Veeam se enorgullece de publicar los resultados de otro proyecto de investigación independiente, el Informe de tendencias de ransomware 2023. Algo que es casi tan malo como sufrir un ciberataque es hablar de ello con otros, y por ello Veeam encargó a una empresa de investigación independiente que realizará encuestas y entrevistas a ciegas a 1200 organizaciones que sufrieron uno o más ataques en 2022. Uno de los aspectos principales del proyecto fue encuestar a representantes de los cuatro roles principales involucrados en la ciberprevención o corrección de los ataques, que incluyen a:
CISO u otro responsable ejecutivo de TI
Profesionales de la seguridad
Personal de operaciones de TI
Administradores de backup
Según el Informe de tendencias de protección de datos 2023, el 85 % de las organizaciones sufrieron al menos un ciberataque en 2022; lo que lamentablemente supone un aumento desde el 76 % del año 2021. Por ello, y para garantizar que Veeam siga desarrollando soluciones líderes del sector que permitan alcanzar la ciberresiliencia, Veeam contrató a una empresa para realizar el estudio con organizaciones de todos los tamaños en 14 países alrededor del globo.
El Informe de tendencias de ransomware 2023 proporciona información sobre:
Alineamiento organizativo entre los equipos de informática y backup — y su dirección ejecutiva.
El contenido de la mayoría de hojas de ruta en la gestión de riesgos y los libros de tácticas de respuesta a incidentes.
¿Cómo se pagaron los rescates y qué está cambiando en los ciberseguros?
¿Cuántas organizaciones, incluso si disponían de políticas para no realizar el pago, fueron capaces de recuperar sus datos?
¿Qué alcance tuvieron los ataques? ¿Cuántos datos fueron capaces de recuperar las organizaciones?
¿Pudieron los ciberdelincuentes con sus ataques afectar a los repositorios de backup?
¿Cómo evitaron las organizaciones la reinfección de sus entornos durante la recuperación?
El primer vistazo a los datos del Informe de tendencias de ransomware 2023 se presentó en VeeamON 2023, el evento de la comunidad para los expertos en recuperación de datos, en mayo de 2023. Durante las próximas semanas analizaremos las cuestiones que se enumeran a continuación, descubriremos los resultados del estudio y debatiremos cómo estos resultados afectan a las estrategias de ciberresiliencia para 2023 y el futuro.
Asegúrese de participar a nuestra sesión LinkedIn Live del 29 de mayo, en la que daremos inicio a esta serie. Siga atento a la serie del blog, ya que se publicarán otros artículos y se retransmitirán en directo las correspondientes sesiones:
La gravedad de estos ataques (su frecuencia, alcance y recuperabilidad).
¿Cómo pagaron las organizaciones el rescate? ¿En qué casos se aplica el ciberseguro?
¿Con qué frecuencia los ciberdelincuentes llegaron a dañar los repositorios de backup para forzar el pago del rescate?
¿Qué estrategias de recuperación tienen en marcha las organizaciones de cara al futuro y desde dónde prevén recuperar en caso de producirse otro ciberataque o catástrofe?
¿Cómo se aseguran de que no se reinfectará su entorno durante la recuperación?
Si tiene cualquier pregunta sobre este, o cualquiera de los muchos estudios de Veeam, no dude en contactar con nosotros en StrategicResearch@veeam.com.
Acerca del informe de tendencias de ransomware 2023: El Informe de tendencias de ransomware 2023 es el informe de investigación más importante y reciente realizado sobre la experiencia de víctimas de ciberataques de la historia del backup y la disponibilidad, con 1200 participantes de 14 países encuestados por una empresa de investigación independiente que condensa casi 3000 ciberataques. Descargue el Informe completo de tendencias de ransomware 2023 para acceder a todas las lecciones aprendidas de otros CISOs, profesionales de la seguridad, responsables de operaciones de TI y administradores de backup. ¿Desea saber más sobre las soluciones de ciberresiliencia de Veeam? Visite la página Soluciones Ransomware de Veeam.
It is amazing to see validation, innovation and adoption of all of the hard work that the Veeam product teams have put in over the years. It seems like just yesterday we launched the Veeam Backup for Microsoft 365 product! In November of 2016, Veeam went into a new space protecting this critical data service.
Over the years we’ve added to the product both in services protected (Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams) as well as hit incredible scale. There are many large organizations around the world backing up tens of thousands of users, and Veeam Cloud and Service Provider partners backing up hundreds of thousands of users as well. Aside from the reach of this product, it’s also amazing to realize that there are now 50+ different recovery options with Veeam Backup for Microsoft 365 v7!
It’s also important to remember Veeam’s business model of having partnerships is central to so much of what we do. You can see this across the business with our thousands of ProPartner resellers around the world, Veeam Cloud Service Providers offering backup for Microsoft 365 powered by Veeam, alliance programs with technology leaders in the space and more. I’ve said for a long time that Partnership is in Veeam’s DNA and this week at Microsoft Inspire, we’re embarking on a significant next step with Microsoft 365 Backup. We are happy to share that Veeam will be building on the Microsoft collaboration and leverage the new Microsoft 365 backup APIs with Veeam Backup for Microsoft 365.
What is Microsoft Syntex?
Microsoft Syntex is a powerful cloud content management solution that brings AI, automation, and management to everyday business workflows. There are several impressive aspects to Syntex, such as models for content (custom and pre-built), content assembly, content query, content processing and more. Syntex helps customers make sense of the influx of content coming into an organization. As you can imagine, this growth of content coming into Microsoft 365 requires secure and scalable management.
Microsoft made a number of announcements at Microsoft Inspire this year, and one of them is Microsoft 365 Backup – a Syntex offering for backups of Microsoft 365 with new APIs as part of news at the event. Veeam is excited to be building on our long-standing Microsoft collaboration with the new APIs that Veeam will have access to for Microsoft 365 data.
Do I Need to Back up Microsoft 365?
Yes. The fact is, we at Veeam have been advocating for several years that yes, you do need to back up Microsoft 365 data. The announcements from Microsoft Inspire are a solid validation of that. In fact, we still advocate that there are 7 reasons you need to protect Microsoft 365 data. We have built a significant part of our product strategy for Microsoft 365 around the Shared Responsibility model, which we have visualized here:
The reality is the services in Microsoft 365 that Veeam protect are critical; and they indeed need protection. I would also challenge that ease of recovery, speed of recovery and Veeam’s ability to compare with production make recovery of Microsoft 365 data an easy and confident task.
Do I Need to Be Concerned About Ransomware?
Yes. Ransomware is a moving threat and the threat actors are after big-game targets. If you want the latest information on ransomware, be sure to see the Veeam Ransomware Trends 2023 report.
Specifically for Microsoft 365 environments, I would further add that yes ransomware resiliency is something that organizations should prioritize. One validation here is a Microsoft resource walking through some of the checks one should go through with a ransomware incident in Microsoft 365. Verifying backups is the first step Microsoft recommends in the eradication and recovery section.
I have been in the backup business long enough to know this; I’ve seen many bad things happen to good data and many of those stories end with a Veeam recovery. However, we can’t recover what we don’t back up.
What’s Next for Veeam Backup for Microsoft 365?
Veeam Backup for Microsoft 365 has been a very successful product, so much so we believe it backs up more users than any other product in the market. There are over 16 million users protected by Veeam Backup for Microsoft 365. We have a number of strong new features coming in the product that we gave as an exclusive preview to those who attended VeeamON in Miami. We’ll share more about the next release when the time comes, but now is a great time to download a trial of Veeam Backup for Microsoft 365.
Introduction: Deploying Veeam Backup for AWS in an Enterprise Environment
As cloud adoption continues to soar, many enterprises are leveraging AWS to host critical workloads and data. Protecting this valuable information is of utmost importance and deploying a robust backup solution is essential. Veeam Backup for AWS offers a comprehensive solution that’s tailored for AWS environments. In this post, we will explore the key steps and considerations for deploying Veeam Backup for AWS in a complex enterprise environment.
Preparation and information collection: Key to successful deployment
While Veeam Backup for AWS deployment could be easy and straightforward with the ability to deploy from AWS marketplace. In a complex enterprise environment, preparation and collecting information is key for successful deployment. We strongly recommend reviewing our best practices guide and following our user guide for installation and deployment of Veeam Backup for AWS. Our best practices guide is a great place to understand sizing requirements and general information on what to expect from provisioning services from AWS.
Formulating a backup protection strategy: Retention times and archiving
Next, you need to outline your backup protection strategy, define your required retention times and points, and define your archiving strategy and the requirements you need to fulfill to comply with regulations and laws.
Understanding resource requirements: Permissions, services and organizational guidelines
In addition, you need to understand resource requirements around permissions, firewall rules, required services, AWS service policies requirements and restrictions. This includes your organization’s guidelines around private endpoints, tagging, key management system policies and any other rule or guideline that your company sets in your AWS environment that could prevent successful deployment and normal operation of Veeam Backup for AWS.
Common Validation Areas
Outlined below is a list of key areas that customers should review and validate to ensure successful deployment:
Permission to deploy from AWS Marketplace
Veeam Backup for AWS can be deployed in two ways, and both must have marketplace permission and accept Veeam’s EULA in AWS Marketplace. After accepting, you can continue to deploy from AWS Marketplace or deploy an EC2 instance with Veeam Backup for AWS Amazon machine image (AMI).
Setting the correct network configuration to support Veeam Backup for AWS Veeam Backup for AWS appliances need to communicate with different AWS resources and have connectivity to the internet for software updates. Setting up the VPC, subnet, routing and security groups are essential for proper operation.
Deploy Veeam Backup for AWS to your desired subnet
Set subnet routing
Deploy NAT gateway and/or internet gateway to properly access the internet
When establishing internet access for receiving crucial security and application updates, it is necessary that you deploy a NAT gateway and/or internet gateway within your infrastructure.
Create a security group that includes all required ports to operate.
Ensuring proper communication between components in the Veeam Backup for AWS appliance and AWS services means specific ports need to be open.
Private endpoints allow you to access AWS services privately, which ensures that data transfer will occur exclusively within your VPC and industries with strict data privacy and compliance requirements like healthcare or finance. AWS private endpoints provide a means to access AWS services while keeping data within a private network boundary. This helps organizations adhere to regulatory standards and maintain data confidentiality.
Assure access to all the required AWS services so Veeam Backup for AWS can function properly.
Proper IAM permissions
Veeam Backup for AWS appliance needs to be able to assume roles. It can create required roles and policies by itself by using a user key and a user secret that has the authority to assume those roles. Veeam Backup for AWS will not use the key for any other purpose beyond configuring required roles and policies. More information on required roles and policies can be found HERE.
It is imperative that you undertake a thorough verification process to ensure that the service control policies (SCPs) applied to your AWS account do not conflict with the IAM permissions required to deploy Veeam Backup for AWS. As service control policies override IAM permissions, a deny in SCP can prevent Veeam Backup for AWS from working properly.
***Note that we require users to have cross-account roles and roles in each account you want to back up services***
Additional Considerations: SSL Certificate and Worker Tagging Requirements
SSL certificate requirements
If your organization is enforcing certification requirements like the prohibition of self-signed certificates, you need to install your organization’s root certificate in Veeam Backup for AWS’s appliance.
Worker tagging requirements
Should your corporate policies require you to assign worker tags, you can find information on how to add tags HERE.
Deploying Veeam Backup for AWS requires careful preparation and information collection. It is important to review Veeam’s best practices guide and user guide to understand sizing requirements and how to provision services from AWS. Additionally, outlining your backup protection strategy, defining retention times, retention points and archiving strategy is crucial.
By following these steps and considerations, enterprises can deploy Veeam Backup for AWS successfully in complex environments, ultimately ensuring the protection and availability of critical workloads and data hosted on AWS.
Deployment checklist: Your guide to successful Veeam Backup for AWS deployment
Please note that this checklist is not to replace the user guide where comprehensive information on how to deploy Veeam Backup for AWS can be found.
Getting Started With Veeam Backup for AWS: Helpful Links and Community Support
Start with Veeam Backup for AWS’s landing page, where you can start deploying your first Veeam Backup for AWS appliance and protect up to 10 instances for free!
If you would like additional help,, check out our forums or community, and interact with other Veeam community members and customers. Our engineering team is regularly answering questions in our forums, so this is a great channel directly into our R&D!
To keep businesses running, a secure backup is a priority for the best data protection strategy. Data Security, one of Veeam’s core pillars for data protection, focuses on data accessibility and backup immutability. Immutability remains a hot topic, especially around ransomware, with many vendors and organizations adopting immutable technologies for cyber resiliency. So, what exactly are immutable backups and why should you use them in your data protection strategy?
What Are Immutable Backups?
Before implementing an immutable backup solution, you need to understand what an immutable backup is. Immutable means that something is unable to be changed or deleted. Usually, immutable backups can only be deleted once a set time period has expired. Immutable backup data is safe from potential changes or deletions, meaning that its original integrity stays intact. With the rise of Ransomware, having an immutable backup has become critical for recovery. This is because threat actors now routinely attack backups. With an immutable backup that data is protected from these types of attacks.
Why Are Immutable Backups Important?
Not only do immutable backups help you recover after a ransomware event, but they serve other purposes when it comes to designing and implementing a resilient data protection strategy. An example of this is recovering after accidental deletion. A few years ago, a government agency was in the news after deleting a large number of files that affected multiple people outside their organization. After investigation, it was determined that this agency had no backups to recover because these files had either expired or were deleted as part of a data cleanup exercise. Unfortunately, this was a highly public data loss event that drew national negative publicity, resulting in a few individuals losing their jobs. This organization is not alone, since many other companies have suffered from the same type of data loss event, whether accidental or malicious. These events just haven’t been publicized. Immutability strategies drive stakeholders to have direct conversations that outline what their business service level agreements (s) need to be in order to recover critical data successfully. So why not use immutability for everything and have it turned on forever to avoid accidental data deletion? Since immutability generally needs to have an agreed-upon availability window, there can be other risks involved. Having immutable backups that are too long can endanger unnecessary storage consumption and drive-up cost for storing that data. This can also increase the chance of data sprawl, which can create challenges when managing overhead for your storage administrators/team. On the contrary, too-short retention periods can potentially risk the failure of an organization’s ability to recover critical data. This can have legal consequences and impact reputation, all of which cause employees to lose their jobs.
Immutable Backup vs Traditional (i.e., Mutable) Backups
Our organization currently uses traditional (i.e., mutable) backups. Are we at risk? According to the most recent Veeam Data Protection Trends Report, 85% of 4,200 surveyed organizations admitted to having suffered from at least one known cyberattack in 2022. Relying on traditional backup is no longer enough when it comes to cyber threats and having a layered defense with immutability will help to increase your chances of recovery.
So how can you leverage your current investment and still implement immutable backups? Fortunately, Veeam gives you many ways to adopt immutable strategies and technologies so organizations can have peace of mind knowing that their backups are secure.
With Veeam, it’s possible to use immutable and traditional backups in conjunction with each other. While immutable backups may become the default for how most customers look to store their data, traditional backups can still be used to either extend a policy outside of the “recoverability zone” or for lower data classes like dev/test environments, where backups are nice to have, but aren’t critical for business operations.
So how do you decide what immutable strategy is best for you? The breakdown is quite simple and can be met while following a 3-2-1-1-0 backup strategy.
There should be 3 copies of the data
On 2 different media
With 1 copy being off site
With 1 copy being offline, air-gapped or immutable
And 0 errors with SureBackup recovery verification
Both immutable and traditional (i.e., mutable) backups are used together in an overall data protection strategy. Here, you can have backups on-premises by using traditional backups while a copy is stored on either offsite immutable storage or in the cloud. Veeam makes it easy to get started with adopting an immutable backup strategy since you can send backups directly to object storage. This provides a copy of your data that’s immutable and resilient against ransomware.
Benefits of Immutable Backups
There are many benefits of immutable backups beyond ransomware resiliency:
Immutable backups are safe to use and recommended to be used with encryption by the US Cybersecurity and Infrastructure Security Agency (CISA) to help mitigate ransomware.
Implementing Immutable Backups
Implementing immutability can vary based on the technology that you want to leverage. This can range from on-premises solutions, cloud options and multi-layered immutability with encryption that depends on your technology vendor. This is where Veeam can help, since we have over 30 different immutable storage partners that can provide flexibility to our customers. This breakdown is as simple as following the 3-2-1-1-0 rule and highlighting the areas where you can add a layer of immutability and encryption to have an ultra-resilient data copy.
The first original data set is your production infrastructure. Here, primary storage providers can create immutable (i.e., read-only) volume snapshots of your workloads. This makes it easy to quickly recover from a recent data loss event. Veeam also supports taking backups and recovering from storage snapshots to ensure the highest RPOs and RTOs. Next, we have the Veeam infrastructure with proper access controls like multi-factor authentication. This is separated from backup storage, making backups portable so if your original data is compromised, your backup target will not be affected and you can have a copy to recover from. Finally, you have an autonomous backup data zone where you can find storage options that can take advantage of immutability. Let’s break this down further:
Technology and Infrastructure
Immutable on-premises storage solutions
Veeam Hardened Repository: A disk-based storage server. Server vendors can range from HPE, Cisco, Dell or Lenovo (Veeam Ready Vendors) and take advantage of Veeam’s deduplication, compression and XFS Block Cloning, including immutability.
On-premises S3 compatibility featuring object lock immutability with Veeam deduplication and compression. This includes vendors like ObjectFirst, Cloudian, Scality, IBM,Minio,Hitachi, SpectraLogic Black Pearl, etc.
Deduplication Appliances that are disk-based, but have their own deduplication and compression built in. Specifically, Veeam and HPE StoreOnce have an integration for controlled data immutability (ISV-DI) which requires dual authorization to be enabled. While others like Exagrid, Quantum, Infinidat, etc. leverage time retention locks or secure snapshot technologies for immutability.
Pure Storage FlashBlade//S is also an on-premises S3 -compatible vendor that leverages object lock immutability and SafeMode Retention Lock as an added layer to protect against insider threats or the compromise of administrator credentials.
Immutable cloud-based options
Public providers, including Amazon and Microsoft Azure, can provide immutability when you create an S3 bucket or an Azure container. Immutability can be extended long term via archive capabilities to tier data off to Amazon S3 Glacier or Microsoft Azure Archive respectively.
There are also cloud providers like Wasabi that provide offsite storage that leverage S3-compatible object lock.
Ecosystem providers, including IBM and Veeam Cloud & Service Providers (VCSPs) provide immutability on the backend. They can also be used as a DR site that extends capabilities to replicate the most critical workloads to achieve low RTOs.
Backup Strategies and Best Practices
Keep in mind that all the vendors listed above have knowledge base articles that link to best practices and validated architectures. This allows you to easily adopt an immutable strategy. Once immutability is set for certain vendors, it can be difficult to change, and is even permanent in some cases. Therefore, it is important to understand your organization’s business SLAs and have agreed-upon retention policies that prevent any mishaps for data storage. Here are the top three questions that you need to consider when choosing the best technology for you:
Duration:How fast would you be able to restore your business? <1 day, <1 week, <1 month or longer? Having multiple recovery strategies is critical to prepare for any type of data loss event. A traditional snapshot-based backup leaves too many holes unplugged. Adding at least one immutable backup copy increases your chances of successful data recovery.
How: Are manual or automated recovery processes in place, and in what order? An outage is not the time to figure out what workloads need to be recovered first and how long they could take. Having tested and updated documentation for business continuity/disaster recovery (BC/DR) is critical, and Veeam can help provide this with Veeam Data Platform — Premium Edition.
Where:Which location have you designated for recovery? Is it the cloud, a service provider or second datacenter? Offsite replication and geographical redundancy should be considered when creating a BC/DR plan. If there is no second site available, could you leverage a VCSP or a public cloud provider to get data off site and immutable? This has saved numerous organizations who needed to recover but didn’t have access to on-premises infrastructure. Restoring to the cloud was a last resort, but saved the day when it came to keeping the business running.
Below are customer success stories who are protecting their data against ransomware with immutable backups.
Veeam continues to deliver when it comes to data security, data recovery and data flexibility. This provides options for all organizations, regardless of size, to be able to secure and defend their data from cyber threats and outages. You can get started by downloading a free trial today and joining the Veeam community for any FAQ!
In today’s data-driven world, where information is your most valuable asset, protecting sensitive data has become essential for organizational security. The National Institute of Standards and Technology (NIST) provides a comprehensive cybersecurity framework (CSF) that assists businesses in safeguarding their data. By understanding and implementing this framework, organizations can enhance their cybersecurity posture and mitigate potential risks.
Overview and Benefit of the Nist Cybersecurity Framework
The NIST Framework for Data Protection provides guidelines, standards and best practices for securing data. It was developed by the National Institute of Standards and Technology, to help organizations establish robust cybersecurity programs and is based on five core functions: Identify, Protect, Detect, Respond and Recover.
Identify: this function focuses on understanding and managing data-related risks. It involves asset management, risk assessment and the development of a comprehensive understanding of the organization’s data landscape.
The framework enables organizations to take a systematic approach to identify and manage data-related risks. By implementing the Identify function, businesses gain a holistic understanding of their data assets and associated risks, allowing them to make informed decisions and allocate resources effectively.
Protect: this function aims to implement safeguards to ensure data confidentiality, integrity and availability. It covers activities such as access control, data encryption and security awareness training for employees.
Detect: the detect function involves continuous monitoring and proactive threat detection. It includes activities like security event logging, intrusion detection systems and anomaly detection.
The Protect and Detect functions of the framework help organizations establish proactive security measures. By implementing access controls, encryption and continuous monitoring, organizations can prevent data breaches or detect them at an early stage, minimizing the potential impact.
Respond: this function outlines the steps organizations should take in the event of a cybersecurity incident. It includes incident response planning, communication protocols and coordination with external stakeholders.
The Respond function equips organizations with the necessary tools and procedures to respond effectively to cybersecurity incidents. By developing an incident response plan, organizations can minimize the damage caused by an incident, ensure timely communication and restore operations efficiently.
Recover: the recover function focuses on restoring services and operations after a security breach. It involves backup and recovery strategies, conducting post-incident reviews and improving resilience for future incidents.
The Recover function focuses on ensuring business continuity after a security incident. By implementing backup and recovery strategies, organizations can swiftly recover data and systems, reducing downtime and maintaining operations.
How Veeam Can Help Implement the NIST Framework
Implementing the Cybersecurity Framework requires a structured approach. Veeam can assist companies in applying the NIST Cybersecurity Framework by offering several key features and functionalities. Let’s explore how Veeam can help organizations align their data protection practices:
Data backup and recovery: Veeam provides robust backup and recovery solutions that align with the NIST Framework’s “Protect” and “Recover” functions. By implementing the Veeam Data Platform, organizations can create regular backups of their critical data, ensuring its availability and integrity. In the event of a cybersecurity incident, Veeam enables organizations to quickly recover data and restore normal operations, minimizing downtime and disruption.
Data encryption: encryption is a crucial aspect of data protection, and Veeam offers strong encryption capabilities to safeguard sensitive information. By encrypting data at rest and in transit, organizations can meet the requirement for protecting data confidentiality.
Access control and authentication: Veeam helps companies implement access control measures, another key aspect of the “Protect” function. With Veeam, organizations can enforce granular access controls, ensuring that only authorized personnel can access and modify data. Additionally, Veeam supports various authentication mechanisms, including multi-factor authentication, enhancing the security of data access.
Continuous data monitoring: the NIST Framework emphasizes the importance of continuous monitoring for early detection of potential threats. Veeam offers monitoring and reporting capabilities that enable organizations to monitor their data protection environment effectively. Organizations can proactively identify suspicious activities or anomalies that may indicate a security breach like a ransomware attack, allowing them to respond promptly.
Incident response and reporting: Veeam facilitates incident response planning and execution, aligning with the “Respond” function. Veeam’s solutions enable organizations to create comprehensive incident response plans, establish communication protocols and coordinate actions during security incidents. Veeam also provides reporting capabilities, allowing organizations to document and report cybersecurity incidents.
Integration with security tools: Veeam integrates with various security tools and technologies, enhancing an organization’s overall cybersecurity posture. By integrating Veeam with security information and event management (SIEM) systems, organizations can gain a holistic view of their data protection and security landscape. This integration enables better threat detection, response coordination and compliance reporting, aligning with the NIST Framework’s objectives.
Where Do I Start?
The Cybersecurity Framework is important to security because it provides organizations with a comprehensive framework for managing cybersecurity risks, improving their security posture and aligning with industry best practices. The first step in improving your security posture is to understand the risks specific to your organization. Conducting an initial assessment of your organization’s current cybersecurity posture will let you identify strengths, weaknesses and gaps in data protection measures. Once you know your environment, you can prioritize the implementation of NIST functions based on the risk to your critical data assets and create an implementation plan, outlining the activities, resources and timelines.
Veeam plays a vital role in helping companies apply the Cybersecurity Framework by providing comprehensive data protection solutions. By leveraging Veeam’s capabilities, organizations can enhance their data protection practices, mitigate risks and complete their cybersecurity posture. Finally, implementing Veeam’s solutions in conjunction with the Cybersecurity Framework empowers organizations to effectively protect their data assets and respond to cybersecurity incidents, safeguarding their valuable information. In a world where data is your most valuable asset, would you want to do anything less?
In today’s rapidly evolving digital landscape, ensuring robust data security and seamless interoperability is more critical than ever. As thought leaders in this arena, Veeam is excited to highlight a key milestone—securing the DoDIN APL listing for Veeam Backup & Replication v12.
DoDIN APL Certification: The Benchmark of Excellence in Cybersecurity
The Department of Defense Information Network Approved Products List (DoDIN APL) represents a rigorous standard of excellence in cybersecurity. A product must pass stringent tests for functionality, interoperability, and security. In essence, DoDIN APL-certified solutions are trusted to integrate seamlessly within the DoD’s complex network infrastructure, providing resilience against advanced security threats.
Veeam’s achievement in securing this certification for version 12 highlights its commitment to prioritizing data protection. This accomplishment not only positions Veeam as a leader in the cybersecurity space but also sets an example of dedication to ensuring robust data security for its users.
Implementing the DoDIN APL Certification Hardening Guides With Veeam Backup & Replication v12
In the realm of cybersecurity, the importance of hardening guides is paramount. These vital documents provide detailed instructions for optimizing product security within specific environments. The Veeam DoDIN APL hardening guide was explicitly crafted to address deployments within the highly-regulated and demanding environments of the DoD. Veeam also offers various hardened deployment scenarios for the backup infrastructure, including hardened repositories to ensure maximum protection against unwanted threats.
By closely following these hardening and best practices guides, organizations can ensure that their critical data protection solutions, such as Veeam Backup & Replication v12, are configured optimally, leaving no room for potential vulnerabilities. This adherence becomes critical for maintaining the product’s resilience against evolving threats and fortifying defenses.
The Impact of DoDIN APL Certification on Veeam Backup & Replication v12: Assurance and Trust
With the DoDIN APL certification, Veeam Backup & Replication v12 has established itself as a trusted choice for data protection. This achievement underscores Veeam’s promise to uphold stringent cybersecurity standards while continuing to deliver innovative and robust solutions.
Integrating the DoDIN APL Hardening Guide within Veeam’s deployment strategy exemplifies the company’s proactive approach to security. Veeam is committed to supporting customers in achieving optimal security configurations and ensuring resilient defenses against potential cyber threats.
As cybersecurity challenges and innovations continue to evolve, Veeam’s achievement of the DoDIN APL certification for Veeam Backup & Replication v12 is a notable stride forward.
Veeam’s Commitment to Security Excellence: Beyond the DoDIN APL Certification
In addition to achieving the DoDIN APL certification for Veeam Backup & Replication v12, Veeam demonstrates an unwavering commitment to comprehensive security measures amidst an ever-evolving landscape of constant threats and attacks that require continuous improvements in countermeasures to protect the mission. These measures include the following:
Veeam products undergo Independent Verification & Validation (IV&V), ensuring third-party assessment of their systems to confirm they meet specified requirements regarding function, performance, and security.
Veeam has secured the FIPS 140-2 certification, guaranteeing its encryption standards align with the U.S. government’s strict requirements.
Veeam’s adherence to ISO 27001, an international standard for information security management systems, and SOC 2, a rigorous auditing standard for service organizations, reaffirms our commitment to operational excellence and data security.
Veeam conducts internal testing against Common Vulnerabilities and Exposures (CVEs) as part of its security protocols, ensuring effective threat detection and remediation.
Veeam is under evaluation for Common Criteria.
Demonstrating our ongoing commitment to advanced security, Veeam is also actively pursuing other government certifications, including CMMC v2, continuing to lead by example in cybersecurity.
For more information, see the full DoDIN APL press release here or request a trial of Veeam Data Platform here.
As CIO for the City of New Orleans, I oversee IT for 5,000 employees who serve 400,000 residents and up to 20 million visitors each year. My remit includes police, fire, and emergency medical services — so ensuring that IT services are always available is a big responsibility on my shoulders.
But no organization is immune to disaster. The first significant incident that occurred during my tenure was a cyber-attack. It was unlucky but inevitable when a user with sysadmin rights clicked on a phishing link. The next thing we knew, our environment had been compromised and we watched in horror as our user workstations were accessed remotely and passwords reset. Our worst fears were confirmed when a ransom demand arrived.
We thought we were prepared, as we had seen other organizations in Louisiana fall victim, and we knew it was just a matter of time before it happened to us. The morning of the attack, we were on high alert, and as soon as we saw requests for elevation of credentials, we activated our ransomware protocol. Within two hours the state cyber defense team and the FBI were on the premises.
It was obvious to us that our best option for recovery was to rebuild our IT environment from the ground up, clean our data, and restore our systems; no negotiation with the criminals. I’m sorry to say that we weren’t a Veeam customer at the time. Unfortunately, the attack revealed just how much our legacy backup and restore solution was lacking. We were looking at months on months of work, and we weren’t confident that our existing tools could sanitize our data effectively enough to prevent reinfection. We knew that the PC environment of more than 2,500 desktops was compromised but did not know how many servers — two or 200 — were affected. Because of the existing backup solution’s clunky interfaces and poor performance, we were faced with a difficult and time-consuming recovery process.
With key city services at a halt, and with the City’s tax-collection season and Mardi Gras right round the corner, we had to get up and running ASAP. The City Mayor offered full support for our recovery plan, but the pressure was on, and a months-long rebuild simply wasn’t an option.
NOTICE: Do not turn on any computer or insert device into any computer!
So, as we implemented replacement solutions and recovered our data, we searched for a new backup solution; we never wanted to be in this position again. After assessing the market, we knew it had to be Veeam. The simple user interface, the ability to back up data from disparate systems, the instant engagement from the Veeam rep… there was so much about Veeam that resonated with us immediately. We felt very comfortable that Veeam offered a highly effective solution that would be easy to use and powerful in offering us protection.
We got to work straight away, deploying new storage, cleansing our data, putting it back into production and implementing new backup policies, all supported by Veeam. We ended up getting all our services online again in less than 30 days, which is a huge improvement on the months we initially expected it to take.
Just 18 months later, we got to see how much difference using Veeam for data protection really makes. This time, it was Mother Nature that hit us hard. On August 29, 2021, Hurricane Ida knocked out the power to our data center. We shifted to diesel generators, which caused a fire to break out on the third floor of City Hall. All nola.gov sites went down, including ready.nola.gov — our emergency preparedness campaign. It was heartbreaking to see the damage the hurricane was wreaking on our beloved New Orleans, but we had to regroup and pull through as quickly as we could.
And this time we were able to recover much faster thanks to Veeam. We’d used it to automate key parts of the recovery process, allowing us to make better use of scarce resources and restore systems in just 48 hours. It was clear we’d learned a lot from the cyber-attack and Veeam empowered us to react faster and more efficiently. We rapidly stood up our secondary data center and got services back online. It was exciting to see Veeam work its magic and to be able to deliver for the city.
Our lesson learned is that it always pays to have a resilient, tried-and-tested DR strategy. Time spent prioritizing, categorizing, and tiering your data is never time wasted. Having a plan that you can trust is the best investment you can make, built on the most effective solutions in the market — in this case, Veeam.
As a government organization, negotiating with cyber-attackers isn’t an option for us. With Veeam, you don’t even need to consider that route. Our goal is to keep the city safe for every one of our 400,000 residents and the millions of people that visit us each year — and Veeam is helping us rise to that challenge.
After the trials of the cyber-attack, Hurricane Ida and the fire, I can say that the IT team got to have their champion moment. For example, after the fire, we had State Troopers moving equipment to our secondary data center, and we demonstrated to the city that it was worth dedicating those resources by returning to full operations just two days later. It was pretty exciting to prove that, given the right solutions and processes, a rockstar IT team delivers results.
Fingers crossed that’s the last disaster we’ll experience in a long while, but I can say hand on heart that we’re a leaner, more effective organization as a result of what we’ve been through. Veeam gives us a level of security and performance we didn’t have before, and you could say that with Veeam, I sleep better!
According to the Veeam 2023 Data Protection Trends Report, 85% of organizations suffered a ransomware attack last year. Of those organizations, 84% had no other choice but to pay a ransom. This accounts for billions of dollars lost to cybercrime each year. Organizations that can either prevent ransomware attacks or protect their data against attacks can save themselves from significant recovery costs, reduce the risk of having their regular business disturbed and protect their reputation.
It’s vital to implement ransomware protection measures early. Once an attack has taken place, it’s most likely too late to try and salvage data if you don’t have robust protection measures in place. This is because ransomware is becoming increasingly sophisticated and is able to penetrate networks and find attached backups and storage with remarkable speed and accuracy.
Understanding Ransomware
Ransomware comes in many forms, from simple “scareware” that pops up a message asking for a ransom to slightly more sophisticated screen lockers that prevent people from logging into their devices. There’s also the more well-known (and damaging) encrypting ransomware that encrypts files and demands the victim pay a ransom to decrypt their files.
There are other types of ransomware too, like doxware, that threaten to share sensitive data found on a victim’s machine and have lockers that count down to a deadline and threaten to delete the victim’s data when the deadline expires.
Ransomware demands payment in cryptocurrency because of the pseudonymity of these tokens. These kinds of attacks now also mean big business, with professional hacking companies even offering “Ransomware as a Service” and attacking high-profile clients for pay.
Top 6 Best Practices to Protect Against Ransomware
While the saying that prevention is better than a cure still holds true, it’s impossible to prevent all current and future threats since malware prevention is an arms race. Basic best practices, such as choosing strong passwords and using antivirus software and endpoint protection tools, can go a long way toward reducing the risk of ransomware attacks. However, having steps in place to minimize the damage that a ransomware attack is likely to do is also a wise precaution to take.
1. Use Immutability Wherever You Can
Setting up immutable storage targets can offer protection against ransomware attacks. In the past, this was a difficult thing to implement. Modern data protection and backup solutions make it easier to create immutable targets and storage pools to help protect your data against ransomware.
2. Create Encrypted Backups
If you aren’t already encrypting your backups, start doing so now. Backups aren’t designed to be accessed frequently, so any performance overhead from encrypting them is minimal, and the benefits of encrypted backups in terms of security are too significant to ignore. Encryption would make it more difficult for ransomware attackers to access your data, and it would help prevent other unauthorized access and data leaks.
In addition, ensure encryption keys are stored securely and are accessible for the right people when they need them.
3. Verify Your Backups Regularly
Check the integrity of your backups and verify that any automated backups you’re running are taking place as you’d expect them to. Verifying backups doesn’t take long, and it gives you peace of mind that you’ll have the ability to recover your data. Spending a few minutes each week or month to double-check your backups could save you and your IT team a lot of stress if you ever need to implement your data recovery plans. Having regular automated simulations of your recovery plan might be part of that process.
4. Limit Access to Backups
Every user that has access to your backups is a potential attack vector. Stolen credentials are the most common way for data breaches to take place. By limiting who has access to your backups, you reduce the severity of any data breaches that may take place. In an ideal world, everyone would choose secure passwords, not reuse them and follow best practices with multi-factor authentication.
Unfortunately, humans are fallible, and people do take risks or shortcuts. As a systems administrator, it’s your job to do as much as possible to mitigate that risk. Ensuring users have access only to what they need is a practical first step.
5. Proactively Monitor Your Systems
Ransomware is evolving quickly, and antivirus/malware software isn’t guaranteed to pick up on the newest variants. Using tools to watch out for indicators of compromise can help you spot an infection before it gets the chance to do a lot of damage. If you see that a backup job has been changed or that files that aren’t usually touched are being altered, this could be a sign something’s wrong.
Being alerted to indicators of compromise allows you to take data offline or move to a “clean room” environment and start investigating the cause of unusual behavior — hopefully before lasting damage is done.
6. Have a Data Recovery Plan
A data recovery plan should be a part of your broader business continuity strategy. If you still need to get a formal plan in place, start making one. If you do have a plan in place, test it regularly. If you’re following best practices, you’ll be taking regular backups and already be confident that those backups are working. But does this cover all the files you need?
Run some roleplay scenarios to see whether you could recover all the data you need in the event of attacks on specific systems. Consider what you’d do if you had to shut down certain systems while removing malware from your network. Don’t just assume your plans are good enough — test and review them regularly, especially if you change your processes or start working with new software.
The recovery plans should be well-documented and well-known amongst the stakeholder teams that may have to execute them.
Case Studies: Successful Ransomware Protection Strategies
Veeam has worked with many organizations and helped them avoid the impact of ransomware attacks. One recent success story is the City of Sarasota. Veeam Data Platform and Veeam Backup for Microsoft 365 have helped the City of Sarasota avoid paying out a $34 million ransomware bill.
Sarasota is a city that is often hit by hurricanes and floods, and the city’s officials wanted to ensure that their residents had uninterrupted access to city services. The city offers many digital services for their residents, ranging from everything to bill payments to storm preparation. They chose Veeam as their backup provider because it was easy to implement and manage. After using Veeam’s tools for about a year, Sarasota was hit with a ransomware attack that encrypted three of their file servers and demanded a ransom of $34 million in Bitcoin.
Rather than pay the ransom, Sarasota recovered their Veeam backups. This process was easy and quick and allowed them to get all their data back without interrupting their ability to deliver services to their residents. After this successful recovery, they decided to take a more proactive approach to ransomware protection and added more backups to their workflow.
The 3-2-1-1-0 Rule is now a key to their backup process. They take three backups on two different media. One copy is stored off-site, one copy is immutable or airgapped and they accept no backup recovery errors. Thanks to this implementation, they can feel confident that, should they experience another ransomware attack, they’ll be able to turn to their backups and recover all their data safely again.
Protect Your Data From Ransomware With Veeam
Ransomware is a threat to businesses of all sizes. Since the tools used by attackers are so sophisticated, it can be challenging to protect yourself against these attacks. Storing backups on the same network as your existing data isn’t good enough to protect against ransomware because malicious software can explore the network and will aggressively look for files to encrypt.
To fully protect your data, you’ll need to take encrypted backups that are stored separately from the files you use for your daily operations. Redundancy in the form of multiple backups is also wise because the redundant copies will still be available if an attack goes unnoticed or you have an outage or issue with a backup.
Veeam offers a variety of backup and recovery solutions for different platforms, including on-premises, cloud and SaaS backup solutions that are tailored to the tools and platforms that organizations use in their daily operations. Veeam immutable ransomware protection offers secure, robust storage that will protect your data and help you recover quickly from a ransomware attack.
Getting started is easy, and there is a range of pricing tiers to choose from depending on the solutions you choose and your specific data protection needs.
What makes Veeam’s NPS industry leading? Look at how it compares with some of the top brands worldwide:
The comprehensiveness of our NPS approach
Some companies only utilize NPS to measure effectiveness of certain parts of their business, such as customer support, or product satisfaction. What stands out from our score is the comprehensiveness and breadth in who we surveyed and what we asked. Here are a few quick facts on our NPS:
Uncovering insights from the 2023 customer satisfaction study
In our 2023 customer satisfaction study, we surveyed Veeam users across all geographies and market segments (over 4,000 survey respondents!). We asked for their feedback on several areas, including:
Satisfaction level.
Likelihood to recommend Veeam.
Likelihood to renew their relationship with Veeam.
Product features and functionality.
Veeam’s performance indicators in 2023
Key Performance Indicators (KPIs) remained strong in 2023, achieving 9.0+ scores across all categories:
90% of Veeam customers are completely satisfied with Veeam as a software vendor.
91% of Veeam customers would recommend Veeam solutions to their friends and colleagues.
91% of Veeam customers plan to renew their contract when their current contract is complete.
91% of Veeam customers are completely satisfied with the features and functionality offered by the Veeam products they’re using.
91% of Veeam customers agree the solution that was delivered matched what was originally sold to them.
Impact and future directions: NPS and Veeam’s commitment to modern data protection
These scores represent very powerful feedback from Veeam customers all over the world. As we review our scores for 2023 and continue to drive 2024 performance, NPS is just another way we can measure our impact by helping Veeam customers to ensure their data is always protected and always available with Modern Data Protection.
A shared success: Celebrating Veeam’s achievement
It’s exciting to see these statistics and know that everyone associated with Veeam should celebrate this. It takes a team to deliver such excellence, and we have the best team in the industry. It’s truly wonderful to see how much our customers believe in out company and I’m personally honored to be a part of this organization. Congratulations!
Over the last several years, Microsoft has worked on APIs and authentication methods to help organizations mitigate security concerns around compromised credentials. These advances include Azure Vault, MFA, Ephemeral accounts, enterprise applications and more. In many security best practices, the goal is to migrate away from using username and password authentication for automated process and application access using APIs. This also becomes a constraint when rolling out MFA in an organization because the user must be present for the application authentication. A bridge in this scenario was the addition of app passcodes that could be used with user accounts to authenticate, but this still came with potential security concerns. Enterprise applications have now become the better method for this problem, allowing a dedicated application in Azure to be scoped in with the proper API permissions. Read on to learn about the benefits of enterprise applications, the benefits of using app-only authentication methods and what changes will need to be made when Microsoft deprecates access to basic authentication (username and password) access method later this year.
Microsoft 365 and MFA
Microsoft 365 incorporates Multi-Factor Authentication (MFA), a vital security feature. MFA adds an extra layer of protection to user accounts, requiring additional verification steps. This could involve fingerprint scans, mobile device codes or biometric authentication. MFA is crucial in today’s evolving digital landscape, safeguarding accounts from credential weaknesses or theft. Unfortunately, this security feature does not work well regarding application management since the user needs to be present for the authentication process. As a stopgap to this problem, users could use app passcodes, which would give access to resources without user interaction — but inherently opens the account to be compromised if the code was exposed. This is not ideal, leading to the modern authentication method with enterprise applications.
Deprecation of Microsoft 365 Basic Authentication
Over the last several years, Microsoft has been building out the Graph API. The Graph API is an abstraction layer protocol that was developed with the sole purpose of stitching together connecting points for their SaaS application. This API is important because, without a central connector, there was an API sprawl between application access methods and release cycles. This may not seem like much to a user, but to developers, this consistency makes all the difference.
In developing the Graph API, Microsoft has worked to connect to all Microsoft 365 products and build out a modern authentication aspect. This modern authentication allows for authentication and access to Microsoft applications through more secure methods like enterprise applications and certificates. With the more secure options available, Microsoft has started to depreciate the legacy authentication methods that use usernames and passwords. This means you will need to configure an enterprise application for products you still wish to manage Microsoft 365 data.
How To Add New API Permissions
This section will cover manually creating enterprise applications and adding an API scope. Keep in mind that some products, like Veeam, will allow for convenient ways to deploy and configure this application directly from the console.
Delegated vs. Application Permissions
A number one question about enterprise applications, outside the required scope, regards the difference between delegated and application permissions. The primary difference between these methods is how the permissions are leveraged. Delegated access is used when authentication access is performed with a user present; application permission is used in scenarios where the application can act without user intervention. The permissions for modern app-only authentication in Veeam Backup for Microsoft 365 can be found in the user guide.
Create and Modify an Enterprise Application
Enterprise applications are created and modified using the Entra admin center, which you can find through the admin portal on the left-hand side or directly accessed from https://entra.microsoft.com/. Once in the Entra admin center, navigating on the left-hand side to Azure Active Directory, then App registrations.
Step 1: navigate Entra Admin Portal To create a new application, select “+ New Application.” If you desire to update an application, then select the application from the list and skip to Step 3.
Step 2: create new application
On the “Register an application” page, give the app a name that can be identified later and use the supported account types to be “Accounts in this organizational directory only (company org),” then click “Register” at the bottom.
The new app should take less than a minute to register.
Step 3: add permissions to application
Add permissions to the app by navigating to API permissions and selecting “+ Add a Permission.”
From the blade on the right-hand side, select the permission type needed.
Either by scrolling or using the search box, select all permissions needed for this API, then click “Add permissions.”
Once all permissions have been added, consent will need to be granted by an admin using the “Grant admin consent for [company]” button. If the account is an admin with permissions to grant consent, then use the button and select “Yes” to activate the API permissions. Even after consent is granted, this can take some time to update in the cloud and be used.
Quick troubleshooting step: If the app still cannot be used in software after 20 minutes, double check permissions against the user guide or create a ticket with support if the problem persists.
Use Veeam To Manage Enterprise Applications
Unless it is necessary to deploy the application manually, the preferred convenience method is to deploy and update enterprise applications directly through Veeam Backup for Microsoft 365. This process can be done when first adding the organization or updating with the same organization wizard.
Option 1: new organization
If you are adding a new organization and want the application to be deployed for you with the right permissions, select “Register a new Azure AD application automatically” on the Microsoft 365 connection settings page.
Option 2: if this is an existing organization, then you can right click on the organization and select edit organization to get back to the organization wizard. In the wizard, select “Use an existing Azure AD application” and use the check box for “Grant this application required permissions and register its certificate in Azure AD.” When finishing with the wizard, the updated permissions will automatically be assigned.
When deploying a new application or updating an existing application, the process will take you to a Microsoft authentication page where you will use a single-use application code. Veeam uses native Microsoft 365 authentication, which will leverage existing security enhancements implemented by your organization, like MFA.
Conclusion
In conclusion, Microsoft has made significant progress in addressing security concerns by developing various APIs and authentication methods to reduce reliance on user credentials for application authentication. Despite serving as a bridge for basic authentication, app passcodes still pose potential security risks. Embracing enterprise applications enables organizations to enhance security and mitigate risks associated with compromised credentials and more granular permission assignments.
Ransomware is malicious software that encrypts files, preventing users from accessing or using computer systems. Usually accompanied by a ransom demand, a ransomware attack cripples infected computers, servers and files. Attacks are common — the Veeam 2023 Global Report on Ransomware Trends revealed that in the preceding 12 months, 85% of organizations experienced at least one cyberattack. While 80% paid the ransom, only 75% regained access to their data and, on average, only recovered 66% of their data. Hackers specifically targeted backup repositories 75% of the time.
On the other hand, 16% of organizations attacked recovered their data without paying a ransom. These organizations had clean, immutable and reliable backups and an integrated ransomware response strategy that worked as intended. The takeaway is that it is possible to recover from a ransomware attack if you have a robust plan to handle ransomware attacks.
Key Components of a Ransomware Response Plan
Since attacks are so common, knowing how to recover quickly from a ransomware attack is essential. Critical aspects of your ransomware recovery plan should include hardening systems, rigorous prevention measures, ransomware detection and response, recovery and restoration measures, and plans to inform relevant authorities and affected parties. Always conduct a post-incident analysis to help prevent future attacks.
Step 1: Preventative Measures
You can take several measures to prevent and mitigate ransomware attacks. These include employee education, risk assessments, hardening hardware and software solutions, network segmentation, and having secure data backups:
Educate employees: Your employees are your first line of defense against malware attacks, so you should train them to recognize attacks and educate them about ransomware threats and how to detect signs of compromised systems.
Perform risk assessments: Use expert teams to perform risk assessments to identify weak points in your malware and ransomware defenses.
Harden port and endpoint settings: Disable unused Remote Desktop Ports (RDPs) and limit RDP and other remote access protocol ports to trusted hosts. Similarly, harden endpoints with secure configuration settings.
Segment networks and enforce access controls: Segment networks using VPNs and physical tools. Keep customer-facing parts of the network separate from inward-facing portions. Adopt the principle of zero trust when granting access.
Implement all software updates and patches: Limit the risk of intrusion by meticulously implementing updates and security patches.
Adopt secure backup and data redundancy policies: Carefully plan your backup strategy, as this represents your last line of defense. Back up frequently, ensuring you have immutable copies that cannot be changed. Keep at least one set of backups entirely offline. Check backup integrity regularly.
Step 2: Detection and Response
It’s crucial to react promptly to any ransomware incident. With the proper monitoring tools, it’s often possible to disrupt an attack while it is in progress. You should have 24/7 coverage and online ransomware detection tools to do this. In this way, you mitigate the damage and can clean your systems faster, as follows:
Determine impacted systems: Establish which systems are affected and immediately isolate them from the rest of the network. If the attack has impacted several systems, and it is not possible to initially verify its extent, take the network offline. If you cannot easily take systems offline, limit the scope of the infection by unplugging ethernet cables and disabling Wi-Fi.
Power down equipment: If it is not possible to disconnect devices from the network, power down the affected equipment. Note that this step may remove evidence held in volatile memory.
Triage affected systems: Identify systems that are critical to the organization and list them in order of importance in terms of the organization’s priorities.
Examine logs: Review system logs to identify precursors such as dropper malware, earlier attacks and compromised networks.
Determine what happened: Establish the sequence of events leading to the attack and how the actor was able to penetrate your network.
Find the threat: Identify the ransomware, its variant and any other malware on the system.
Step 3: Communication and Reporting
Report the incident and transparently communicate what has happened with the affected parties. Prompt communications will help mitigate longer-term consequences such as loss of credibility and punitive damages. Actions to take include:
Communicate internally: Inform all affected employees and functions immediately and notify them of steps taken to contain the incident. Issue regular updates.
Notify relevant authorities: Report the incident to local or national law enforcement officials as required by local ordinances. Ensure you meet all legal obligations regarding specific privacy and data protection regulations.
Communicate externally: Notify customers and business partners of the incident and release appropriate information regarding the extent of the damage. Note that it’s common for criminals to threaten to release confidential information to coerce victims into paying the ransom.
Be transparent: While it is natural for companies to want to hide damaging information, news of cyberattacks inevitably gets out. Transparency minimizes harm to reputation, helps investigators and provides affected parties with an opportunity to take steps to protect sensitive data.
Step 4: Containment Strategies
Before taking steps to eradicate ransomware from your system, capture system images and volatile memory contents of all infected devices. This information is helpful during forensic investigations to determine what happened and how your systems were compromised. It is vital to preserve volatile information stored in the system memory, security logs and firewall log buffers.
Consult with federal law enforcement authorities, the Multi-State Information Sharing and Analysis Center (MS-ISAC) and your security vendor to identify whether researchers have developed decryption tools or identified encryption flaws you can use to decrypt your data. These resources may also provide additional information regarding steps to identify impacted systems and how to turn off ransomware binaries. Other steps include:
Identification of systems involved
Disabling VPN, cloud-based and public-faced endpoints
Turning off server-side data encryption
Identification of inside and outside persistence mechanisms
Step 5: Eradication Strategies
The primary goal of your eradication strategy is the removal of all traces of ransomware and malware from your systems (distinct from data). While it is sometimes possible to sanitize your systems, it is generally more straightforward and much safer to wipe them and rebuild them from scratch using templates and clean images. Steps include:
Wipe or sanitize all infected systems
Rebuild corporate systems, starting with critical systems
Reset all passwords
Address and block identified vulnerabilities, websites and malware
Issue a declaration from the designated IT authority once you have eradicated all traces of the ransomware and rebuilt systems to confirm that the ransomware incident is over
Step 6: Recovery and Restoration
At this point, you can now restore your data and get back to work. It is also when you will benefit from the foresight that led you to use innovative solutions to recover quickly from ransomware attacks. Veeam offers several solutions, including a backup replica to create a virtual machine that you can get up and running quickly. Steps in recovery and restoration include:
Use secure backups to restore systems
Make sure that your backups are clean, so you do not reinfect your clean systems during recovery
Implement lessons learned from the attack to strengthen security measures
Deploy ongoing ransomware monitoring solutions
Complete a post-incident evaluation
Best Practices for Ransomware Incident Response
The incidence of ransomware attacks is such that you should consider them in the same category as other business continuity management plans. These include strategies for dealing with major incidents, natural disasters and disaster recovery.
The starting point for a ransomware incident response plan is a thoroughly researched and documented recovery plan. Typically, this plan includes all stakeholders, a clear statement of the recovery objectives and communication strategies. The plan identifies responsible parties and clearly defines the actions to take when a ransomware attack hits you.
Points to consider include:
Response team: Identify all members of the response team, their responsibilities and functions. Appoint a designated leader responsible for coordinating activities.
Inventory: Compile a complete list of all physical and cloud hardware and software assets, together with diagrams of how these interconnect, including special features such as VPNs, virtual private clouds, WANs and APIs.
Critical functions: List and prioritize critical business functions, applications, datasets and backups.
Emergency contact list: Include all employees, service providers, suppliers and customers who may be impacted by a ransomware incident.
Training: Train team members in their roles and responsibilities and simulate an incident with a Ransomware Prevention Kit to ensure each person is familiar and comfortable with their role.
Ransomware action plan: Prepare a detailed ransomware response action plan.
Lessons learned: Documents lessons learned during training simulations and actual attacks.
Formalizing and adopting these ransomware protection best practices will help your organization respond quickly and effectively when you come under attack and ensure you have clean backups to restore and reconnect services.
Getting Started With Veeam
While it is always possible to recreate IT structures, a business cannot survive a ransomware attack if it cannot access clean data. Veeam’s online backup solution solves this problem. Veeam offers a single solution that gives you total control over your recovery with multi-layered immutability, comprehensive monitoring and automation. Veeam works with common cloud-based solutions as well as on-premises solutions for Windows, Linux and Mac. Call our sales department to learn more about our ransomware data recovery solutions.
According to a recent report from 451 Research, many organizations (56%) that currently use, or plan to use public cloud services, have expressed their preference for adopting a hybrid and multicloud approach as their primary cloud operating model.
As a managed service provider (MSP) offering BaaS (Backup as a Service), your customers will rely on you to provide guidance on the most effective strategies for safeguarding, managing and accessing their crucial data, irrespective of its location — whether it is on-premises, hosted in a hyperscale cloud such as AWS or Microsoft Azure or a combination cloud platforms and on-premises infrastructure.
Data Portability in the Cloud Is Important in Achieving That Goal
Portability in cloud backup refers to the ability to easily move or transfer data and applications between different cloud platforms or back to the data center for a variety of reasons, not just data loss. Choosing a backup vendor that makes portability easy and efficient is important in your BaaS for public cloud offering for several reasons:
Vendor Independence:
One of the key advantages of portable backups in the public cloud is the freedom to choose and switch between cloud providers without compromising data availability. By having portable backups, organizations can easily migrate their data and applications from one cloud vendor to another, ensuring vendor independence and avoiding vendor lock-in. This flexibility allows businesses to adapt to changing needs, leverage competitive pricing and take advantage of specialized services offered by different cloud providers.
Cost Optimization
Hyperscale clouds like AWS, Microsoft Azure and Google Cloud, as well as independent cloud hosting providers may offer varying pricing models and cost structures. By maintaining portability, you along with your clients can leverage competitive pricing and take advantage of cost savings by moving data and applications to cloud platforms that offer better deals or discounts with ease.
Flexibility and Scalability
Portability enables flexibility in workload management and scalability options. Organizations can distribute their workloads across multiple cloud providers or utilize a multi-cloud strategy, allocating resources where they are most needed. This flexibility allows businesses to optimize performance, enhance redundancy and meet specific requirements for security, compliance or performance.
Business Continuity
Cloud backup is crucial for ensuring business continuity in the event of a ransomware attack, natural disasters or system failures. If data and applications are stored solely with a single cloud provider, any disruption to that provider’s services could have severe consequences. Portability allows organizations to quickly restore their data and applications on alternative cloud platforms, minimizing downtime and ensuring continuous operations.
Compliance and Data Sovereignty
Data privacy regulations and compliance requirements vary across different regions and industries. Portable backups offer a solution to address the challenges associated with compliance and data sovereignty. By keeping backups portable, businesses can ensure that sensitive data is stored and managed in accordance with the relevant regulations. If data needs to be moved or replicated to comply with specific laws or to meet local data residency requirements, portable backups simplify the process and enable businesses to maintain compliance without disrupting operations.
Conclusion
Overall, portability in cloud backup enhances freedom of choice, mitigates risks and empowers you as a trusted advisor to guide organizations into optimizing their cloud strategies, enabling them to adapt to changing business needs and technological advancements while strengthening you as a service provider they can trust for their hybrid cloud data protection strategy.
Consider using Veeam Backup for AWSor Veeam Backup for Microsoft Azure as your native-public cloud Backup as a Service (BaaS) offering. These solutions are designed to fit natively into your customers’ AWS and Azure environments and offers flexible portability features allowing you to migrate workloads across clouds or back to the data center*. Centralize it all through Veeam Service Provider Console and you have a powerful solution to easily scale all your Veeam-powered Public Cloud BaaS offering quickly and efficiently. Together with Veeam, become the trusted advisor your clients rely on to ensure their cloud data is protected and readily available.
Every conversation I have with customers and partners nowadays involves sharing the latest information from Veeam on how to combat ransomware with a comprehensive approach. The data indicates that it is not a question of if but when an organization will have to deal with a ransomware incident. The reality is that ransomware is the cybersecurity incident we’ll have to deal with more likely than fire, flood or blood types of disasters.
Well, this answer changes over time. There have been examples that simply encrypt small or targeted datasets and some that have widespread exfiltration and lateral movement across an organization. I am often debrief of ransomware situations from the Veeam technical support team that guides organizations through ransomware incidents, and it is consistent to see how some of the threats move through an organization. The MITRE ATT&CK framework is a clear go-to in these areas if you haven’t seen it.
Prevention, Protection and Defense
I am a big believer of the NIST Cybersecurity Framework that focuses on five key functions: Identify, Protect, Detect, Respond and Recover. Veeam has capabilities mapped to each of these functions; and will continue to grow in this space. From a prevention, protection and defense standpoint, it is important to understand the difference and options available for how an organization can approach comprehensive protection.
It is a tall ask to seek broad prevention of ransomware, but I’d challenge with the right investments in proven effective techniques across the board your odds go up exponentially. A quick list of key prevention, protection and defense techniques include:
User training: Everyone in an organization is part of the cybersecurity team, from the CEO to the coordinator; everyone needs cybersecurity training. IT included.
Response planning in place: Having a plan on how to respond to ransomware is a great first start, this is a non-technical milestone. Being able to answer important questions such as: Who is in charge? Who do we notify? How do we work with external stakeholders? Are all important parts of a response plan.
Follow the 3-2-1-1-0 rule: Three different copies of data, two different media, one of which is off-site. That’s where the rule starts, have comprehensive ransomware protection with at least one copy being immutable and zero surprises with recovery verification. The 3-2-1-1-0 rule is the way.
Backup what needs to be recovered: This sounds cheeky, but it is relevant; you can’t recover what you don’t protect.
Immutability everywhere: It is easier than ever to have immutable copies of backup data; there is no excuse not to have two or more copies of immutable backup data. There are now 36 qualified immutable solutions with Veeam.
Confidence in recovery: Veeam has had SureBackup in the market for over 10 years, it’s definitely time to have automated recovery verification. This is critical to drive confident response to a ransomware incident. The Veeam Ransomware Trends 2023 report itself indicates that the most common element of a response playbook is a good backup:
I’ve been following a number of different resources to identify how ransomware behaves. Some of my favorite resources to learn about different behaviors and individual ransomware makers include the Veeam Ransomware Trends Report, the PC Security Channel on YouTube and this glossary of Common Ransomware Types.
From all of these resources, it is clear that different ransomware makers behave differently with a consistent set of impact on an organization. I take all of these behaviors: deletion, encryption, exfiltration and more as a serious wake-up call to ensure that organizations have complete control of their data.
Do I Need a Ransomware Risk Assessment
This is a fair question to ask, but many organizations may simply not be comfortable with the realities of the threatscape today. This is why we at Veeam have made a very easy to use ransomware risk assessment. This tool can give you a view of your data based on what we see at the highest level of trends, and a good starting point for your journey to comprehensive ransomware protection. I’ll be the first to admit, it gets specific quickly and sometimes it is better suited as a private conversation; but this assessment is a great place to start.
The single best practice that matters is to ensure you can recover your data from a ransomware attack. However, there are many that are part of a comprehensive ransomware protection strategy. Like the assessment recommendation, ransomware protection can get specific quickly based on what is being protected and where it is being stored. At a minimum, a comprehensive strategy for ransomware protection would include (but not be limited to):
Encrypting your backups: Veeam-based encryption to protect against Veeam backups leaving unintentionally.
Verify backup recoverability: If ransomware gets in, the only option is to recover data. Be sure you are ready to go.
Harden and limit access to your backup infrastructure: In a ransomware incident, this will be your most precious IT asset. Protect it and limit access as such.
Proactively monitor and update systems: Veeam ONE is great here, having Veeam ONE monitor your backup infrastructure as well as your production infrastructure will give you the visibility you need. And be sure to update your infrastructure, all of it.
Veeam ONE will monitor your Veeam environment with incredible detail to help keep your backup infrastructure healthy.
Have a recovery plan: Whether it is a daily-verified Veeam Recovery Orchestrator plan or a familiar and tested plan from your IT staff; this is a common missed opportunity for a lot of organizations during a ransomware incident. Have a plan.
What Tools Are Needed for Ransomware Protection?
The easy place to start is Veeam ONE. I guarantee you that Veeam ONE will tell you something about your environment that you didn’t know about, yet you should address. If you are just implementing Veeam ONE for the first time, do so in a model of least privilege. Do not use accounts for Veeam ONE that are in use elsewhere. Veeam ONE’s ability to monitor and report on possible ransomware activity and potential tampering with the Veeam Backup & Replication infrastructure are critical. Be sure to configure the immutability state and immutability change tracking alarms to be sent directly to security teams for example. Also make sure you are automating reports on any changes in the backup infrastructure in Veeam ONE.
I also recommend not having the Veeam infrastructure connected to the Internet and use explicit usernames and password for specific services and connections. I realize if you have already implemented Veeam, this may be a mountain of work. So, start small, make sure your backup repositories are using explicit credentials separate from credentials used elsewhere in an environment.
One technology I have been working on with Product Management recently is the Veeam Hardened Repository. We have made an attractive option for individuals who don’t have a lot of Linux skill and want it truly hardened. The new installable .ISO will configure the Linux environment for use as a Veeam Hardened Repository and automatically apply DISA STIG hardening that will make a very resilient backup repository. The Veeam Hardened Repository makes it easier than ever to have immutable backups on Linux:
The Veeam Hardened Repository is an easy way to have immutability with no additional Veeam cost.
What To Do During a Ransomware Attack?
The number one thing to do is keep calm. When I debrief from organizations in ransomware incidents, there is common behavior to isolate the infected systems and engage cybersecurity response teams. There are a number of courses of action, and the one thing all backup vendors agree on is to restore data. If ransomware gets in, the only option is to recover data. But also reach out to the right resources for expert advice. The Veeam critical incidents support team guides customers through successful ransomware recoveries every day with a highly trained group of experts who specialize in ransomware recovery.
Best Practices and a Comprehensive Strategy for Ransomware Protection Are Right Here at Veeam
Talk to us here at Veeam. We’re a leading provider of backup solutions worldwide. This is validated by the IDC tracker, the recent Gartner Magic Quadrant for Enterprise backup having Veeam again as a leader. Veeam also prepares the Ransomware Trends Report, one of the largest pieces of industry research of its kind. Coupled with solid product delivery over the years, a strong product roadmap and technical support to provide the ransomware recovery needed. Veeam is your place for comprehensive ransomware protection. If you want more, reach out to your Veeam rep or a reseller partner to take the next steps to comprehensive ransomware protection.
One of the things that I enjoy most about this industry is how quickly it moves. The market continually evolves to demand more flexible and more powerful solutions. Workloads that need protection grow in size, type and location. Today, it’s the norm for hybrid- and multi-cloud deployments to protect physical, virtual, Kubernetes, IaaS, PaaS and SaaS data.
Veeam is unapologetically a data protection and ransomware recovery vendor. We are known industry-wide for pioneering and patenting Instant Recovery almost a decade ago. Our pace of innovation has not slowed; we continue to focus on the speed, granularity and ease of bringing important applications and files back online quickly. Veeam has delivered almost 30 releases across every one of our solutions in the Veeam Data Platform, and in doing so, we’ve ensured that our 450,000+ customers have what they need to be fully protected.
When we are recognized by a respected industry analyst firm, we believe it is a testament to the loyal and happy customers who rely on us to keep their business running. I am proud that Veeam has been named a Leader in the 2023 Gartner® Magic Quadrant for Enterprise Backup and Recovery Software Solutions1 for the seventh consecutive time and positioned as highest in Ability to Execute for the fourth year in a row.
Today, Veeam celebrates this acknowledgement. We also recognize the increased responsibility to continue innovating and stay ahead of a growing cyber-threat landscape. This is why Veeam also focuses on data security. Backup has truly transformed from protecting against occasional equipment failures, configuration issues and accidental deletions (all of which still happen) to additionally being a core component of a robust cyber resiliency practice. From native, built-in immutability, to immutable options across an enormous ecosystem of partners, Veeam makes it easy for customers to follow the 3-2-1-1-0 Rule, so that double- and triple-play immutability is available to every size of customer. Latent malware and anomaly detection, cleansing data during restore to avoid re-infection and a ransomware warranty are just a few of the many things that Veeam offers to keep data safe from bad actors.
If we have learned anything in the last few years, it’s the importance of being flexible enough to keep pace with the fast changes in how we conduct business, how and where our data resides, and what cloud or infrastructure we run on. Today, the market tells us that data must be portable and made easier to move across data centers; it must be mobile across a variety of clouds, with bi-directional movement, so that where data resides today in no way limits where it can be moved from or recovered to tomorrow. At Veeam, we call this Data Freedom — for any cloud, any infrastructure, and any mixture of the two, so that you have the flexibility and the power to manage a hybrid- and multi-cloud environments which are capable of responding to any demand, even those we may not foresee today.
It is again my privilege to congratulate our partners and every Veeam employee, as I believe they have had a role in this year’s recognition in the Gartner Magic Quadrant. I especially want to thank our customers for their continued support. At VeeamON 2023, we announced and demonstrated just a few of the many new capabilities that are soon to come.
Gartner, Magic Quadrant for Enterprise Backup and Recovery Software Solutions , Michael Hoeck, Nik Simpson , 7 August 2023
The name of the report was changed from Magic Quadrant for Data Center Backup and Recovery Software in 2016 to Magic Quadrant for Data Center Backup and Recovery Solutions in 2017 and to Magic Quadrant for Enterprise Backup and Recovery Software Solutions in 2021.
GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
It’s small, green, designed to protect and perform, and you may have seen it roaming around with the Veeam Team at recent events — it’s the Recovery Rover.
This state-of-the-art cyber dog has been turning heads since it first debuted at events earlier this year. I sat down with one of the Recovery Rover handlers, Anthony Spiteri, Regional CTO for APJ, to learn more about this mysterious new addition and what it can teach us about data protection.
Alright, Anthony. I’ve Seen the Recovery Rover in Various Posts and Videos. Where Did the Idea Come From?
“We partnered with an outside creative agency named Konkering, and they suggested a few big bets to create some buzz around our Veeam Data Platform launch — including this one. It seemed like a good idea, and we started thinking — rather than just doing podcasts or other content, what could we do that would cause a storm? This has completely done that,” said Anthony.
He went on to explain that there are four Recovery Rovers traversing different regions globally.
“Everywhere they go, they turn heads,” he said. “People ask questions — it’s an absolute conversation starter.”
So Once This Idea Was Born, Boston Dynamics Helped Bring It to Life?
“They have a huge history of robotics — they’ve been doing it for the past 20 to 30 years,” he said. “It’s a very interesting company. And now that they’re owned by Hyundai, it has allowed them to really ramp up their production.”
Although many tech enthusiasts have known about Boston Dynamics from the beginning, it wasn’t until their technology appeared on a national TV show that the larger public began to take notice.
“Boston Dynamics had just released the dancing functionality and it appeared on Jimmy Fallon, and the team and I had known of other companies using them on show floors. So, when the idea came through, it was taken up immediately” he said.
What Is the Main Message That the Recovery Rover Brings to These Events?
“It’s a great piece of technology that exemplifies where we are in terms of technical innovation. It’s an autonomous decision-making platform; it’s not AI-enabled, but it’s aware of its surroundings and can make decisions based on what it sees. It’s an adaptive robotic platform,” he said.
“Data protection is so crucial to Veeam’s success, and the SPOT platform is generating data every second of operation. The whole platform is observing the world and collecting data for processing, future analysis as well as the data it generates through its own system logs. It’s not just a typical Edge device or data center anymore; it’s an autonomous robotic platform that you can buy off the shelf.”
“That data ends up being stored somewhere, and that data needs to be protected. If that data is deemed critical to a business, you’ve got to back it up,” he said.
How Long Did It Take You To Learn How To Interact With the Recovery Rover? Was There Some Trial and Error Involved, or Was It Intuitive From the Start ?
Anthony and the team explained that he, along with the other Rover handlers, participated in a two-day training at the Boston Dynamics headquarters so they could fully understand the functionality and safety features of the Rover before taking it on the road.
“The controller tablet has the software on there to control the unit. If you’ve ever played a computer game, it’s got the same dynamics — up and down, back and forth. What takes time is getting used to the actual robot itself, And what I mean by that is the visceral reaction to what we grew up believing the future would be like being right in front of you and in your control” he said.
“When you have control, it is super, super responsive. Very agile due to its infrared cameras and sensors that are feeding back data all the time, so it’s always taking in that data to make sure it’s not crashing into objects. Thankfully, It’s pretty good at detecting humans.”
What’s the Coolest Moment You’ve Had With the Recovery Rover So Far?
Anthony had fast answers to my other questions, but this one gave him some pause — there were too many to choose from.
“Having it on stage at VeeamON was pretty something I was keen on. Being able to talk about the technology, putting it on an autonomous mission and talking about the why of the platform. Being able to programmatically interact with it through its software development kit and getting it to do things autonomously through code shows its extensibility,” he said.
He added that going to Boston Dynamics to learn about this technology was also memorable — like the movie “Night at the Museum,” but with robots.
“During the Boston Dynamics HQ visit, we were given a tour of the factory. As we were walking around, side by side with multiple SPOTs on autonomous missions, we got to see engineering, mechanics, coders, developers and support … but the coolest thing as mentioned was seeing all the robots walking around, just and people acting like it was no big deal…. the future was right there in that building”
I Can Imagine It’s Been Interesting Bringing a Little Green Robotic Dog With You to Events. What Has the Reaction Been From People?
“Some people react to it simply being a robot before they really understand what it is. It’s sort of in our psyche not to trust these things, but there are also others who want to check it out and take a selfie with it,” he said.
He explained that the interactions that the Recovery Rover has helped facilitate have definitely been worth it for the team.
“There’s absolutely no doubt whether it’s good or bad. These things turn heads, and when you’re looking to start a conversation, it doesn’t matter how you start the conversation. It’s one of the best icebreakers of all time, right?”
Follow the Recovery Rover in Your Region
Where’s the Recovery Rover going next? Follow its journey and check it out at an event near you!
Today’s enterprises are increasingly reliant on cloud services, such as Microsoft 365, for efficient collaboration and productivity. But the looming question remains – should you backup Microsoft 365 data? There are many opinions — as well as misconceptions — on this topic, but in this blog, we will help you separate facts from fiction so you can make an informed decision on whether to protect this data.
Importance of Microsoft 365 Backup
Contrary to popular belief, your data in the cloud isn’t immune to loss. It’s susceptible to the same risks that your on-premises data faces. This makes backing up your Microsoft 365 data not just an afterthought, but a business-critical necessity. The criticality of Microsoft 365 applications is only increasing as organizations expand their usage of SharePoint Online and Microsoft Teams. So, the need to have a backup of Microsoft 365 data is also increasing. Microsoft has announced they are developing their own Microsoft 365 backup solution, so this in itself proves it is a priority.
Unmasking the Truth About Microsoft 365 Backup
So, why is it so important? Doesn’t Microsoft already protect my Microsoft 365 data? Microsoft provides many great compliance tools to ensure your data is retained over a set period of time, they also ensure infrastructure uptime for service availability. However, it’s vital to recognize the distinction between these features and a comprehensive backup solution. The responsibility of protecting your data ultimately lies in your hands, and not entirely on Microsoft. What are all the helpful built-in tools and how do they differ from a backup? Read more here.
Microsoft’s Responsibility vs. Your Responsibility
Microsoft has provided a Shared Responsibility Model to help their customers understand where Microsoft’s responsibility ends and theirs begins. The model clearly displays that the responsibility of protecting your data ultimately lies in your hands, and not in Microsoft’s. So, what does Microsoft provide? Microsoft is responsible for maintaining the infrastructure of its services, ensuring it’s accessible and protected from service-side issues. They are also responsible for many other elements — learn more about the Shared Responsibility Model.
7 Reasons Why Backing Up M365 Is Critical
The need for backing up Microsoft 365 data goes beyond recovering lost or deleted files. Here are seven compelling reasons why Microsoft 365 backup is critical:
Accidental deletion: accidental deletion, modification or overwrites of data can be catastrophic. With a backup solution, you can quickly recover lost data and maintain business continuity.
Retention policy gaps and confusion: Microsoft’s retention policies can be complex to understand and implement correctly, leaving your data at risk of loss after the retention period expires.
Internal security threats: the risk of internal threats, like disgruntled employees deleting essential data, is real and can’t be ignored. A backup solution provides a safeguard in these situations.
External security threats: malware and ransomware can do significant damage to your organization’s data and reputation. Regular backups ensure an uninfected copy of your data is always available for recovery.
Legal and compliance requirements: a robust backup solution can keep your company out of legal trouble by allowing you to retrieve data as required for legal and compliance purposes.
Managing hybrid email deployments and migrations: the right Microsoft 365 backup solution should be able to handle hybrid email deployments, making the source location irrelevant.
Teams data structure: the Microsoft Teams backend is much more complex than many realize. With this added layer of complexity, ensuring that data is adequately protected is paramount.
Data loss incidents are far too common. In a recent study by ESG, 53% of IT professionals admitted their organizations had experienced data loss or corruption in their SaaS applications. It’s worth noting that less than 25% of organizations are able to recover 100% of their Microsoft 365 data during a data loss incident, making the need for backup all the more pertinent.
Why Choose Veeam for Microsoft 365 Backup
Veeam Backup for Microsoft 365 is the #1 Microsoft 365 backup solution in market, protecting 16 million Microsoft 365 users. It is designed to provide comprehensive protection for your Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams data, so that it’s always protected and accessible. With Veeam, you also get the backup flexibility you need to meet your recovery point objectives, recover Microsoft 365 data no matter what data loss scenario you encounter and leverage any storage target your organization wants to utilize for its backup data. But don’t take our word for it, hear what ESG had to say in their recent technical review of Veeam Backup for Microsoft 365, read the review.
Conclusion
Backing up Microsoft 365 data is a smart business decision. It’s clear that there are many misconceptions, but it’s also evident that there are many vulnerabilities and data loss risks which can only be truly mitigated by having a backup. Moreover, the Shared Responsibility Model states that ultimately, it’s your data — you control it — and it is your responsibility to protect it. Make sure you protect Microsoft 365 data with a comprehensive backup solution that provides the data security, data recovery and data freedom you need.
Are you ready?
Ready to ensure robust protection for your Microsoft 365 data? Try a 30-day FREE trial of Veeam Backup for Microsoft 365 today. Unveil the power of complete access, control, and protection of your data with Veeam! Check out the additional resources below!
Try in a labright now with a free, realistic sandbox with all resources provided.
Watch a demo on Microsoft 365 backup best practices.
According to 2023 Data Protection Trend’s Report, 85% of the 4,200 organizations surveyed suffered at least one ransomware attack in 2022. What was even more startling was that 39% of an organization’s production data was either encrypted or destroyed during the attack and victims averaged only being able to get back half (55%) of what had been affected. With cyber threats showing no sign of slowing down, it’s not surprising that most companies have adopted immutable and air-gap (i.e. survivable storage) technologies to ensure their data recovery efforts are not hindered by ransomware. This blog aims to discuss the differences between air-gap and immutable backup technologies and how organizations can leverage these solutions in their cyber resiliency strategy.
Overview of Cyber-Resilient Strategies
Step 1 – Ensure Survivable Backup Targets
For decades, air-gap storage for backups was the most trusted option that companies could leverage to protect their critical assets from most threats. Write Once, Read Many (WORM) via tapes or rotating hard drives ensured that data, once ejected and moved offsite, would allow organizations to recover their data in event of disaster. Resilient data storage like tape has since evolved due to companies leveraging more secure architectures and hybrid cloud approaches. Immutability has become more common as it offers similar functionality as WORM, less overhead for managing the media, but is not traditionally unreachable on the network. When building cyber resilient and disaster recovery strategies, both air-gap and immutable can have their own pros and cons. However, you can use both technologies in conjunction with one another to have an ultra-secure resilient copy.
First, it has always been recommended that, in the event of a production site outage, to ensure that you have a secondary copy that cannot be affected. The traditional “3-2-1 Rule” recommends 3 copies of your data, using at least 2 media types, with 1 copy being off-site. For most Veeam deployments, your production data is [Copy 1, media type=disk], the backup data on the local repository is [Copy 2, media type=disk] and a third for disaster recovery off-site [Copy 3, media type= disk, cloud, or tape]. Most organizations have adopted this practice and expanded beyond the 3-2-1 Rule into 3-2-1-1-0 Rule to incorporate immutability and testing as well due to mandates and the ever-growing risk of cyber threats. The added 1-0 to the rule suggests that 1 copy be “offline” (inaccessible via air-gap or immutable) and 0 errors (tested and validated). This helps to ensure the highest level of data recoverability from any type of disaster.
Step 2 – Reduce Access Opportunities
Now, it’s all about access and making it difficult for bad actors to not only gain access to systems but attempt to destroy the backups you need for recovery as well. Therefore, we recommend that you adopt a cyber-resilient architecture.
Here, everything on your production site has proper access controls in place. You can monitor the production environment for suspicious activity and run reports to ensure all your workloads are protected and have an immutable backup. Next, define user account roles for having access to the backup environment. Enable multi-factor authentication (MFA) on your Veeam Backup Server can help provide a more secure environment that protects users from being compromised. Following, use an
immutable target as your first backup media to allow for recovery in the event of bugs, cyber threats or accidental data deletions. Most importantly, testing these backups often to verify their data content and that you won’t have any unforeseen issues at time of restore. These storage devices can range from purpose-built hardware, deduplication devices, and S3 integrated hardware. Finally, we have our 3rd party copy that should be off-site, encrypted, AND offine or air gapped. Natural disasters and physical unauthorized user access are not the only reason why it’s beneficial to keep a siloed copy offline and offsite. Data integrity, legal disputes, as well as data compliance/retention rules may not be typical data loss events, but they make certain you have a copy of clean data that can be used for any data driven needs.
What Is an Air-Gapped Backup?
An air-gap is a way of isolating your critical data by separating a copy either physically (removing the tape out of the drive) or not accessible from the network (e.g. network ports or routes disabled). There are many benefits of air-gap backups including:
Protection against ransomware and other malware since these backups are not accessible from the backup server or elsewhere on the network. For bad actors to possibly corrupt this data, a person would need to be physically present and have the proper access credentials to delete the data. If these backups are being properly ejected/isolated, and cared for (e.g. temperature controlled, dirt/dust, humidity, etc.) the chances of a failed recovery are low.
Prevention of unauthorized access and data breaches with encryption. When considering any backup, but especially those that have been air-gapped or are otherwise offsite, it becomes even more important that the devices or media be encrypted. Imagine having backed up your domain controller without encryption and then a bad actor restoring your backup on their server. They now can leisurely farm your credentials to prepare for an attack on your production systems. Encryption of the backups (especially those off site) is a critical step in protecting the company’s sensitive data from being accessed by unauthorized users.
Preservation of data integrity, which ensures that contents have not been altered in a malicious form. Both accuracy and consistency are crucial not just for regulatory compliance but for reliable recovery as well. For organizations in Healthcare, Government, Finance, etc. keeping various types of data for long-term can range from years to indefinitely and require maintaining a secure chain of custody in some cases. Depending on regulatory compliances from a state or federal level these requirements if not met, can have a legal impact that can result in hefty fines for organizations unable to produce the data in completeness and accuracy.
Immutable Backups
An immutable backup is a copy of data that has role-based access controls and other types of authentications and cannot be changed or deleted until a set time has expired. However, it is not “offline” like an air-gap backup is, as it is still connected and accessible from the network. There are multiple technology vendors that leverage this type of immutability whether on-premises or in the cloud and can include object-lock, secure snapshots, and the hardened repository from Veeam. For more information check out this blog post.
Air-Gapped vs. Immutable Backups
Since an immutable backup address some of the same ‘survivability’ goals as an air-gap backup, there are both similarities and differences. Both are going to offer resistance against ransomware anddata compliancy but here is where they begin to differ:
A traditional air-gap backup, like tape, can incur an additional cost for managing the media and working with vendors to store the media properly. This also holds true for immutable storage as well as it can grow exponentially if data policies change.
Recovery Time Objectives (RTO) are also a variable depending on the storage media used. For example, a customer who tested their restore speeds from cloud back to on-premises had noticeable network constraints that made it slower for them to recover the same data set that they had previously recovered from tape. It was taking weeks vs the few days they were accustomed to recall tapes. Increasing the download speeds was an option, but it required them to do an overhaul of their current network for an additional cost. On the contrary, another organization was able to perform restores directly to the public cloud provider and save weeks’ worth of downtime after a cyber event when they lost access to their on premise infrastructure due to forensic investigation. For them to wait for the investigation to complete would have cost a month of downtime.
In both cases, customers were able to build a data resilient strategy that worked for them. However, it is not an either-or situation and one shouldn’t replace the other. Very similar to how vm replica’s are not backup’s and vice versa. Both technologies exist to help organizations recover data faster and leveraging both in tandem only increases the chance of successful recovery after a cyber event.
Protect Your Data With Veeam
In the 2023 Ransomware Trends Report, 82% of the 1200 organizations who had previously suffered cyber-attacks now leverage immutable cloud technologies, while 64% are using immutable disks, and tape is still relevant with 14% stating it’s use in their data protection strategy. As organizations look to adopt more cyber resilient data protection strategies, Veeam continues to form strong partnerships with hardware and cloud vendors to make it easier to adopt immutable backup repositories, air-gap solutions, or (as a best practice) both. With the latest release of v12 which included immutability with Microsoft Azure, Direct to S3 with Immutability, and enhancements to tape, an organization can quickly adopt adding another defensive layer to help against ransomware.
Cybersecurity incidents are increasing at an alarming rate. In our 2023 Global Report on Ransomware Trends, conducted by an independent research firm, 85% of organizations surveyed experienced one or more cyberattacks in the prior 12 months. This represents a 12% increase over the previous year, and it highlights the danger your organization faces.
While hackers continually seek out vulnerabilities, the most common way to gain access to corporate systems is through phishing attacks. Phishing occurs when criminals send emails purporting to be from genuine organizations with urgent requests to verify confidential information. Variants include spear phishing, where malicious actors use personal information to encourage recipients to follow email instructions, and whaling, which involve fictitious requests from senior executives to subordinates requesting them to supply confidential information or make urgent payments.
Phishing is an effective technique with a high success rate. To counter this threat, it’s crucial you implement effective email security measures such as email encryption, multifactor authentication, spam filtering, employee training and robust backup solutions.
Storm-0558: A New Cyber Threat Landscape
In May and June 2023, a threat actor accessed emails from approximately 25 government agencies and related private email accounts of individuals associated with these agencies. The actor was identified by Microsoft as Storm-0588 and is believed to be a Chinese-based group. The group targets American and European government bodies, especially those with connections to Taiwan and the Uyghur ethnic minority groups in China.
Storm-0588 has a history of attempting to harvest emails for espionage purposes, sensitive data theft and intelligence collection. The group’s objectives appear to include gaining unauthorized access to the email accounts of employees working for organizations of interest to the group. The group appears to be well-resourced and possesses sophisticated capabilities. It’s believed this group is a nation-state actor.
In this instance, the group was able to forge authentication tokens to access user emails through a stolen Microsoft MSA signing key by exploiting a validation error in Microsoft’s code. The forged credentials gave Storm-0588 access to Microsoft MSAs and Azure Active Directory authentication tokens.
How Storm-0558 Orchestrated Their Attack
The Storm-0588 attack targeted customers using Microsoft 365 for email. The attack was first detected on June 16, 2023, when a federal civilian executive branch agency noted unusual activity in their Microsoft 365 Exchange Online cloud service. This was identified from the client’s Microsoft 365 audit logs and only because the client had purchased Microsoft’s advanced 365 E5 security package.
The client notified Microsoft, which quickly identified the root cause of the anomalous activity and swiftly implemented corrective actions. Microsoft determined that Storm-0588 had accessed the client’s Exchange Online service through Outlook Web Access. They discovered the actor used forged authentication tokens for MSA consumer and Azure AD enterprise accounts derived from a stolen inactive Microsoft MSA consumer signing key. These tokens are used by application programming interfaces to authorize access to users’ data. The hack was made possible by a validation error in Microsoft’s code that Storm-0588 discovered. To hide their location and mask their identity, the hackers used SoftEther proxy software.
Impact of the Storm-0558 Attack
Microsoft determined Storm-0588 had access to the emails of around 25 organizations and their users for approximately four weeks from May 15, 2023, until Microsoft blocked tokens signed with the stolen MSA key in OWA. As far as can be determined, the hackers were able to access targeted clients’ emails and download their contents and attachments. No other malicious activity was noted.
Storm-0588 is known to have been active since August 2021. The organization appears to target Microsoft accounts using phishing techniques and credential harvesting. The organization works to exploit security flaws such as the validation errors discovered in Microsoft’s 365 code. Tools used include the Cigril trojan tool that decrypts files and the China Chopper Web Shell that can remotely control compromised web servers.
Microsoft’s Response and Mitigation Efforts
When notified of the abnormal Exchange Online traffic, Microsoft immediately started its investigations. Based on the tactics used, Microsoft surmised the attack was perpetrated by the Storm-0588 group. Initially, it was thought that the group was using stolen Azure Active Directory tokens. Further investigation showed the authentication tokens were in fact forged from a Microsoft account, which leveraged a Microsoft validation error.
Remedial actions included invalidating all MSA keys that were active before the incident and correcting the validation code that allowed these keys to sign Azure Active Directory tokens. Other steps included moving all keys to a hardened key store and implementing improved monitoring systems. Microsoft directly contacted all customers who were compromised by this threat and provided information to prevent further exploitation of their systems by Storm-0588. These changes successfully blocked this Storm-0588 attack, and customers need not take any further action.
Lessons Learned and the Role of Veeam in Email Security
The biggest lesson from this attack was the importance of using the Microsoft audit log. Although these features are currently reserved for more expensive licenses, Microsoft has indicated they will provide wider access to cloud security logs for all licenses.
Additionally, some customers assume that Microsoft’s Geo redundancy features protect against data loss, but this is not true. It simply protects against infrastructure failure. Microsoft does not provide separate backup capabilities. This is made clear in the Microsoft 365 shared responsibility model, which clearly defines client responsibilities to include control of data residing in Microsoft 365 and its backups.
Implementing robust email security solutions can detect unusual activity as quickly as possible. For example, Veeam advanced email security solutions allow you to use threat scanning tools on backups to identify suspicious activity such as phishing. Additionally, you can use Veeam DataLabs to check recently captured backups for security vulnerabilities in a secure and isolated sandbox environment.
Summary
It was fortuitous that one of the customers targeted by Storm-0588 identified the anomalous activity and promptly alerted Microsoft and the Cybersecurity and Infrastructure Security Agency. During the four weeks, Storm-0588 was able to read and download emails from compromised customers, gaining valuable intelligence in the process. It is likely that had this unusual activity not been noticed, more organizations would have been affected. Microsoft acted swiftly to identify and mitigate the attack. The company also made significant changes to how token keys are issued and patched vulnerabilities that the attackers exploited.
One of the takeaways from this is the need to implement robust email security practices, both at the application level and during backups. No organization is immune to cyberattacks, and phishing attacks are common, as are ransomware attacks. The only effective solution is to implement secure backup practices, such as the well-known 3-2-1 backup approach, together with comprehensive scanning and monitoring practices to detect and eliminate malicious software.
Prevent data loss by securing your data with Veeam’s robust backup solutions. Don’t leave it to chance; take positive steps to secure your data today.
Google is hosting its annual Google Cloud Next user conference once again. Google Cloud Next is back, better than ever, and this year as an in-person event (versus a virtual event the past three years) at the Moscone Center in San Francisco.
Over 15,000 attendees are expected to descend upon San Francisco to take part in Google Cloud Next 2023, which dates from Aug. 29 – 31. Customers, partners, business leaders and developers alike will be taking over the city for this three-day technology and cloud conference to hear the latest announcements from Google’s cloud division. In addition to sessions and Moscone Center’s expo hall, there will be plenty of ancillary dinners and events happening near the convention center’s surrounding areas.
Main Themes: AI, Cloud, Collaboration
The main themes woven throughout the conference will be AI, cloud and collaboration, along with the latest in Google Cloud product and feature innovations. Not surprisingly, generative AI will be front and center, similar to other major technology events from this summer.
For several years, Google Cloud has been building a robust ecosystem of partners to round out the AI stack. In March of this year, Google Cloud CEO Thomas Kurian stated: “We’re now at a pivotal moment in our AI journey. Breakthroughs in generative AI are fundamentally changing how people interact with technology — and at Google, we’ve been responsibly developing large language models so we can safely bring them to our products.”
Kurian continued, “Today, we’re excited to share our early progress. Developers and businesses can now try new APIs and products that make it easy, safe and scalable to start building with Google’s best AI models through Google Cloud and a new prototyping environment called MakerSuite. In Google Workspace, we’re introducing new features that help people harness the power of generative AI to create, connect and collaborate.”
200+ Sessions and High-Profile Speakers
Along with keynote sessions on “The New Way to Cloud,” “What’s Next for Your App?” and “Targeted Universalism DEI Keynote,” there will also be over 200 breakout sessions that developers, data engineers, IT professionals and business leaders can all benefit from.
There will be several highly anticipated speakers from Google Cloud, such as: Thomas Kurian, Google Cloud CEO; Adaire Fox-Martin, President of Google Cloud Go-to-Market; June Yang, VP of Cloud AI and Industry Solutions; and Aparna Pappu, Vice President and GM of Google Workspace.
Additionally, there will be featured speakers from Google Cloud’s partners, including Accenture, Capgemeni and Deloitte.
Customer speakers include: David DeSanto, Chief Product Officer of GitLab; Laura Merling, Chief Transformation and Operating Officer of Arvest Bank; and Jordan Poff, Vice President of Retail and e-Commerce Operations of Kroger.
Veeam is a Sponsor
Veeam is a proud sponsor of Google Cloud Next 2023 and will be hosting a Cloud Talk Session titled “Application Backup Best Practices with Google Cloud and Veeam” on Aug. 29 at 11:05 a.m. PT in the Cloud Talk 2 Theatre.
Veeam’s very own Cody Ault, Staff Solutions Architect, will be showcasing the best practices and tools you can use to safeguard your applications throughout their entire lifecycle in the hybrid cloud — from monolithic physical servers, to virtual machines, to IaaS instances with PaaS databases, all the way to Kubernetes applications running in GKE. Cody will show how Google Cloud and Veeam provide the seamless backup and recovery of both native and hybrid cloud data, ensuring your data is protected no matter where it resides.
As a bonus, Veeam is also raffling off daily $200 Visa gift cards at our booth. Come and say hi to the Veeam Team at Google Cloud Next 2023! Make sure to stop by our booth #1432 in the expo hall — we look forward to seeing you there!
With Disaster Recovery as a Service (DRaaS) becoming more commonplace, companies of all sizes have been looking to DRaaS service offerings to support their business continuity plans when disaster strikes. But DRaaS isn’t one size fits all! Having a data protection platform that supports business needs when evaluating RTO, RPO, SLAs and budget — as well as the manageability from a provider’s perspective, is key in a DRaaS offering.
The Role of Backups, Replication and CDP in a DRaaS Strategy
Should all data be treated the same, with the same level of importance? Probably not. But this should be evaluated on a case-by-case basis with your clients. Usually, part of a Business Impact Analysis (BIA), understanding this on a foundational level informs SLAs and the acceptable amount of downtime and data loss by department. Budget also quickly enters the equation as a very important factor to consider.
When crafting a DR strategy, the tiering of data by priority SLAs and budget should inform how a provider should protect and recover the client’s data. This is where the role of backups, replication and Continuous Data Protection (CDP) enter the conversation.
Workload Tiering
When an application is deemed mission critical it is often classified as Tier 0 workload. This type of data cannot afford any delays or disruption of service. Often, this is a very small percentage of the overall picture. CDP would be the best way to protect Tier 0 workloads. When considering RTOs for these applications, the recovery time is up to an hour and as low as five seconds. In most cases, not all client data requires CDP!
Tier 1 workloads are required for day-to-day operations. This data, while important, may have more of a downtime tolerance than Tier 0 workloads, and be perfectly suited for a replication approach. When looking at RTO and RPOs, replication usually provides less than one-hour RTOs and RPOs of less than 12 hours.
And finally, Tier 2 workloads which would constitute all other data and applications. These workloads would require backups (like all data) and be perfectly acceptable to recover from the backups within the defined SLA period. RTO is usually between two and eight hours and RPO is typically up to 24 hours.
Remember, each customer and industry can vary. The budget and tolerance for downtime and data loss plays a key factor in these decisions. The three data protection mechanisms (backups, replication and CDP) are complementary and are often used together.
While there are many aspects to a DR plan, this article only covers one component. With most organizations seeking a DRaaS provider for expertise in BCDR planning and execution, choosing a platform that can accommodate workload tiering can be a game changer in your DRaaS offering. This can bring an affordable DR solution to your potential and current clients whether it’s recovering from backups, snapshot-based replication and/or CDP, while standardizing to a single solution.
Interested in offering Veeam-powered DRaaS leveraging the Veeam Data Platform? With the Veeam Cloud & Service Provider (VCSP) program, you can build and host your own DR solution, or purchase one from a Reseller Ready DRaaS partner that can be white labeled to your customer base. To learn more about building a Veeam-powered DRaaS offering, access the DRaaS Partner Success Kit on ProPartner Portal here. To find a ready to sell Veeam-powered DRaaS solution, visit the Reseller Ready Partner Directory here. Not a VCSP partner yet? Learn about the VCSP program benefits and how to get started here.
for Enterprise Backup and Recovery Software Solutions1 for the seventh consecutive time and positioned as highest in Ability to Execute for the fourth year in a row.
