Transcript
Hi, everyone. My name is Victoria with redmondmad.com, and I'd like to thank you all for joining us today. This topic of our webcast is navigating cyber challenges, enhance your security visibility with Veeam and CrowdStrike. Before we begin, I just want to cover a few housekeeping details. We will have a Q&A session towards the end of today's event, so if you have any questions throughout the presentation, please make sure to type those into the Q&A box, and we'll get them answered for you. Veeam has also provided some resources which do correspond with today's event, so take a moment to check those out. They are located to the right-hand side of your audience console. To note, today's webcast is also being recorded, so make sure you keep an eye out for a link in your email to rewatch the presentation or to share it with a colleague. And now I am so thrilled to introduce you to our speaker for today. We have the pleasure of hearing from Emily Cahill, CTO and Director of Product Strategy for Veeam Strategy and Community. So we're in for a really great event today, and with that, I will pass the time over to Emily to get us started. Perfect. Thank you so much. So, yes, welcome, everybody. Thank you for taking some time to join us today. I am particularly excited to be talking about this latest enhancement specifically because, you know, as we start to look at the current landscape when it comes to not just cybersecurity threats but the threat of ransomware and how can we get better when it comes to providing some deeper insights so that way your security teams can make better informed decisions around the data that could possibly be impacted, backup does take a special place within that entire incident response lifecycle. So excited to be talking about this latest integration provided by Veeam and CrowdStrike. So I believe we all know, right, cybersecurity, it's all about understanding, managing, and mitigating the risk of your critical data either being disclosed, altered, or denied. So a lot of what we're going to be discussing today might be more so reliant on the side of what we're seeing happen within that security space, specifically when we are talking about getting a lot of new data platform vendors that are going to be working more closely together to kind of bring a lot of this information to the forefront. So that way we're not trying to make decisions in silos, we can have our teams talking on a more reoccurring basis, so that way we can get our incident response playbooks all in place and at hand, right? So this is kind of one of the biggest pieces that we want to focus in on today, right, is how do we understand this specific problem and in order to understand it, how do we address it, right? So how do we address things like a data breach? How do we address if our data has been encrypted or altered? How do we address once data has been denied access, right, if it's being held for ransom? And then having a playbook for each one where we have all of our stakeholders involved in those decision-making processes, so that way we can come up with the best outcome possible. And obviously there's some challenges to this, right? So we know that there's rising threats, there's backup risk, there's an overwhelmed SOC just in general, right? A good example of this is a lot of this data is actually coming from our 2025 Risk to Resilience Report. Feel free if you want to check out more of that information, you can. It's available on our website. But these are just some high-level stats. So from the anomalous survey that we ran for the organizations that responded, 69% of them had been impacted by at least one ransomware attack that resulted in either encryption or data exfiltration. So 69% out of the 1,300 organizations that were surveyed. I think for the most of us, we all understand that ransomware and cyber threats, they're not going away, right? It's no longer an if-but-when type of situation, but essentially we're now diving down into how bad is this going to be? What type of outcome can our environments or that our stakeholders can expect to see from an incident that involves ransomware or that involves a data exfiltration? What are some of the outcomes that we need to be able to provide to our board levels or to our C-levels or to even our customers that we're servicing so that way they understand or that way we understand what could potentially be impacted? And how can we kind of funnel or champion a better way forward to make sure that we can limit that overall risk as well as limiting that overall impact to data that has been breached or encrypted? On top of that, 89% of organizations had their backup repositories targeted by the threat actor. That should come as no surprise, right? If their main goal is to get a payday, well, the first thing that they're going to go after is going to be your backup plan. So how are you going to be able to get business up and running and your minimum viable business particularly operational? And if it's going after the backups that they know for sure is going to help you to be able to decrease that risk, they're going to target that. So what are some things that we can do that we can put in place to ensure that that data, that our backup plan itself is going to be secure? It's going to be available for us when we need to recover, especially when we need it the most. Then, of course, 52% of organizations reported the need for major improvements to align IT ops and security teams. I can't agree more. There was a point in time when I used to work with security teams as well as IT operation and infrastructure teams, and the most work that I would do with a security team was a survey. Hey, fill out this vendor security questionnaire. Let us know what this product does and what are some of the risks that might be associated to it. And that was it. You'd be lucky if you had a specific phone call or conversation. Their job is to keep the business safe and to ensure that we identify any potential risks that could produce a very bad outcome. So how can we get these teams talking specifically together when it comes to overall incident response planning is the main goal. And then when we look at it from a, well, let's not just feed information when they're already overwhelmed with all these different types of alerts that are coming in. Because like we see, 11K is the average number of alerts that a SOC receives per day. So that's incredibly a large amount of numbers, right? So how do we make sure that we're preparing you for the right one versus the wrong one? So making sure that the alerts that could potentially show an impact of a breach or risk or anything that from a data perspective that could be, can be fallen to, victim to, that we're highlighting that in the best way possible to make sure that, you know, you're not just overcome or overburdened with so many different alerts falling into your systems. So when we look at it from SecOps teams today, right? Obviously we see incident information is difficult to compile. It's difficult to keep a record of. You receive a hundreds of phishing alerts a day, right? So network traffic, malware alerts, security cloud alerts. I mean, you name it. When you're funneling in so many different data aggregators and points, it can be tough to kind of correlate all of that information to, in order to create an effective response. If you have a small team and you're working on call 24 by seven, even on holidays, again, you know, making decisions when you are tired, when you are overworked, it can make it things very difficult for you to be able to find out what's going to be real versus what can be some false positives. And then, of course, making that communication strategy better, right? How do we communicate to end users? How do we make sure that, you know, when we are going through this communication process, it's not taking up so much of our team's time? Because time is valuable when it comes to any type of breach or incident. Tools, playbooks, they require a lot of brain power, a lot of clicks. I see, actually heard it pressed just from this following weekend, right? We want to have quick time to value. And so being able to have access to playbooks that have already been built for us where we can just funnel in certain information makes it easier versus us having to start from scratch. And, of course, I have no way of filtering through those duplicate alerts, right? The rare to get 11,000 of them, last thing I need is now 22,000 because they've all been duplicated. So, again, making that information more seamless. So a lot of this information, when we start thinking about it, is mostly around alignment. I mean, your technology is going to be key. There's going to be some wonderful things out there that we could do from a technology partnership side of things. But when we think about how we want to integrate, how we want to co-innovate together, a lot of it comes down to who are the people, what's your current process, right? And how can we help you all be better aligned so that way we're not just developing some type of product or some solution where now all of a sudden, you know, we're just being funneling through with alerts and you're giving yourself more work to have to go through and filter out this data versus actually having a process that's going to work for you. So ideally, with these integrations that we've done with CrowdStrike, it's more focused in on how do we help to align IT and security? How do we make sure that the information that's being provided can actually give you rapid and clean data recovery at scale? Because as we all know, ransomware or cyber threats, right, doesn't just impact one particular application or one particular data center. This can also spawn multiple reaching environments. So we want to be able to have playbooks. We want to have a unified response for everything that we're doing for all of our critical applications. And then how do we validate that process and how do we make sure that it's built for overall operational efficiency, ensuring that we get minimum viable business up and running, right? So if we haven't gone through a business impact analysis, maybe that will be something that is key that we want to focus in on. So that way we can understand what are going to be our core applications that are the most important to our business and how do we protect them? How do we build a process around the recovery of them? So that way we know if something were to go, were to happen, we can go ahead and we can recover and we can get up running as quickly and efficiently as possible. And then, of course, making everything from a strategic investment into those technologies that help with ransomware prevention and threat detection efforts. But then on top of that, right, these platforms co-integrate. They speak to each other because that's going to be important versus having multiple data sets logging in and writing to different parts within the platform. So how can Veeam help? So one of the things I always get asked is, well, you guys are just a data protection vendor, right? So why are we having this conversation around security? Do you now do threat detection as well or is Veeam now trying to get into the security game? Well, the main portion of this is, number one, Veeam, we look to power data resilience, right? We want to keep every business running regardless of the type of disaster. So if it's a cybersecurity event, if it's a natural disaster, if it's accidental deletion or malicious intent type of deletion, we want to make sure that every organization has a plan and a playbook in order to be able to respond to that incoming threat or to that incoming risk. So with that in mind, right, your backups, your data protection, that becomes a very, very high priority on top of the list for every customer and every key stakeholder within their environment to ensure that if something were to happen from a production side, you're able to recover effectively, efficiently with leveraging your data protection vendor at hand. So Veeam focuses in on the way that we do this through five key pillars. So number one is data backup, something that Veeam has been doing for quite some time, for about 18 plus years now, right, helping customers to be able to protect their workloads regardless of hypervisor or cloud platform in which they exist, and then giving them that opportunity to maintain the SLAs that have been set aside from the business, right. So if I have certain workloads that need to have continuous data replication and they can't be down for no less than a few minutes, right, how can we leverage things like CDP technology to ensure that we have a quick failover solution to be able to bring those operations back up and running as quick as possible? But then every backup is great, but doesn't matter if you can't recover. So we have to focus in on the data recovery aspect of it. And so that makes up our second key pillar. When we think about how do we want to recover this data? One of the biggest items that we always talk about at Veeam is there's over 100 different ways that you can recover from a single backup. So if we want to think about getting granular and recovering a single file item, or if we want to think about recovering at scale of multiple virtual machines, multiple applications, having a runbook process built around those, being able to test and validate it, know how long it takes services to come up and running and for applications to be able to speak to one another. That is where Veeam's recovery engine really, really starts to show, you know, it's true game changers inside of the ecosystem, because we want to focus in on giving you recovery for all of your applications and your workloads, but giving you that capability based off of what it is that you need to recover at that most needed basis. So if you're trying to do a SQL based recovery from a table schema level, being able to utilize just that. But if you're looking at doing maybe a migration strategy or we're having to now shift our workloads from on-prem to cloud, from cloud to, you know, some other type of hyperscaler, it's having that capability and being able to do that. and being able to have that flexibility overall of doing that entire ecosystem shift, which leads into data portability. So essentially not being locked in to one particular vendor from a platform side, but then also from a data protection side, right? When we invest so much time and so much focus into how we wanna actually respond to an incident, the last thing that you wanna have is some type of corporate type of level of ransomware, where now all of a sudden I can't recover to this new location due to licensing costs or hardware issues or hardware costs, whatever it may be. Being able to have that capability of quickly being able to pivot and recover to something like the cloud, whether that's in Microsoft Azure, AWS, Google, or even making the shift from a physical to virtual, you know, so having that overall data portability of moving those workloads, being able to recover at will, what you see fit based off of what you need at that time is something that we focused in on very, very specifically to help customers to be able to move and migrate at the time they need it the most. And then of course, data security. We're gonna spend a lot of time talking about data security today, because that is gonna be one thing that being focused in on from three different ways, from innovation to partnerships to even acquisitions. But data security is just ensuring that the data that we are protecting, what are some additional ways that we could feed into threat intelligence layers so that way we can understand what's happening to that data when it's being backed up in transit, when it's sitting at rest, and what are some key items that we can funnel into our SOC so that way we can make some informative decisions based off of the information being backed up. And then working through data intelligence. So having that information at hand and being able to utilize it in an easier way, right? So understanding how it is that we are creating our backup policies, how we are performing our restores, making it easier for users to be able to consume and test and validate their workloads themselves. So funneling in all of that information through their data intelligence side, through assistant chatbots that we have available within product, as well as more things coming within our AI roadmap is gonna be key for all customers. And so we look at this from a native API perspective, right? We can talk into different cloud platforms, virtual, physical. We also have applications that we work with with different enterprise plugins. And then we can also support items that are running within SaaS platforms. So M365 and Salesforce. And then finally, Cloud Vault. So the one thing that I do speak about to a lot of customers as well, how can I protect my data in that first initial step, specifically when we wanna protect against something like ransomware or a cyber threat, right? And one of those is having an immutable backup. So just starting with the basics of having immutability for your data. So that way, when we are writing your backups to that box, it can't be deleted, it can't be overwritten, it can't be changed for whatever time period you have set. So having immutability at that first level is gonna be key. And Veeam also offers an opportunity for users to leverage that through a storage as a service platform through Veeam Data Vault. And essentially with this vault itself, this can be immutable. It'll be encrypted from day one. So you can get your data offsite as a secondary option in the event of disaster strikes. So I just talked about a lot from the Veeam data platform. Obviously, these are gonna be a lot of the workloads that we can work with and that we can support from all different types of layers, right? But essentially what we wanna boil down to here is the fact that, depending on whatever platform you're utilizing, we have a data protection scenario that we can support. And then even looking on into the future, if those plans or if those strategies end up changing, just know that your data protection vendor, those policies and everything that you put in place can also go with it, which is very beneficial. It's one thing that I like to hone in on. You don't have to throw out your data protection strategy just because you shifted to another platform or to another vendor. We can go with you. So let's talk a little bit about that security pillar a little bit more. So I commonly refer to Veeam security pillar as the Veeam power of three. And what I mean by that is there's three different ways in which we have hyper-focused into how do we wanna bring security to both, not just our customers and to our partners, but also providing some new items within innovation, within products that are definitely gonna be seen as kind of out winning when it comes to the competition, right? So let's talk a little bit about the innovation side. So number one, Veeam's focused in on developing over eight different types of security scanning capabilities that we can be utilized both before, during and after backup. Now with these capabilities at hand, these also funnel into our threat intelligence feeds, but then this also can funnel into your SIM or SOAR tool that you have provided. So we're gonna talk a little bit about what those security scanning capabilities look like, and then how do we actually feed that information into your security vendor of choice? The next bit is partnerships. So obviously we didn't wanna just say, well, we're gonna go ahead and just scan for threats, and if we find anything, that's great, hands are wiped clean. No, that's not just it, right? We see this as a partnership. We see this as a way that you as a customer has already made a significant investment into a security vendor of your choosing, right? So how can we continue to work with these security vendors and do co-development apps and have those be available within their own marketplace specifically, like we're talking about the one today, which is CrowdStrike. And being able to leverage the tool that your security team has already put in place and just being able to funnel in the information that we find within the data protection platform to be available within those as alerts. And then finally, the last bit in here is co-ware. So Veeam is the only data protection vendor with an in-house incident response firm. So we acquired co-ware in 2024. They specialize in helping organizations get prepared for that big day that could possibly happen to them, right? So how can we make sure that we're being proactive, that we go through things like incident response tabletops, that we ensure we have the right communication policies in place, that we have the key stakeholders involved, we know what decisions we wanna make around ransomware payments, as well as how do we handle negotiations. So they have a huge database with all this information that they're able to help customers be proactive when it comes to these types of situations. So now let's move on to our threat detection capabilities. So let's talk about this from three different ways. Again, like I mentioned, there's the before, there's during, and there's after. So with before backup, we're gonna have a few different items in here that Veeam is able to lean on to. So the first one is co-ware recon. So this is technology that we actually have co-developed. So this came over from our acquisition with the co-ware team, co-ware recon scanner. What it does is it helps organizations that had been impacted by ransomware be able to do some forensic investigation. So understanding the logs, understanding the data that was possibly impacted, that was changed, but then also understanding the types of movements that that actors make once they do breach an environment, right? So they're able to map this information and these actions back to the MITRE ATT&CK framework, but then they're also able to map it back to co-wares own ransomware response index. So it's a, like I mentioned, a large database that's just filled with all those actionable outcomes that usually happen from different threat actors. So all of this information is funneled into this database and they're able to see this from a historical viewpoint and understand, okay, how do threat actors move within an environment? The one thing that I will say is that we rebranded this to be a little bit more proactive in the environment. So understanding when brute force attacks may happen on the backup servers, right? Because like we know, based off of that first stat right in the beginning, 89% of the time threat actors are gonna go after the backup. So how can we be a little bit more proactive in this and essentially give you more information back based off of people that might try to go after those systems themselves and alert you to that pre-alert before something would ever happen to that data, data set itself. So a lot of that information goes into the covert recon scanner, that proactive assessment, but then on top of that, when we look at it from mapping and historical viewpoint, when we look at our traditional EDR tools, they're gonna be looking at items that are happening in real time. But if we extend this and look at it for a length of time, we can actually understand what movements they're making. If they are deploying maybe certain tools or maybe making certain movements within the environments that we know could be seen as potentially malicious and alert to that information passer. Observability AI insights, this again is just looking at anomalies in the production environment before backup. So how do we identify unusual VM patterns? Again, leaning into some of the brute force attacks that could be happening on ESXi or vCenter when people are trying to log in to those machines or to those services at different odd hours of the time and suspicious SSH activity. We also have a security and compliance analyzer. It's a built-in tool that ensures that your server is following all the best practices around Microsoft and Linux operating systems. And then on top of that, we have a Veeam incident API. This allows you third-party security tools to integrate with Veeam. Essentially, if they find something potentially malicious inside of restore points or even that's happening at the production level, they can go ahead and send a trigger to Veeam to say create an out-of-band backup, right? We see encryption happening in production. Create an out-of-band backup so that way we could try to save as much data as possible from that encrypted workload. Now let's move on to during a backup. So during a backup process, when we actually go to create the snapshot or to start the process of backing up that data, how can we bring in some of this additional threat detection capabilities and bring it close to a response quicker? So AI ransomware detection, scanning data blocks for randomness, looking for encrypted data, onion links and ransom notes. I mean, that's gonna happen when the backups are taking place, which is really key, right? We're not taking any of this data and processing it post-backup. We're not taking any of this data and sending it off to our own threat intelligence feeds that lives in the cloud or anything like that. No, this is all happening in-house locally on your servers and on your systems that are running. And this data is more of a machine learning technology. So we start thinking about what we have as known as a good copy of data when we first initially take that backup. Now it's looking at it from the secondary options. So what has happened, what's changed in those data blocks from that first good copy to that next one and vice versa. And then we're feeding that information in based off of what we know internally as being known as onion links or ransom notes or entropy analysis that's happening on those machines. So that AI ransomware detection is gonna be crucial. It's gonna be key for detecting anything during that process. I mentioned immutable backups earlier, right? Making sure we have an immutable backup so that way we can recover from cyber attacks. This can be leveraging things like being hard and repository, being vault storage, any other third party immutability. I always like to keep this here on the slide because again, I like to remind customers you have to leverage immutable. This is table stakes at this point, right? Having an immutable backup is key. Indicators are compromised. So how do we expand the hunt for IOC attacks, right? So how do we stop those attacks from happening by looking at known tools that we know that hackers might utilize? So we're seeing these from their own internal toolkits that they're utilizing to do data exfiltration attempts. How do we understand that maybe the toolkits that we already use for a corporate technology side of things aren't being used for bad intentions, right? FileZilla, TeamViewer, et cetera. Maybe these might be tools that we use day-to-day in our regular operations and they might be approved. They might be, I will say not looked for from our EDR tools because we've approved them internally. But how do we know when these tools might be used to commit a bad intention, right? So TeamViewer, not a bad tool, but now if all of a sudden we're seeing it deployed on a few machines, whether it be file servers or Active Directory, et cetera, then maybe we wanna start, you know, be having some good indicators or some alerts that are going to notify us that we're seeing some unusual malicious behavior being utilized with these tools. So we're able to look for that and see that happening because we have a historical viewpoint, like I mentioned, of the backup beforehand. And now all of a sudden, when we backed it up the second time, we're seeing these tools that now exist and maybe they shouldn't be existing on those machines, specifically if we're looking at very sensitive data that could be held on those machines themselves. And then File System Activity Analysis, this is just using signature-based analysis for scanning the database for known malware extensions. So that way we could flag any potential threats. So again, doing this directly inside of the file system So again, doing this directly inside TeamViewer. itself is another option for us to be able to detect very quickly if we see any threats. And then finally, post-backup and recovery, so signature-based malware scanning. So this is something that Veeam has been offering now for quite some time, where any of our customers could go ahead and bring their own antivirus detection solution with them. And essentially, this will allow them to, during a recovery or during a secure restore that we call it, they could go ahead and they could scan those data blocks or that backup itself with the signature detection of that antivirus solution of their choosing. So this is something Veeam's been offering now for quite some time, for a few different years now. But we want to make sure that that's still a capability offered for our customers when they're restoring at scale. But we added on two additional pieces to that. So the next piece is Yara. So being able to leverage Yara rules to identify patterns that are found in malware. So this is where you have the opportunity to work with your security teams if you have been impacted from a specific group or a specific threat, right, or antivirus group. We can create Yara rules to go ahead and start searching for those specific malware extensions or those files or those tools that we know that they're going to utilize. And look for that inside of the data or inside of the backups themselves before we recover to a clean environment. Threat Hunter is our level or our version of the signature-based malware scan. So this is an improved experience that you see from both speed as well as expanded protection. So this is Veeam's own in-house. We go ahead and we have a database that's filled with millions of malware threats. We leverage this database to go ahead and scan these backups. And again, it's another signature-based scan. It's going to give us information based off of what we see in real time from our threat database that's been updated and it's going to be very low impact. So you have an opportunity here to not just leverage Threat Hunter for scanning those first initial backups themselves, but then also tagging on and checking a box to also do an additional level of scanning with your own AV provider choice. So this is going to give you some additional levels of scanning those backups post-process to be able to perform a recovery and ensure that that data is going to be clean and free from any known malicious extensions. And then of course, orchestrating this all together. So obviously being able to do this at scale is key, right? We don't have to run through this one by one. And that's something that we never had to do for quite some time. So we can create orchestrated restore and we could create a recovery plan that consists of all these applications that we need to be able to recover. And from those, we can actually test and validate that our recovery plan process is going to work. But then on top of that, we can also leverage the YARA rules as well as the AV scans to scan those information, scan those applications at scale. So that way we can ensure that when we're doing a large scale recovery, all of those items are going to be scanned and validated and ready for a recovery process. So how all of these scanning capabilities are moving in the ecosystem. So you have your Veeam sources here, you have your data that's been written into the backups. We also have something called Veeam One, which is our monitoring and analytics platform that helps us to understand anything that's happening before the backup takes place. So what's happening within our vSphere environment or our Hyper-V environment. And we're funneling in all those events into your SIEM tool of choice. So this could be specifically through Syslog. So we're gonna be funneling that all through Syslog. And then for those that we are actually building a specific custom app with or that we have co-innovation features like with CrowdStrike, this can all be funneled in through the CrowdStrike Marketplace app that we'll talk a little bit about in the next few slides. But all of this information is collected, it's funneled through and then this provides the security teams the information that they need to do a better investigation and response based off of the events that we see. And just as an example, so let's say for example, that IOC tool scanner that we talked about. So this is a very nice way for the security analysts to understand what it is that Veeam is doing in the backend. So how are we detecting the appearance of early indicators of compromise during a backup job run? What types of items are we gonna be listing here from activity, the event ID and name that'll come through, how do we map this to MITRE? And then also how do we give a response? So this is actually all available through the Veeam Community Hub. So if you wanna see the more in-depth list, it is kept there. But this will give you some good ideas for how do you wanna create a response based off of one of these events that has been flagged. So with that, we have this complete visibility to detect and respond to data security threats both with CrowdStrike and Veeam, right? So we can look back at some of those common outcomes that we're seeing as being some challenges for security teams and for IT ops teams. But with Veeam now working through all of these different types of threat scanning capabilities and being able to bring this information to the forefront to your security teams, we're looking at having that more unified approach, right? So how can we make sure that both IT and security are able to talk to one another about particular threats or issues that they may be facing? How do we centralize all of the security-related activity that maybe Veeam has into your platform of choice, specifically CrowdStrike? And then how do we speed up that incident response investigation, reducing the meantime to response and recover? And then when we look at automation and AI-powered insight, how do we make sure that you're not just gonna be completely overwhelmed with a lot of alert fatigue? And then overall, making it easy, right? This is one of the big things that I like to focus in on. The ease of installation is bar none. The Veeam apps are available within the marketplace, and there's also pre-configured dashboards for you as well. So we're gonna talk a little bit about that. So we'll be able to send all that event data from the Veeam data platform to CrowdStrike, Falcon, LogScale, and from there we'll be able to identify any threats and also generate proactive alerts. This is gonna also give you some visualization aids. So we're gonna go through this in a quick demo, and I'll show you some of the security events that we could see, but essentially this is also gonna help us be able to act based off of different insights within the backup environment. The integration right now includes two pre-built security and monitoring dashboards that I'll show you, and then there's over 110 scheduled searches that allow for proactive alerting. But that's not it. There is also an opportunity here for us to create a data connector for CrowdStrike. So with the data connector, you can also go through and you can build your own dashboards and leverage events for data analytics around CrowdStrike's NextGen SIEM. This allows you to work with over 300 plus individual data platform events. So there's a lot of different events in there that Veeam can funnel in based off of information that we're seeing both before the backups, but then also during and after. So being able to have all of that data be funneled in underneath this data parser is very key. So let's go ahead and let's cover what some of these items look like. So here we are inside of the marketplace. So essentially what I could do here is I could just quickly search for Veeam, and you could see, I could see the Veeam data platform app that's available here. Mine's already installed and up to the latest version. If I were to scroll down, I could see this entire readme for all of the information that's needed around this new marketplace application that's available to us, what's included in it, what dashboards do we have, as well as some additional options for use cases and the log formats, additional support, and then what are some of our field mapping. So just some good useful information here for the package itself. Now, if I go to my dashboards, I'll go ahead and show you the two dashboards we have available here. So first one we're gonna jump into is the Veeam data platform monitoring dashboard. So again, this is gonna just give me a quick high-level overview of everything that's happening within my data protection environment. So what backup jobs, replication jobs do I have currently running? Do we have any that have failed recently? Do we have ones that are successful? What are ones that maybe we need to retry? So again, your data protection is gonna be a key point in your incident response playbooks, right? The last thing you wanna do is going into an incident and now all of a sudden our data protection plans are no longer available or we're missing key SLAs because we had some failures or we had some issues on the backend, right? So how can we bring that information to the forefront to make sure that our incident response playbooks are able to respond effectively to whatever is occurring? So I can see this based off of weekly reports. There's also an item in here called share backup. This essentially allows us to test our backups and validate that they are ready for recovery if we needed them. I don't have any share backup jobs running right now, which is why this is blank. But if I did, we would see some items in here. I can see my VM backup jobs and I can even change this right from the last 30 days. Maybe if I wanted to go ahead and drop this down to let's say the last year, I could see some more in-depth information from here as well. And then we could also see other items in here like file copy, copy jobs, agent jobs, anything that happened from a quick migration. And then what's happening underneath are unstructured data, application and services. And then also other information around the jobs that have currently finished as well as our configuration backup for our machine or server itself. So again, high level review of just data platform monitoring itself, not essentially anything around security related events. Now, if I wanna dive into the Veeam security related events, that's where I can go into this dashboard. So here we have a breakdown based off of what's available within the Veeam data platform and those events that are actually funneling into CrowdStrike. So we have our Veeam backup and replication security events. We also have our Veeam one security events. Again, this is all for the last day, but if we wanted to go down and say, let's go ahead and see the last seven days, for example, I could do that here, right? I can kind of go ahead and parse out that information to be able to bring a lot more information to our teams if we wanna look at it from not just real time, but then also what's happening or what's happened from a historical viewpoint. You can see in here, the security events by name. So malware detection that happened within a session itself, objects for jobs that are rotated, if we had jobs that were deleted, if we see suspicious incremental backup size, unusual job duration, possible ransomware activity, this just highlighting some information that could happen on the data store itself. So if we start seeing high level of CPU and IOPS that are happening on that machine in real time and production, how can we bring that information to the forefront to go do some additional investigations? Any items that were marked as infected, if we have any changes where we have maybe some sensitive related events that are happening where somebody wants to delete a backup or make changes to the system itself and it needs to be approved by a secondary admin, we could see that happening in here for the four eyes authorization events. And then again, diving down into it from a historical viewpoint of what's happening, what type of activity are we seeing, what can be seen as high critical or something that we need to dive into from a further state. And then if we keep scrolling down, we get that full list of the security activities and full list of V1 activities. And if we wanna dive into these any further, we definitely can. So if I wanted to come in and let's just say, for example, let's take a look at some of this malware detection side of things. I can just go ahead and click on it, hit drill to detail. We could go ahead and see that list of that event, what's being pulled up here. I could go ahead and investigate this further. If we wanted to dive into this any further, I could go ahead and export this out to a file so that way our security teams can look into this information at a more specific side, right? If we wanted to go through a more in detailed investigation. So we kind of see what that data source looks like, how many occurrences it's had on this, and then what detail that we see in here from the event side that it's reporting. So a lot of great information in here that we can kind of funnel in based off of information that we're seeing happened from the data protection side. So with that, let's go ahead and jump back into our PowerPoint. So like I mentioned, over 300 plus events that can be sent. Some of those meme events that I already highlighted or went over in the demo, we could look at just the backup jobs, share backup jobs, file copy, more from a security related events, right? Looking at items that are happening within the data protection side, but then also what's happening underneath that monitoring and analytics side. Then anything that gets marked as infected or suspicious, and that's happening from the beam data platform after we go through whatever scanning process we do, we are going to want to mark those suspicious events and those will actually populate within the actual dashboard itself. How the integration works. And how. Essentially, everything is going to be funneled in via syslog, and again, your CrowdStrike, your users can leverage any of those predefined dashboards, so you could schedule searches for visibility into different Beam events, and then the security teams will be able to detect and respond proactively to those threats within the Beam environment. Last but not least, we have some availability for the Beam app for CrowdStrike, so we made this announcement during our large conference that kicked off in April, but obviously, this is now available for you to download and test out yourself. The Beam app for CrowdStrike, as well as the Beam Data Connector for CrowdStrike are both available. They're free to download off the CrowdStrike Marketplace, in which I showed earlier in the demo, and the apps are available to Beam Data Platform advanced and premium users, so you just need to be on version 12.1 or later, and you should be able to download and import those in now. With that, I want to thank you all for joining today. We're going to go ahead and switch over to some potential questions that we have in the QA side. Thank you, Emily. Great presentation, great demo. Always good to see the overview. We do have time for some questions. We did get a few that came in. This first one that you received reads, I already get alerts from my Beam backup and replication on these events. What does this do for me over and above that? Yeah, no, absolutely. I think with this particular integration itself is the fact that it's just feeding into the CrowdStrike piece. The one thing that I will mention is that generally speaking, when we first came out with our event monitoring piece, it all was around syslog. Just forwarding events however we see fit without really action or outcome that we can put around it. With this integration, what it's going to be, it's going to be very purposeful. Not only can we funnel in that information in those event IDs, but then also being able to bring some visibility aspect around it. Having that overall dashboard to be able to see that information pull in real-time. Then as the years go on, there's going to continue to be innovation between both Beam and CrowdStrike. We'll start to see more and more come to play with both products being able to do a lot more with those events and those alerts coming forward. Perfect. The next question that we received, we read, if the attackers get that feed to where they have infiltrated my backup, isn't the damage already done? You would think that 100 percent of the damage is already done, but we also need to think about it from an option of when we're thinking about recovery, and how can we help not the speed of recovery, but the integrity of the recovery. How can we ensure that once we start to go through a process recovery, even from a historical standpoint, that we have an opportunity to save as much data as possible? Not having to restore an entire machine itself, but maybe just diving in and restoring individual files or volumes or specific disks that are central to that machine to help us with the rebuild process. The benefit here is that not only are we going to be able to identify what potential machines or what potential backups might have been impacted, but also helping to view out or build out a timeline that's going to help us to ensure that we're recovering data the most effective way possible. The biggest benefit here is that now we're no longer going in there with unknowns. We don't have any fog or any type of issue where we just, we don't know if our data, if our backups are going to be clean, or if they're going to be viable. Now, we have a better source of truth where we can lean into, and we can work with our security teams to identify what our response strategy looks like, and then from there, being able to build out a better recovery policy for our operations to be able to utilize. Perfect. It looks like we have time for one final question. This one reads, how is the CrowdStrike app licensed for Veeam? No, absolutely. I have it listed up here. The one thing I will mention is that with Veeam, we license everything through our Veeam universal license. Essentially, that's able to protect items no matter what type of workload it is, if it's NAS, if it's virtual, if it's physical, etc. That's all through the Veeam universal license. The only caveat that we have is that you have to be running the advanced or premium edition that will unlock these capabilities. Our foundation level, unfortunately, does not give you access to this Veeam app for CrowdStrike. I will say, please check to verify that you're on the right version of the product. Then on top of that, when we start looking at the version itself of 12.1 to 12.3. Essentially, making sure that you're on at least 12.1, because this is where all of those new events came into play with the ability to do start forwarding over via syslog, etc. You need to be on version 12.1 or later in order for the Marketplace app to be able to work with the Veeam backup and replication software as well as Veeam One, which is all part of the Veeam data platform. Those will be just the only caveats there. Other than that, you should be able to go to the CrowdStrike Marketplace and be able to download the app from there. Perfect. Well, it looks like that is all the questions we have time for. Thank you so much, Emily, for being with us today and of course, thank you to the audience for attending today's webcast. A special thank you to Veeam for sponsoring today's events presented by Redmond Mag. We hope you all have a wonderful rest of your day.
