Security Innovations at Veeam

Veeam has delivered true security capabilities in the platform, both to protect the Veeam installation itself and to identify threats in the data they are safeguarding. Veeam has been developing security features and enhancements for its platform, starting with instant virtual machine recovery and extending into proactive threat hunting. Key innovations include the Veeam Data Platform 12.1, which introduced a threat center, AI-based inline malware detection, and proactive threat hunting capabilities. The acquisition of Coveware further strengthened Veeam’s incident response capabilities, providing expertise in ransomware negotiation and proactive incident planning.

Veeam’s security innovations focus on both protecting the Veeam environment and identifying threats within the protected data. Threat Hunter provides signature-based scans of backups, while AI-based inline detection scans data streams for anomalies. Indicators of Compromise (IOC) analysis identifies known attacker toolkits, and suspicious file activity analysis examines unusual file behavior. Veeam also offers security and compliance analyzers to ensure best practices in data protection and infrastructure security, including MFA and four-eyes authorization. These features aim to provide a multi-layered approach to security, addressing threats both during and after the backup process.

To facilitate incident response, Veeam offers an Incident API, enabling bi-directional communication between security tools and the Veeam platform. This allows for automated actions, such as creating out-of-band backups when a security tool detects an active attack. Veeam’s Threat Center provides a high-level overview of the security status of the data protection environment, while the Data Platform Scorecard assesses overall resilience and adherence to best practices. Veeam also integrates with security ecosystems, allowing customers to leverage their existing security investments. This comprehensive approach aims to minimize data loss and accelerate recovery in the event of a security incident.