Veeam CDP and ransomware detection

[Luca82]

Hi everyone, I am looking for information concerning CDP and encryption detection, specifically in comparison with other software such as Zerto and Rubrik. As far as I am aware, during CDP replication, Veeam does not detect any encryption activity and does not use an entropy algorithm to scan data during the replication process. Is that correct? What Veeam actually does is leverage Veeam One alarms to identify infrastructure anomalies.

"Veeam One offers the possibility to monitor possible ransomware activity through a set of predefined alarms such as “immutability state”, “possible ransomware activity”, “ Immutability change tracking”. [https://bp.veeam.com/security/]

To clarify, Veeam One operates "behind the scenes" independently of CDP processes and does not include an encryption detection algorithm to scan replicated data. Additionally, while Veeam One can trigger or warn of anomalies, it cannot highlight a “clean state” for recovery. A “clean state” can only be identified after testing or with the assistance of third-party antivirus software that can independently scan CDP-replicated data after it has landed in the repository/datastore. This means that Veeam’s analysis is post-process and not inline. Is everything correct?

One last point about CDP: Is it possible to test the VM in an isolated environment (similar to SureBackup) without stopping or pausing the replication process?

Thank you very much, everyone.

[veremin]

I will need a bit of time to internally confirm the questions regarding CDP and ransomware detection logic. I will provide an update once I have more information.

Regarding recoverability testing, we have added support for SureReplica to CDP replicas in version 12.1. This means you can test your replicas without impacting the overall CDP processing.

Thanks!