I recently had the opportunity to delve into the VEEAM Backup Service and discovered some features that can help protect organizations from ransomware attacks. Unfortunately, these features are not enabled by default.

If you already use VEEAM, you can benefit from these features without any additional cost. So, configure these features for a quick win.

Encryption Detection in VEEAM

One particularly interesting feature is VEEAM’s encryption estimation (entropy) analysis. This functionality uses entropy to estimate whether data has been encrypted, potentially signaling a ransomware attack. This can help identify threats. In the menu, they claim to use AI/ML. I have no idea how sophisticated it is, so further research is needed. If anyone has more information, please let me know.

Veeam Encryption Detection Feature

VEEAM’s Out-of-Band Backups

Another cool feature I discovered was the ability to trigger out-of-band backups when ransomware is detected. You can enable this and configure your third-party EDR system to trigger backups as soon as malware/ransomware is detected.

By default, this option is disabled as well.

Veeam Incident API Feature

Recommendation

Both mentioned features don’t cost you a dime. So simply put: Make use of it if possible!

  1. Enable VEEAM’s Encryption Detection

    • This feature helps detect potential ransomware by analyzing data entropy. Ensure your team knows how to configure and monitor it effectively.

  2. Set Up Out-of-Band Backups

    • Integrate this with your Endpoint Detection and Response (EDR) system to trigger backups at the first sign of ransomware. Regularly test these backups for integrity.

  3. Comprehensive Ransomware Defense

    • A backup solution should not be your only defense. Implement a multi-layered approach, including regular software updates, employee training, advanced threat detection, and network segmentation.

  4. Incident Response Plan

    • Develop and update a plan for ransomware attacks, detailing steps for immediate action, communication, and recovery.

Backups shouldn’t be the only line of defense, but they are often the last. Using VEEAM’s encryption detection and out-of-band backups can significantly improve your defenses when combined with a broader security strategy.