Follow on Twitter using the following hashtags or usernames: #RSAC2026
Watch on YouTube
Watch on Vimeo
In this presentation, Rick Vanover reintroduces Veeam as a global leader that has evolved far beyond its origins in virtual backup. Now clearing over $2 billion in revenue with a workforce of 6,000 employees, the company has secured the top market share spot and expanded its reach into diverse environments ranging from Antarctica to submarines. While still recognized for its foundational backup capabilities, Veeam now stands as the most deployed solution for Microsoft 365 and off-the-shelf Kubernetes backup software, reflecting a strategic shift to meet the modern demands of primary and secondary data management.
The core of the presentation focuses on a new strategic framework designed to address the convergence of compliance, security, and data resilience. Vanover outlines a journey through four key pillars: understanding data, securing data, ensuring resilience, and unleashing data potential. This evolution is driven by the necessity of protecting precious data from sophisticated modern threats, moving past traditional “fire and flood” disasters to combat the complexities of ransomware and the risks inherent in the rapid adoption of agentic AI. To manage this landscape, Veeam is integrating Data Security Posture Management (DSPM) with traditional recovery, utilizing the power of AI to provide the necessary scale and oversight.
During a candid discussion with delegates, the presenters emphasized that digital transformation has fundamentally changed the stakes for global CIOs, who must now balance innovation velocity with high-level security. The “Veeam of today” is presented not just as a recovery tool, but as a comprehensive resilience partner that provides technical proof points for an AI-driven world. By addressing the risks of oversharing and automated data workflows, Veeam aims to maintain its reputation for reliable backup while expanding its toolkit to ensure that organizational data remains safe, compliant, and ready to be leveraged for future growth.
Personnel: Rick Vanover
Watch on YouTube
Watch on Vimeo
In this session, Field CTOs Michael Cade and Emily Tellez dive into the practical application of Veeam’s four-pillar strategy, focusing heavily on the Understand phase. Central to this approach is the recent acquisition of a Data Security Posture Management (DSPM) solution, now integrated as the Data Command Center. This tool acts as a “social network of data,” utilizing a connector framework of over 350 integrations to inventory data systems across platforms like Microsoft 365, Kubernetes, and various cloud environments. By building a comprehensive map of data lineage and access, Veeam helps organizations identify sensitive information, uncover “God mode” privileges, and conduct ROT analysis to eliminate redundant, obsolete, and trivial data, thereby reducing the attack surface and storage costs.
Beyond visibility, the presentation highlights how this intelligence informs smarter backup and recovery workflows. The speakers emphasize that understanding data is the prerequisite for securing it, particularly in the face of agentic AI risks where data might be overshared or mismanaged by automated models. Veeam’s orchestration capabilities, which have evolved since 2018, allow for dynamic documentation and automated readiness checks to ensure compliance with Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). This ensures that disaster recovery plans are not just static documents but living, tested processes that can transition workloads, such as moving VMware backups to Hyper-V or Azure, at scale while maintaining a clear audit trail for cyber insurance and regulatory requirements like GDPR.
The discussion concludes with a focus on clean recovery, addressing the critical need to prevent the re-infection of environments during restoration. Veeam integrates multiple layers of defense, including inline scanning for anomalies, indicator of compromise (IOC) detection, and the use of YARA rules or antivirus signatures. This process can occur at rest, during backup, or before restoration into isolated sandbox environments for forensic testing. By partnering with an ecosystem of over 60 security providers, such as CrowdStrike, Veeam ensures that if a threat is detected in production, the backup system is immediately informed. This holistic approach transforms backup from a black box into a proactive security asset that validates data integrity and operational resilience in a post-AI world.
Personnel: Emilee Tellez, Michael Cade
Watch on YouTube
Watch on Vimeo
In this presentation, Michael Cade and Emilee Tellez explain how Veeam has expanded its focus from traditional backup to comprehensive Data Security Posture Management (DSPM). By treating an organization’s data ecosystem like a “social network of data,” Veeam’s Data Command Center provides visibility into data lineage, sovereignty, and access rights across structured and unstructured systems. The speakers use a garage analogy to describe how enterprises tend to accumulate vast amounts of unmanaged data, and they highlight how Veeam helps identify ROT (Redundant, Obsolete, and Trivial) data. This not only reduces storage costs but significantly mitigates risk by shrinking the attack surface, ensuring that “God mode” privileges and exposed S3 buckets are flagged before they can be exploited.
The integration between primary data insights and secondary backup data allows Veeam to offer a more sophisticated secure pillar. Emilee Tellez details how the platform now incorporates inline malware detection, YARA rule processing, and file system activity analysis to identify symptoms of encryption or anomalous behavior. This creates a feedback loop with a broad ecosystem of over 60 security partners, including Microsoft Sentinel, Palo Alto Networks, and CrowdStrike. For example, if a storage array from Pure Storage detects an anomaly, it can trigger an API call to Veeam to automatically flag specific backups as infected, preventing them from being used in a restoration and ensuring that security analysts have a correlated view of the threat across the entire infrastructure.
A major theme of the discussion is the shift from simple recovery speed to recovery confidence. The presenters argue that in a cyber-incident scenario, recovering too quickly can lead to re-infection; instead, Veeam advocates for a staged, clean recovery process. This is supported by automated readiness checks and isolated “Data Labs” where users can perform dry runs of their disaster recovery (DR) plans. These tests validate everything from RPO/RTO compliance to the specific boot order of complex applications, such as ensuring a SQL database is online before its dependent application servers. By mapping these technical events to the MITRE ATT&CK framework, Veeam provides security teams with actionable intelligence and automated playbooks, transforming backup data from a passive insurance policy into a proactive component of the security operations center (SOC).
Personnel: Emilee Tellez, Michael Cade
Watch on YouTube
Watch on Vimeo
Rick Vanover and Emilee Tellez focus on the core of the Veeam portfolio: Resilience. The presenters track the evolution of data protection through three distinct generations of disasters, starting with Operational Resilience (fire, flood, and hardware failure), moving into Cyber Resilience (ransomware and targeted encryption), and arriving at the emerging frontier of AI Resilience. This new phase addresses risks such as over-privileged AI agents and non-human identities that can cause massive data deletion or corruption at hyperspeed. To combat these threats, Veeam introduced Agent Commander, an integration of their recent security acquisitions designed to discover AI agents, monitor their permissions via the Data Command Graph, and provide a surgical undo button for AI-driven mistakes.
The presentation highlights how Veeam has pivoted toward “Left of the Boom” preparedness, specifically through its acquisition of Coveware. This integration provides deep forensic visibility into threat actor TTPs (Tactics, Techniques, and Procedures), allowing Veeam to offer proactive scanning before, during, and after a backup. Emilee Tellez details a comprehensive defensive grid that includes an Incident API for EDR tool integration, Recon Scanners to identify brute-force attempts in production, and Veeam Threat Hunter, a proprietary signature-based detection engine. Furthermore, Veeam addresses the exfiltration trend in modern ransomware by emphasizing Data Sovereignty and immutable storage, claiming that no customer utilizing their 70+ immutable storage options and encryption has been unable to recover from an attack.
To dispel the myth that its software is only for small businesses or bound to Windows, Veeam showcases its enterprise-grade Veeam Software Appliance. Now running on a hardened Rocky Linux distribution, the appliance comes pre-packaged with the DISA STIG security profile at no extra cost, which is a significant benefit for government and high-security sectors. The segment features a demonstration of the appliance’s Day 2 operations, highlighting mandatory, automated updates that cover everything from the operating system to the backup application itself. By combining this hardened infrastructure with Data Labs for testing and a portability engine that facilitates massive migrations between hypervisors like VMware and Hyper-V, Veeam positions itself as the most comprehensive end-to-end resilience platform in the 2026 market.
Personnel: Emilee Tellez, Rick Vanover
Watch on YouTube
Watch on Vimeo
Michael Cade and Emilee Tellez introduce the Unleash pillar, which focuses on empowering administrators to leverage backup data for AI-driven insights and advanced operational use cases. Veeam addresses the common challenge of garbage in, garbage out by providing a framework to ensure data hygiene before it is used to train models or fuel AI agents. The centerpiece of this initiative is Veeam Intelligence, an evolved natural language chatbot that moves beyond simple documentation scraping to interact directly with a customer’s specific backup environment. This allows users to generate complex reports, such as identifying failed jobs or malicious activity, through simple conversational queries, effectively transforming backup data from a dormant insurance policy into an active business asset.
The presentation features a live demonstration of the Model Context Protocol (MCP), a standard that Veeam is utilizing to bridge the gap between disparate IT management tools. By integrating Veeam Intelligence with other MCP-compatible servers, such as ServiceNow, administrators can automate entire workflows, from detecting an anomaly and generating an HTML executive report to opening a prioritized incident ticket, all within a single AI interface like Claude Desktop. While these capabilities are currently in technical preview, Veeam emphasizes that they are built with strict role-based access controls (RBAC) and data privacy guardrails, ensuring that only metadata leaves the customer’s site and that immutable backups remain protected from unauthorized modifications by AI agents.
Looking toward the future of enterprise AI, Veeam is positioning itself to manage “agentic” risks by providing visibility into the “social network” of AI agents across the infrastructure. This includes dynamically discovering agents in platforms like AWS Bedrock and Microsoft Copilot to map their access to sensitive data and implementing LLM firewalls to prevent data leakage. In response to delegate concerns about agents making misinformed decisions, the speakers explain that Veeam is developing specialized internal agents, such as a Backup Admin Agent, to provide contextual guardrails and enforce secondary human approval for critical changes. By allowing customers to “bring their own model” (BYOM) or use integrated options, Veeam aims to provide a flexible, secure foundation for the next era of data-driven innovation.
Personnel: Michael Cade
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
