Hi there,
With the rise of Long Term Planned Organizational Ransom Attacks the trend towards attackers changing Encryption Keys months before a ransom attack and thereby nullifying the protection that Offline Backups historically provided is troubling.
It would be great to have some kind of Veeam in-app notification whenever an Encryption Key changes.
Checking your keys by test restoring isn't a suitable test because the key is pulled form the database upon restore in-app and you could be testing against the diddled key.
Testing your encryption key by checking the last updated date in-app isn't a suitable test as one must assume an attacker could have database level access and could modify the last updated date and/or generate a random key without updating the last updated date.
Any such in-app alert should at the very least take the above into account in order to be trustworthy.
We have built an in-house app that hashes these tables and reports on any changes by comparing them against an off-site list of known hashes for that sites encryption keys.
It would be great if something in-app could accomplish the same.
M.
-
mosada@alt8.ca
- Lurker
- Posts: 2
- Liked: never
- Joined: Jan 31, 2020 4:00 pm
- Full Name: Micheal Osada
- Contact:
-
veremin
- Product Manager
- Posts: 20415
- Liked: 2302 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Security Feature Request - Notification on change of Encryption Key
Do you have Veeam ONE deployed by any chance? If so, you should get what you're after by using Backup Infrastructure Audit and Backup Objects Change Tracking reports. Thanks!
-
mosada@alt8.ca
- Lurker
- Posts: 2
- Liked: never
- Joined: Jan 31, 2020 4:00 pm
- Full Name: Micheal Osada
- Contact:
Re: Security Feature Request - Notification on change of Encryption Key
Hi Vlad,
Thanks.
We haven't traditionally used VeeamOne to avoid of bringing together multiple sites into one management console and thereby increasing exposure of a multi-site attack unnecessarily.
This might make for a compelling reason to implement it.
-- Would the console in VeeamOne catch changes to the key manually performed on the database that did not toggle the time stamp?
-- Does it send out a notification on change ?
Just asking your thoughts before we go down the road to investigate these things ourselves.
Thanks.
We haven't traditionally used VeeamOne to avoid of bringing together multiple sites into one management console and thereby increasing exposure of a multi-site attack unnecessarily.
This might make for a compelling reason to implement it.
-- Would the console in VeeamOne catch changes to the key manually performed on the database that did not toggle the time stamp?
-- Does it send out a notification on change ?
Just asking your thoughts before we go down the road to investigate these things ourselves.
-
Shestakov
- Veteran
- Posts: 7328
- Liked: 781 times
- Joined: May 21, 2014 11:03 am
- Full Name: Nikita Shestakov
- Location: Prague
- Contact:
Re: Security Feature Request - Notification on change of Encryption Key
Hi Micheal,
There is no such an option yet, but I'll add the request to the roadmap.
Thank you!
There is no such an option yet, but I'll add the request to the roadmap.
Thank you!
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 35 guests