Veeam revealed the new features that will be available with the next release of VBR v12.1. With these new releases, Veeam further extends the feature set available in these products with a focus on Security & Compliance general improvements. Here’s blog post about Key Management System Support.
Next release of Veeam Backup & Replication v12.1 (currently version 12) will provide the following new features and enhancements. Security features list:
-
Security & Compliance: Malware detection
- Security & Compliance Dashboard
- Inline detection (encryption & ransom notes)
- In-guest detection via guest-index
- YARA rules support
- Automated scans via SureBackup
- On-Demand scans
- Malware events & false positives
- Incident API
- How to test features above
-
Security & Compliance: General
- Key management systems support (KMIP)
- Four Eyes approval
- SIEM integration (syslog support)
- Security & Compliance analyzer
- Removed “Files” Tab For Non-Admin Users
- Warning on short encryption passwords
-
Security & Compliance: Immutability News
- Dell Data Domain Retention Lock support
- HPE StoreOnce Catalyst Copy immutability
- Object Lock Governance Mode
- Immutable configuration backup on object storage
- Consistent immutability in SOBR
- Hardened Repository: Time step detection
Key Management System Support:
KMS allows increased security with regular password changes and centralized password management via KMIP protocol VBR <-> key management server.
Supported:
-
— Backup & Backup Copy job
— NAS backup
— Log backup
— Managed by Server agents
— Repository encryption settings (RHV, AHV, Kasten) + external repositories
— Cloud Connect
— Capacity Tier
— Tapes
UNsupported:
-
— Managed by Agent policies
— Standalone agents
— Backup jobs of Veeam Backup for AHV, RHV, Azure, AWS & Google (everything that is a “plugin” product). Please note that repository encryption for AHV & RHV is supported!
— Configuration backup
The problem with Encryption Passwords:
The solution for Encryption Passwords:
Key management server:
A Key Management Server (KMS) is a centralized system or software component that is used to manage and distribute encryption keys in a secure manner. KMS plays a crucial role in ensuring the security and integrity of data in various cryptographic systems, particularly in the context of secure communication and data protection. KMS is commonly used in various applications, including data encryption (to protect sensitive information at rest). It plays a critical role in ensuring the confidentiality and integrity of data in many modern systems and applications.
Strongly recommended:
Add Key Management Server:
1) Server certificate: public root CA certificate to validate KMS server,
2) Client certificate: combined private key + public certificate (this one, including private key, is created by the KMIP server and is provided by the KMIP admin).
Configure Encryption In Job / Repository:
Veeam v12.1 Malware Detection and YARA: Blog Post
Wasabi Object Storage new features: Blog Post
VUG Fr Day in Monaco Recap
Detection & Response to Ransomware with Veeam: Blog Post
Offline versus Immutable Backups: Blog Post
Cuba ransomware and Veeam CVE-2023-27532: Blog Post
Akira ransomware infection routine: Blog Post
2023 Ransomware Trends Report
Play ransomware infection routine: Blog Post
New Veeam v12 Platform Overview: Blog Post
Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] VeeamUser Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post