These are some of the areas that Veeam has really taken its approach to the ongoing problems surrounding ransomware and malicious activity very seriously in v11. This allows customers to secure SSH with interactive multi-factor authentication (MFA) or even disable the SSH server completely to protect their repository from future zero-day vulnerabilities. As a result, SSH connectivity is required only at the initial deployment time and when installing product updates. All former SSH protocol usage has been encapsulated into the expanded transport protocol. Lastly, Veeam changed the dependency on SSH Protocol. This eliminates any possibility for hackers to extract these credentials from a compromised backup server and use them to connect to the repository. It is important to note that they are never stored in the configuration databases. The single-use credentials, required for the hardened Linux repository, are interactively supplied by the user at the initial deployment time and also when installing product updates.
#Veeam backup & replication software
Storcom can now deploy our purpose-built open systems backup appliances using Veeam software and provide these protection capabilities using a server vendor’s hardware to maximize the value for our clients.Īnother feature of the hardened Linux repository is the addition of single-use credentials. Veeam left the choice open, so customers would have options. Veeam did not want to lock in its customers by selling an appliance to provide ransomware protection for primary backups (e.g. Now we can protect the primary 7, 14, or 30-day type of on-prem retention from malicious activity and ransomware. Hardened repository uses a Linux file system features and another layer of protection by locking storage blocks written to the primary backup solution. Storcom supports this today with our object storage tier for off-site backup. Veeam introduced ransomware protection for backup data sent to an S3-compatible capacity tier in Backup and Replication version 10 via support for S3 Object Lock. The immutability flag is only removed from the backup file when the local timestamp on the repository server exceeds both values. A second timestamp remains as originally set, due to being a part of the immutable file already. The first is extended automatically as dependent incremental restore points are added into the backup chain but can also be increased (but never reduced) manually for legal hold purposes using PowerShell. It is stored first in the special configuration file and secondly in the extended attribute of each backup file. Veeam works together with the Linux kernel to make sure that the flag is set to the appropriate retention period that you’ve set on your backup jobs.įor redundancy, the immutability expiration timestamp is stored twice. Storcom is really excited about the ransomware protection that Veeam will get from Linux and the native Linux immutable flag as a way of being able to protect your backup files. Veeam focused a lot of resources on adding onto what it had already built in version 10 to protect against ransomware. Hardened Linux repository is another great feature in v11. Veeam also added the ability to protect your secondary and tertiary copies data safe from being altered. With that said, Veeam version 11 has done a great job of adding some new features that really focus on data immutability. Backup technologies like Veeam can be targeted. However, we also need to be realistic and accept that even the best technologies can be thwarted and data breaches can occur. Storcom certainly does not discount the capabilities that security vendors like Arctic Wolf, CrowdStrike or Carbon Black bring to the table. There is no substitute for putting in the right technology at the endpoint or on your network to stop malicious activity where it begins. We are all trying to find better ways to protect our organizations’ most valuable assets: our data. Everyone in IT knows that ransomware and malware are at the forefront of security concerns. As Storcom’s CTO, I want to talk about what’s new in Veeam Version 11 (v11) and what I think the main updates are and WHY they are useful.Īt the top of everyone’s list is that Veeam’s version 11 contains more ransomware protection features than ever before. There are already many articles that simply list the new features. There are a ton of new features and updates with Veeam version 11, over 200 to be exact. Storcom’s Assessment of Veeam Backup & Replication Version 11 (v11)
0 kommentar(er)
