Hi everyone, I am looking for information concerning CDP and encryption detection, specifically in comparison with other software such as Zerto and Rubrik. As far as I am aware, during CDP replication, Veeam does not detect any encryption activity and does not use an entropy algorithm to scan data during the replication process. Is that correct? What Veeam actually does is leverage Veeam One alarms to identify infrastructure anomalies.
"Veeam One offers the possibility to monitor possible ransomware activity through a set of predefined alarms such as “immutability state”, “possible ransomware activity”, “ Immutability change tracking”. [https://bp.veeam.com/security/]
To clarify, Veeam One operates "behind the scenes" independently of CDP processes and does not include an encryption detection algorithm to scan replicated data. Additionally, while Veeam One can trigger or warn of anomalies, it cannot highlight a “clean state” for recovery. A “clean state” can only be identified after testing or with the assistance of third-party antivirus software that can independently scan CDP-replicated data after it has landed in the repository/datastore. This means that Veeam’s analysis is post-process and not inline. Is everything correct?
One last point about CDP: Is it possible to test the VM in an isolated environment (similar to SureBackup) without stopping or pausing the replication process?
Thank you very much, everyone.
-
Luca82
- Expert
- Posts: 173
- Liked: 4 times
- Joined: May 06, 2009 3:48 pm
- Full Name: lo
- Contact:
-
veremin
- Product Manager
- Posts: 20668
- Liked: 2377 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Veeam CDP and ransomware detection
I will need a bit of time to internally confirm the questions regarding CDP and ransomware detection logic. I will provide an update once I have more information.
Regarding recoverability testing, we have added support for SureReplica to CDP replicas in version 12.1. This means you can test your replicas without impacting the overall CDP processing.
Thanks!
Regarding recoverability testing, we have added support for SureReplica to CDP replicas in version 12.1. This means you can test your replicas without impacting the overall CDP processing.
Thanks!
-
claudiofolu
- Enthusiast
- Posts: 79
- Liked: 4 times
- Joined: Jan 12, 2012 3:45 am
- Full Name: claudiofolu
- Contact:
Re: Veeam CDP and ransomware detection
Any updates on this?
-
veremin
- Product Manager
- Posts: 20668
- Liked: 2377 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Veeam CDP and ransomware detection
Sorry, I responded to a similar topic around the same time and thought the matter was settled.
Currently, replicas (both snapshot and CDP) do not have their own malware detection mechanism; it is inherited from the backup jobs.
This means it appears only when the source virtual machine is also added to a backup job that has malware detection enabled. In such a case, when creating a replica restore point, we will check the malware status of this machine in the backup job, and if the status is infected, we will similarly mark the point as infected.
Hope this helps.
Currently, replicas (both snapshot and CDP) do not have their own malware detection mechanism; it is inherited from the backup jobs.
This means it appears only when the source virtual machine is also added to a backup job that has malware detection enabled. In such a case, when creating a replica restore point, we will check the malware status of this machine in the backup job, and if the status is infected, we will similarly mark the point as infected.
Hope this helps.
Who is online
Users browsing this forum: Semrush [Bot] and 124 guests