Are you confident that your backups can recover from a cyberattack? During a cyber incident do you have forensics, decryption, and negotiation services readily available to help your organization recover quickly and safely? We’ve seen firsthand that organizations unfortunately do not rise to the occasion of recovering from a cyberattack. They fall to their level of preparation.
Veeam’s Cyber Secure Program ensures customers are prepared to rise to the occasion during a cyberattack. The program provides support for ransomware attacks at every stage; pre-incident, during incident, and post-incident. The following blogs discusses benefits of Veeam Cyber Secure combined with Veeam Data Platform functionality.
Pre-incident
Quarterly advisory sessions delivered by experts covering details about the latest tactics, techniques, and procedures (TTP) used by threat actors have proven to be extremely useful to customers. Education is key and staying up to date on the latest attack vectors can be the difference between falling victim or not. It is often a failure missed in the cyber kill chain that leads to something catastrophic that could’ve easily been avoided or contained. A full suite of training sessions are offered to better prepare organizations all the way from the IT admin up to the executives.
For example, data shows that many attackers lie about how much data was encrypted. They will manipulate all the file extensions on a server but only encrypt a subset as encryption is a compute intensive activity and is hard to go undetected. Veeam’s forensic triage tool, Recon, helps identify which data was actually encrypted.
Backups are any organization’s last line of defense, as the cyber kill chain above illustrates. Options become limited to none if this fails. The data shows well over 90% of the time threat actors will try to attack backup software. It is important that if/when they access the console, those backups are immutable. With Veeam Data Platform, attackers would be unable to delete immutable backups from the console, and they’d be unable to find the credentials to SSH into Veeam’s harden repository.
According to Veeam’s Ransomware Trends Report, network and endpoint security tools detect cyberattacks 62% of the time. However, a defense-in-depth approach still proves to be a great strategy as 10% of the time backup software is what finds Indicators of Compromise (IoC).
As part of Veeam Data Platform, in-line malware detection looks for both known attacks and anomalies via entropy analysis. For example, in the use-case discussed above where the attacker manipulates a mass amount of file extensions, VDP would detect this during backup and see something suspicious occurred since the previous backup.
During Incident
Veeam Cyber Secure customers retain the incident response expert services of Coveware by Veeam for up to two incidents per year. Coveware by Veeam is extremely experienced in assessing, negotiating, and ending downtime as they help hundreds of organizations per quarter recover from cyber extortion cases.
One of the components that makes Coveware by Veeam so successful, is their ability to forecast behavior based on the ransomware group. They have an extensive database of cases to pull from to better understand an attacker’s behavior.
For example, just because an attacker claims the exfiltration of data it doesn’t mean they did. Between world-class expertise and forensic tools, they can help understand if and what data was stolen before coughing up to pay the ransom.
Ultimately, you never want to pay a threat actor, and Veeam provides the fastest recovery options in the market with the ability to not only restore from backups, but also recover from continuous data protection replicas, snapshot replicas, and primary storage array snapshots. The ability to recover from multiple layers and to multiple platforms is crucial for recovering in a timely manner that meets business SLAs.
Post-incident
Veeam is so invested in this program being successful that a ransomware recovery warranty is provided for verified attacks up to $5 million USD toward data recovery expenses. Customers should feel confident that they can recover from clean backups, even in the face of a cyberattack.
Conclusion
Of course, we never actually want there to be a cyber incident, but it’s important to prepare as if that late Friday night call is inevitable. Veeam’s Cyber Secure Program helps you get secure, stay secure, and respond quickly to minimize downtime should an incident occur.
