Organizations invest in backup to ensure they can recover when the unexpected happens. But today’s attackers understand that recovery is often the greatest obstacle to a successful attack. Rather than focusing solely on production systems, attackers increasingly target backup infrastructure itself: Attempting to delete backups, disable services, and compromise recovery points before launching an attack.
That shift is changing how organizations think about cyber resilience. Defending data is critical, but so is protecting the infrastructure and processes that make recovery possible. Organizations need confidence that backup data is always available, recovery points can be trusted, and recovery can proceed quickly when every minute matters.
That’s why Veeam and Arms Cyber continue to expand our partnership. Earlier this year, Arms Cyber integrated with the Veeam Incident API to flag restore points that may contain dormant ransomware, helping customers avoid restoring infected data during recovery.
Now we’re building on that foundation with new capabilities designed to help further protect Veeam backup environments from unauthorized access, tampering, and attacks that target recovery infrastructure.
Why Backup Infrastructure Became the Target
When detection-and-response tooling improved at the endpoint, attackers adapted.
Rather than focusing solely on production systems, they now increasingly target the recovery layer: An organization that can’t recover is one that’s far more likely to experience prolonged downtime and disruption. The tactics are consistent. Attackers attempt to delete or encrypt backups before launching an attack. They tamper with or stop backup services to disable protection quietly. And they then lean on living-off-the-land techniques and process injection, abusing legitimate, trusted tooling, so their activity blends into normal operations.
Each of these tactics target the same thing: An organization’s ability to recover quickly and confidently.This shift is a reminder that cyber resilience requires more than creating backups. Organizations must also protect the infrastructure, services, and recovery assets they depend on when incidents occur.
From Identifying Risk to Protecting Recovery Infrastructure
As noted earlier, Veeam and Arms Cyber have integrated through the Veeam Incident API to help organizations identify restore points that may contain dormant ransomware. So when a ransomware event is detected on a protected workload, potentially compromised restore points can be automatically flagged, helping administrators identify clean recovery options and reduce the risk of restoring infected data.
The latest enhancements build on that foundation. While the initial integration focused on helping organizations flag restore points associated with a compromised endpoint, the new capabilities are designed to help backup infrastructure itself. By adding safeguards around backup data, services, and operations, organizations can further strengthen cyber resilience and reduce the risk of attacks targeting the recovery layer.
New Capabilities Built for Veeam Environments
Available now to joint Veeam and Arms Cyber customers, these new capabilities will help organizations further strengthen backup infrastructure against unauthorized access, tampering, and attacks targeting recovery operations:
Stealth protection with restricted process access: Sensitive backup data and system resources can be concealed inside Arms Cyber stealth directories, providing an additional layer of protection against unauthorized access. By reducing visibility into critical backup resources, organizations can further limit opportunities for encryption and exfiltration attempts.
Parent/child process validation: Arms Cyber validates parent/child process relationships in real time, so only trusted execution paths can interact with protected Veeam components. Living-off-the-land attacks and process-injection techniques that try to hijack legitimate tooling are blocked at the source.
Anti-tamper protection for Veeam Services: Veeam services are protected from unauthorized modification, stoppage, or manipulation. Service integrity holds even under an active attack, preserving the operational reliability backup administrators need.
Immutable shield [rotection: Deletion commands against protected Windows Backup Repositories are restricted for a defined window of 24 hours or more, providing an additional safeguard against accidental deletion, malicious insiders, and attackers attempting to disrupt recovery operations.
Two Layers, One Outcome
Cyber resilience goes beyond backup and restore. It also requires keeping the backup environment secure and online, ensuring restore points are clean and reliable, and enabling recovery to run smoothly when an incident hits.
Together, Veeam and Arms Cyber help address both sides of that challenge. Arms Cyber provides additional layers of protection designed to help secure backup infrastructure from unauthorized access and tampering, while Veeam helps organizations recover quickly and confidently with trusted recovery capabilities.
As attackers increasingly target recovery infrastructure, cyber resilience now depends on protecting not only backup data, but also the systems and controls that make recovery possible.
“Attackers continue to target backup infrastructure in an effort to disrupt recovery operations,” says Frank Strobel, Senior Director of Technology Aliances at Veeam. “Our expanded work with Arms Cyber helps organizations add layers of protection around backup infrastructure by helping secure critical services, validating trusted execution paths, and strengthening defenses against unauthorized access and tampering. Together, Veeam and Arms Cyber help organizations build a more resilient foundation for recovery.”
Contact Arms Cyber and Veeam to learn how these capabilities can be enabled in your environment.
The post How Veeam and Arms Cyber Help Protect Recovery Infrastructure from Modern Cyberattacks appeared first on Veeam Software Official Blog.
from Veeam Software Official Blog https://ift.tt/GIBH3uU
Share this content:
