kras99 -

Veeam ransomware protection highlighted in Kasten, detection

Veeam unveiled security updates to its Kubernetes backup product at VeeamON. In addition, IDrive released an object storage appliance for users of Veeam and other backup vendors.

Veeam product updates announced at its VeeamON user conference Tuesday were heavy on ransomware protection and detection, a years-long trend in technology that continues as attacks remain prevalent.

Eighty-five percent of 4,200 business and IT leaders surveyed in Veeam's 2023 Data Protection Trends report said their organization has had at least one ransomware attack in the last year.

"A majority of businesses are looking for higher reliability and to improve recoverability," Veeam CEO Anand Eswaran said at VeeamON.

Veeam ransomware protection launching soon includes updates to its Kasten K10 product for Kubernetes backup and restore as well as inline malware detection.

Veeam's direction is largely in cyber resilience, said Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group.

"We used to talk about RPO and RTO in general terms, but I do think there is now more of a cyber RPO and RTO," Bertrand said.

Kasten K10 provides map for management

K10 version 6.0, expected to become generally available by the end of June, improves suspicious activity detection and provides immutable backup, according to Kasten by Veeam. The new version logs all events natively into Kubernetes auditing. Threat detection services can then analyze the logs for suspicious activity.

Application fingerprinting automatically maps new stateful applications for data consistency.

Veeam CTO Danny AllanDanny Allan

"Applications in a Kubernetes environment are very complex," Veeam CTO Danny Allan said during Tuesday's keynote. "You can have structured data, unstructured data, message queues. You can have object storage. Fingerprinting and understanding where the persistent data is going, how that is architected, is a key part."

Capabilities such as application blueprinting help with large Kubernetes data protection deployments, said Krista Macomber, an analyst at The Futurum Group.

"Open-source and DIY approaches to data protection might be sufficient if you have a small handful of clusters, but they quickly get cumbersome at scale," Macomber said. "This potentially means time and chance for error that IT operations can ill afford."

Most organizations either have deployed containers in production or will adopt them, but data protection in those environments still lags, according to Bertrand.

Mapping helps users to understand all the components in those deployments.

"You can't really manage something you can't map out or measure," Bertrand said.

What's next for Veeam

While Veeam offers post-process ransomware detection, which provides a scan of existing backups, the forthcoming inline detection happens during the backup process. As a result, the detection can reveal an attack faster and tag unsafe restore points. AI and machine learning help detect data encryption, according to Veeam.

"Doing it inline gives you the benefit of reducing the CPU and I/O cycles," Allan said. "And it's doing it on every incremental pass."

The dual-pronged strategy is important if an organization wants to better detect ransomware that is already in progress, according to Macomber.

"These tools will still need to be used in conjunction with real-time threat detection tools for a truly comprehensive approach," Macomber said.

The inline detection of Veeam ransomware protection is a good next step for the product, said Johnny Yu, research manager at IDC.

"It just makes sense -- tagging them as they're coming in rather than [scanning] the repository of data at rest," Yu said.

Backup of object storage is another major focus for Veeam, chief product officer Anton Gostev said.

"We've invested a lot in the past years in backing up to object storage," Gostev said. "What about protecting object storage itself?"

We used to talk about RPO and RTO in general terms, but I do think there is now more of a cyber RPO and RTO.
Christophe BertrandAnalyst, Enterprise Strategy Group

More customers are choosing object storage on premises or in the cloud for storing their unstructured data, which needs backup.

"It doesn't matter what you're storing and where," Bertrand said. "If it's mission critical, you've got to back it up."

Users can back up data from object storage to Veeam backup repositories or directly to tape. Restorations could include entire buckets, individual objects and specific object versions.

Backup of object storage has been in tech preview since April.

Both the ransomware detection and backup of object storage are expected in Veeam Backup and Replication version 12a, due out in late 2023.

Looking further ahead, Bertrand said he expects Veeam to add more protection for SaaS applications. Veeam currently offers Backup for Microsoft 365 and Backup for Salesforce.

"There are more mission critical SaaS applications out there that people are not protecting," Bertrand said. "But I know they're looking at it very closely."

IDrive releases hardware for backup storage

Veeam customers will also have another destination for their backup storage, as IDrive launched its S3-compatible e2 object storage appliance on Tuesday at VeeamON.

The appliance is geared toward Veeam users and any customers that want a place to manage their S3 storage.

Following the release last year of IDrive's e2 cloud object storage service with S3 compatibility, customers requested an appliance, according to Raghavendra Meeniga, vice president of technologies at IDrive.

Photo of IDrive e2 object storage appliance
The IDrive e2 object storage appliance is S3-compatible.

The latest version of Veeam's flagship Backup and Replication software version 12, which lets users write any backup directly to object storage, was another force for appliance requests.

"Instead of giving their data to AWS S3, they can start using the appliance and use their own endpoint for their backups," Meeniga said.

Immutability protects against accidental and malicious deletion of data. Instead of the commonly used RAID 6, IDrive uses erasure coding for durability and to protect against data loss if drives fail, Meeniga said.

The IDrive e2 appliance is available in capacities of 48, 96, 144 and 176 TB. Once the device is plugged in, users can manage it remotely, Meeniga said.

IDrive did not provide specific pricing information, but Meeniga said there is a one-time payment for the device, and the first year of support is free. Starting with the second year, there is a fee for support and software.

Competition includes Object First's recently launched Ootbi appliance for Veeam backup storage as well as Scality and DataCore, Meeniga said.

IDrive seeks to improve performance on the e2 appliance. "We are doing a lot of optimizations to make backups faster," Meeniga said. "That is our main goal right now."

Paul Crocetti is an executive editor at TechTarget. Since 2015, he has worked on TechTarget's Storage, Backup and Disaster Recovery sites.

Dig Deeper on Data backup security

Disaster Recovery