Ransomware Detection, Response and Recovery With Veeam and Cisco SecureX

What’s Veeam Been up to Since Joining Cisco SecureX’s Partner Program?

The Veeam product management Alliances team completed a project to create a model solution with Cisco SecureX. This solution is based on ransomware use cases and enhances SecureX’s ransomware detection and response capabilities with Veeam’s ransomware detection and backup validation capabilities.

What Is Cisco SecureX?

Cloud-native SecureX unifies visibility from Cisco and other security products in a customer’s infrastructure. SecureX Threat Response feature is not a traditional monitoring/alerting-oriented tool. Rather, it gives users the ability to take Cisco-generated and third-party threat data and leverage it across a customer’s infrastructure to investigate potential anomalies. SecureX Threat Response manages threat intelligence and security context data from across a customer’s security infrastructure in a single location. SecureX Orchestration enables the automation of routine tasks by using prebuilt workflows that align with common use cases to maximize operational efficiency and get the most from your security investments.

Why Did Veeam Build a Model Solution With Cisco SecureX?

When looking at the big picture of Cisco security and Veeam hybrid cloud data management products, you see security products that perform ransomware prevention, detection and response, as well as data management products that perform critical recovery capabilities. When you narrow your focus, you’ll also see that Veeam hybrid cloud data management products have ransomware detection capabilities provided by Veeam ONE. You’ll also see that, in addition to providing instant and granular recovery capabilities, Veeam Backup & Replication can validate recent backups to prove they are recoverable and free from ransomware infection.

The Veeam ONE ransomware detection capability that’s showcased in this model solution analyzes current and previous backup sizes to look for suspicious changes in backup size. For instance, if the incremental backup size more than doubled, that could be an indicator that a ransomware encryption event has occurred.

In this model solution, Veeam ONE extends Cisco SecureX Threat Response event-gathering capabilities to include Veeam ONE alerting like these and display them to the security administrator in SecureX’s UI (see Figure 1).


Figure 1.

From here, the security administrator can review the observable incidents and open an investigation. In this case we have Veeam ONE-monitored hosts with Threat Response (See Figure 2).


Figure 2.

In this example, one of the investigation’s observed incident sightings is judged to be suspicious by the Veeam SecureX relay interface (See Figure 3). 


Figure 3.

Data from this judgment shows that the incremental backup size has increased beyond the configured Veeam ONE alarm threshold (See Figure 4).


Figure 4.

With the information from this judgment, the security administrator can initiate a workflow via SecureX Orchestration to have Veeam Backup & Replication run a job (called a SureBackup job) to validate that the most recent backup is recoverable. This SureBackup job can optionally include a Secure Restore scan as well, so you can scan the machines in this backup to ensure that there are no active or sleeper malware infections before recovering back to production (see Figure 5).


Figure 5.

Depending on the results of the Veeam SureBackup job with a Secure Restore scan, there may be no action required by the security administrator, or this may be the initiator of a ransomware response and recovery effort. If it is the latter, both the Veeam Ransomware SWAT team and the Cisco incident response teams will provide emergency services to help customers respond to and recover from the ransomware attack.

This model solution demonstrates the value of connecting the ransomware detection and recovery capabilities of Veeam Data Platform with Cisco SecureX. In today’s environment of increasing threats like ransomware, it is more important than ever to ensure that IT security staff have visibility into the software infrastructures like Veeam, in addition to traditional security products. 

According to the 2023 Data Protection Trends Report commissioned by Veeam, 85% of the organizations surveyed had at least one ransomware attack in the last 12 months, with 66% having two or more. The scourge of ransomware will only lessen once it becomes unprofitable for ransomware criminals. This project demonstrates the value of connecting the detection and recovery capabilities of Veeam Data Platform with the detection and response capabilities of Cisco SecureX.

If you are not an existing customer of Cisco SecureX or Veeam Data Platform, consider test driving these products in your IT environment. Follow these links for a free trial of Cisco SecureX or a free trial of Veeam Data Platform. For existing customers, please consider this solution in your own IT environment. 



Veeam Data Platform 23H2 Update
Free trial
Veeam Data Platform
23H2 Update
We Keep Your Business Running

Similar Blog Posts
Business | July 4, 2024
Business | June 13, 2024
Business | May 28, 2024
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.