The IT-Security Alignment Challenge
The webinar opens by addressing a critical gap in enterprise security: the disconnect between IT operations and security teams. Emily Cahill, CTO and Director of Product Strategy at Veeam, presents data from the 2025 Risk to Resilience Report showing that 69% of surveyed organizations experienced ransomware attacks resulting in encryption or data exfiltration, with 89% having their backup repositories specifically targeted. The fundamental problem is that security teams receive an average of 11,000 alerts daily, making it difficult to identify genuine threats, while backup infrastructure—critical for recovery—often operates in a silo without adequate security visibility. The session emphasizes that modern ransomware attacks specifically target backup systems because eliminating recovery options maximizes the attacker's leverage for ransom payment.
Veeam's Data Resilience Framework
Veeam positions itself not as a traditional backup vendor but as a data resilience platform built on five pillars: data backup, data recovery, data portability, data security, and data intelligence. The presentation details how Veeam has evolved beyond basic backup and restore to incorporate security-focused capabilities including AI-powered ransomware detection that scans data blocks during backup operations, indicators of compromise (IOC) detection that identifies known hacker toolkits, and file system activity analysis for malware extensions. Post-backup security includes signature-based malware scanning with bring-your-own-antivirus integration, YARA rule support for pattern-based threat detection, and Veeam's proprietary Threat Hunter engine. These capabilities operate locally on customer infrastructure rather than sending data to external cloud services, addressing data sovereignty and privacy concerns while providing real-time threat detection during backup operations.
CrowdStrike Integration Architecture
The core of the webinar focuses on the newly available Veeam app for CrowdStrike, which integrates Veeam's backup and security events into CrowdStrike's security operations platform via syslog. The integration forwards over 300 event types from Veeam Data Platform and Veeam One monitoring into CrowdStrike's LogScale for centralized visibility, correlation, and analysis. The demonstration shows how security teams can access pre-built dashboards displaying backup job status, malware detection events, suspicious activity alerts, and infrastructure health metrics within the CrowdStrike interface. This eliminates the need for security analysts to context-switch between platforms and enables them to incorporate backup infrastructure security into their broader threat hunting and incident response workflows. The integration supports scheduled searches, custom alerting, and drill-down investigation capabilities, allowing security teams to identify patterns such as unusual backup failures that might indicate an active attack.
Implementation and Availability
The Veeam app for CrowdStrike and the Veeam Data Connector are available for free download from the CrowdStrike Marketplace. Organizations must be running Veeam Data Platform version 12.1 or later with Advanced or Premium licensing to access the integration capabilities. The Foundation edition does not support this functionality. The webinar emphasizes that this integration represents the beginning of ongoing co-innovation between Veeam and CrowdStrike, with additional capabilities planned for future releases. The session concludes with practical guidance on deployment requirements and a Q&A addressing common concerns about alert fatigue, the value of post-compromise detection for recovery planning, and licensing considerations for organizations evaluating the integration.
