Technical | August 14, 2024 4 min to read

Veeam’s Malware Detection | Scan Cloud Workloads

Learn more
Brad Linch Brad Linch

Ransomware attacks are becoming increasingly sophisticated, targeting cloud-based workloads and posing significant risks to organizations. These cyber threats can encrypt critical data, disrupt business operations, and demand hefty ransoms. Additionally, tactics like double extortion and data theft amplify the potential damage. A solid defense strategy is essential for safeguarding cloud workloads.

Importance of Cloud Workload Protection

A key component of any defense strategy involves both backing up cloud workloads and employing a solution that offers multi-layered protection.

Veeam’s inline scanning capabilities provide organizations with real-time threat detection, malware protection, compliance adherence, and data loss prevention. By integrating Veeam into your cloud infrastructure, you can enhance your backup security posture, ensuring the safety and integrity of your cloud-based workloads. This enables businesses to operate confidently, knowing their critical data and operations are shielded from evolving cyber threats.

Understanding Veeam’s Inline Scanning

Veeam’s malware detection capabilities are embedded in its Veeam Backup & Replication v12.1 and further enhanced in the 23H2 update of the Veeam Data Platform. This feature allows users to scan backup data for suspicious activity or infected objects using both built-in and third-party methods.

Types of Veeam Inline Scanning

Inline Entropy Analysis

This analysis examines block-level binary data during backup transfers, looking for encrypted files and data anomalies. For instance, if a server typically has 10% of its data encrypted and changes 50-60GB daily, but suddenly 20-30% of data is encrypted with changes of 90-100GB per day, this will trigger an alert for suspicious activity. Additionally, alerts are generated if ransomware notes, bitcoin addresses, or other suspicious content are detected.

File System Activity Analysis

This method scans file extensions, paths, and directories for known suspicious extensions based on over 4,000 indicators of compromise (IoCs). It can also detect zero-day attacks by identifying unusual file extensions that haven’t been seen before, even if they’re not listed in the XML file on the Veeam server.

Benefits of Veeam’s Malware Detection

  • Proactive Threat Detection: By integrating advanced malware detection techniques, Veeam ensures that potential threats are identified before they can impact your systems.
  • Enhanced Security Posture: The combination of inline scans and YARA rules provides a robust mechanism to secure backups, making it harder for cybercriminals to exploit your data.
  • Compliance and Reporting: Veeam’s detailed logging and reporting features help organizations comply with regulatory requirements and maintain a clear audit trail of security events.

Setting Up Inline Scanning for Cloud Workloads

To secure your cloud workloads with Veeam’s inline scanning, follow these steps:

Create a Protection Group

Enter the credentials for your AWS or Azure account/subscription and select the region of the machines you want to protect. Make sure you choose cloud machines as the protection group type, which involves using specific agents for cloud workloads.

Select Machines

You can select machines individually or use tags to cover all cloud workloads. For AWS, a role with specific permissions needs to be attached to each instance. Veeam can automatically create and assign these roles, simplifying the process for organizations with numerous workloads.

A role with the following permissions needs to be attached to each instance you want to protect in the case of AWS. Veeam automagically can create and assign those roles which makes life a lot easier for organizations with hundreds or thousands of workloads out there.

Enable Scanning Features

Enable both entropy and file system analysis in the global settings. Once the backup job is created, inline malware scanning will occur by default. Suspicious detections will be shown in the job properties, inventory menu, and syslog server if event forwarding is enabled.

Conclusion

As ransomware threats continue to advance, organizations must stay proactive in protecting their cloud workloads. Veeam’s inline scanning capabilities offer real-time threat detection, malware signature recognition, behavior analysis, and automatic remediation.

By incorporating Veeam into your data protection strategy, you can enhance the resilience of your cloud workloads, ensure business continuity, and safeguard your critical data assets. Don’t wait until it’s too late — implement proactive measures to defend your cloud environment today.

Find out more about how Veeam can help protect your multi-cloud workloads. 

NOTE:
Veeam supports AWS and Azure Windows IaaS workloads. Entropy analysis is applicable for volume-level backup mode, while file system analysis can be used for both image and volume-level backup modes.
Brad Linch
Brad Linch
Brad is the Director of Technical Strategy in the office of the CTO. Brad has over 10 years of experience helping customers recover their data from both disaster and cyber incidents. Prior to Veeam, he worked at EMC where he focused on emerging technologies. At Veeam Brad has worn several hats from enterprise systems engineer to managing systems engineers to now driving strategic product and go-to-market programs while evangelizing Veeam's Data Resilience vision to keep businesses running.
More about author
Previous post Next post
Table of Contents
Tags

Cloud

Hybrid Cloud Acceleration
Similar Blog Posts
Technical | August 9, 2024

Kubernetes Best Practices

Read more
Technical | August 2, 2024

Managed Kubernetes: Exploring AKS, EKS, and GKE

Read more
Business | July 31, 2024

Announcing Veeam Powered with Microsoft 365 Backup Storage

Read more
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.
OK