You can’t turn on the news without hearing about a new cybersecurity, malware, or ransomware attack. These attacks are growing more frequent and smarter, leaving a devastating amount of damage to companies’ profits and reputations. We no longer just talk about if an attack will happen but when and how bad. This is why Veeam is introducing advanced threat detection for ransomware and malware. In this blog, I’ll be focusing on the early ransomware detection service in Veeam Data Cloud, which aims to help organizations stop attacks sooner. At the time of this blog, the service supports Microsoft 365 workloads with more workloads to come!
Ransomware Threat Landscape
Ransomware is a booming market for cybercriminals with a multi-tiered profit scheme. First line threat actors try every way to gain access and pivot through to your business, gathering critical data like passwords, network configurations, software, and configure backdoors to package and sell to the dark web. Additional tactics are used to exfiltrate critical business data like patents and personal data which are held and used to extort a company for money. If that was not enough, cybercriminals will take control of your infrastructure and accounts to start deploying encryption algorithms rendering your data inaccessible until you pay a fee.
Luckily many of these kinds of attacks leave footprints in their wake, helping companies stop these intruders sooner and mitigating potential damage.
Why Scan Backups for Ransomware
Ransomware is an evolving technology that has gotten more sophisticated and harder to detect since its indoctrination into the criminal ecosystem. In early days we could detect things like signatures and file extensions but as intrusion detection systems caught up, ransomware evolved. In the modern software landscape, threat actors use things like algorithms and AI to evolve beyond traditional detection methods. This is where detection services for backups come in and offer an additional layer of security. With this feature you can gain in-depth analysis of your data as it changes without putting greater strain on your production workloads and processes.
Why Use Veeam Ransomware Detection Service
The Veeam Ransomware Detection Service has high accuracy when detecting the largest range of ransomware attacks on the market. This technology offers four key benefits:
- Personalized Threat Detection: Detection models are segmented per user and resource creating an individualized profile for behavior and anomaly detection.
- Privacy-Preserving Architecture: Data used to detect patterns like file count and entropy stay within the backup ecosystem and is never entered in Machine Learning Models.
- Comprehensive Coverage: The Veeam Ransomware Detection Service spans a wide range of ransomware strains for both extended and rapid attacks.
- Real-time unsupervised learning: This service adapts to Protected objects to determine and learn usage patterns as they evolve over time. These patterns act as a historical baseline which the models use to identify meaningful deviations.
This kind of detection system provides the most comprehensive solution to the most complex and hardest to detect strains of ransomware, extended attacks. Extended attacks fool key metrics in modern systems that rely on signatures and threshold change detection alone. The Veeam Ransomware Service has uses advanced algorithms beyond this to detect key entropy points.
How Does Veeam Ransomware Service Work?
Veeam Ransomware Service is backed by the Random Cut Forest algorithm; a machine learning algorithm that’s purpose-built for detecting outliers and anomalies from data. This model works by building an individualized baseline for each data set, then using advanced algorithms to detect outliers and anomalies that occur, making for the most accurate detection on the market. When building these baselines, the service scans every file, not just samples, leaving nothing to chance.
There are two main types of profiles this engine is optimized for to detect extended and fast attacks. In a fast attack you might experience a high volume of change in data which Veeam Ransomware Service can detect the early stages so you can lock down and mitigate the impact. An extended attack takes time entering an environment and can be very hard to lock down based on traditional methods like file count and change threshold. In this case, Veeam Ransomware Service is able to run deeper algorithm cuts on the backup data to detect these kinds of changes before they spread to the wider business. It’s worth noting that all ransomware details are captured in a threat center alongside malware alerts for a centralized view. To see more details about the model check out this whitepaper.
Bottom Line
The threats to data are evolving at an alarming rate, but having a multilayered dynamic approach to protection and detection is the best way to mitigate damage in these kinds of targeted attacks. Take steps to start protecting yourself better with the Veeam Ransomware Detection Service, the most robust ransomware detection on the market.
For more information on Veeam Data Cloud, please visit: https://www.veeam.com/products/veeam-data-cloud.html
