) version of Veeam contains some "built-in ransomware" detection. Does the newer version of B & R contain some feature to detect if something is trying to encrypt backup files and then block it?
This came up as I mentioned to them that their backup servers should not be joined to their domain (which they are) and that they should be rebuilt to be non-domain-joined servers (so that different credentials are used to log into them to manage them etc.). They said that "that does not matter any more as Veeam now has built in ransomware detection". I have not seen a paper on this so cannot confirm it. Note that I do not work with Veeam on an everyday basis so maybe I am just out of the loop about it.
Thanks
A customer of mine has indicated that the new(er) version of Veeam contains some "built-in ransomware" detection. Does the newer version of B & R contain some feature to detect if something is trying to encrypt backup files and then block it?
This came up as I mentioned to them that their backup servers should not be joined to their domain (which they are) and that they should be rebuilt to be non-domain-joined servers (so that different credentials are used to log into them to manage them etc.). They said that "that does not matter any more as Veeam now has built in ransomware detection". I have not seen a paper on this so cannot confirm it. Note that I do not work with Veeam on an everyday basis so maybe I am just out of the loop about it.
Thanks
-
- Product Manager
- Posts: 6551
- Liked: 765 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: Built-in ransomware mitigation?
Hi,
I guess they were referring to Secure Restore which is not exactly the thing they were describing : )
You can also detect malicious activity using Veeam ONE, please refer to this blog post.
Thanks
I guess they were referring to Secure Restore which is not exactly the thing they were describing : )
You can also detect malicious activity using Veeam ONE, please refer to this blog post.
Thanks
-
- Influencer
- Posts: 15
- Liked: 1 time
- Joined: Dec 04, 2014 4:59 pm
- Full Name: Albert Gostick
Re: Built-in ransomware mitigation?
Thanks. Link to blog post does not work - removed?
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
-
- Influencer
- Posts: 15
- Liked: 1 time
- Joined: Dec 04, 2014 4:59 pm
- Full Name: Albert Gostick
Re: Built-in ransomware mitigation?
So my quick read of this is that you would use Veeam One to alert if there was something like a high level of cpu usage (sorry, I am not the main IT person for the Veeam setup).
I think what the other IT guy was conveying is that somehow Veeam had built a built in process to *prevent* the encryption of files not just alert to them. I am particularly concerned in the actual backup files being encrypted because the veeam backup servers are joined to the domain, which I am trying to argue should not be done. I think if this had been thought of a few years ago it would have been done right from the start but now that everything is set up and working, they are reluctant to rebuild their setup with servers removed from the domain.
So that brings up another question: would they indeed have to rebuild the servers from scratch if they were pulled from the domain - when poking around inside the setup, I noticed that Veeam stores the credentials used to connect to the servers to be backed up so maybe if they just un-join to the domain, might the backups continue to operate? Of course, they would not be logging into the server using a domain account but even if they have to start using a local account, might the existing software not continue to work?
Maybe someone could jump in here who has tried to pull a domain-joined Veeam server from the domain - did it work or did you end up having to rebuild the server from scratch after all?
I think what the other IT guy was conveying is that somehow Veeam had built a built in process to *prevent* the encryption of files not just alert to them. I am particularly concerned in the actual backup files being encrypted because the veeam backup servers are joined to the domain, which I am trying to argue should not be done. I think if this had been thought of a few years ago it would have been done right from the start but now that everything is set up and working, they are reluctant to rebuild their setup with servers removed from the domain.
So that brings up another question: would they indeed have to rebuild the servers from scratch if they were pulled from the domain - when poking around inside the setup, I noticed that Veeam stores the credentials used to connect to the servers to be backed up so maybe if they just un-join to the domain, might the backups continue to operate? Of course, they would not be logging into the server using a domain account but even if they have to start using a local account, might the existing software not continue to work?
Maybe someone could jump in here who has tried to pull a domain-joined Veeam server from the domain - did it work or did you end up having to rebuild the server from scratch after all?
-
- Product Manager
- Posts: 6551
- Liked: 765 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: Built-in ransomware mitigation?
Could you ask them to point to that functionality description in our User Guide? I would love to read it : )I think what the other IT guy was conveying is that somehow Veeam had built a built in process to *prevent* the encryption of files not just alert to them.
Another argument against having Veeam on domain is that kind of situations when your AD VM goes down, and you're not able to log-in into your Veeam console anymore in order to perform AD restore. Even if you AD is a physical machine it is still certainly an undesired situation in case some VM decides to go south.
I just pulled my lab-based VBR installation out of domain and it works just fine after reboot with the only difference that I had to use local admin to log-in and start VBR console. Provided that Veeam services still use local system account (i.e. nobody has changed them to domain admin account), it should be fine.Maybe someone could jump in here who has tried to pull a domain-joined Veeam server from the domain - did it work or did you end up having to rebuild the server from scratch after all?
Thanks!
-
- Influencer
- Posts: 15
- Liked: 1 time
- Joined: Dec 04, 2014 4:59 pm
- Full Name: Albert Gostick
Re: Built-in ransomware mitigation?
Thanks a lot...all helpful.
Who is online
Users browsing this forum: No registered users and 34 guests