Walking a Tightrope with Veeam’s Legacy Protection for Microsoft 365? Druva’s SaaS is Your Fast Recovery Safety Net
According to a 2024 Sophos report, 94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Ransomware attacks are increasingly targeting backups, but a fast and easy recovery minimizes downtime and gets you back to business quickly. Recovering clean data quickly after a ransomware attack is problematic and challenging for most organizations. The difficulties multiply if you’re using a legacy data protection vendor like Veeam.
Here, we’ll explain how two key features of Druva’s ransomware recovery capabilities make your recovery process seamless and stress-free — alerting you of potential attacks and accelerating your recovery process after an attack, and how they directly compare to Veeam’s recovery capabilities. Let’s dive in.
Shortfalls of a legacy data protection platform protecting Microsoft 365 data
Scenario: Let's go through the steps that you would have taken to ensure your NAS or File server is protected and secure:
Who has access to each of the shared drives?
Is the file server backed up?
Do we have AV installed?
What do we do for users who keep the files on their main computer?
How do we control versions?
These are all still true today, even for your 365 environments. However, the added freedom and advancements of Microsoft 365 have their weaknesses too. It can be the common: “I don’t need backup, Microsoft protects me…” scenario. Or: “It’s not on-premises so it doesn’t fall under the purview of my team…” scenario.
When looking at a zero-day threat that’s been ingested into your Microsoft 365 environment, Microsoft has several stages around recovery.
For example, a simple vulnerability can consist of the following recovery steps:
Backup Validation — Validate if your backup is good as the backup is created before you restore.
Recovery Identifying — Identify a safe point-in-time backup image that you know is not infected.
Data Checks — To prevent future attacks, scan backups for ransomware or malware before restoring.
Traditional backup platforms like Veeam simply can’t meet several of the industry standard requirements for data restoration. Legacy solutions only back up what is available. They can't find the difference between normal user-initiated data deletion and data deleted by ransomware.
When recovering from a ransomware attack, legacy platforms can’t help you identify the last clean version of a file. They put the onus on you to hunt for the cleanest version and manually restore.
Let's understand how Druva helps your protection model and delivers ransomware recovery when you need it. Regardless if you’re looking at Mitre or Killchain, a key requirement is to know what's been affected and how you can recover.
Druva has multiple capabilities to help you protect and recover your business data, but we’re going to focus on two key features:
Unusual Data Activity — Suspicious data anomaly/modification detection on resources that are being backed up by Druva.
Curated recovery — Looks back at several backup snapshots to find the last clean version of the data without having to manually find, select, and recover from multiple backup points.
Unusual Data Activity (UDA)
Talking about backups, we know that most backup solutions will back up what’s available. But, what about analyzing the data that’s within that backup? With legacy data protection solutions, they just back up the file and keep adding any new and incremental changes to that file.
The problem is that, today, it’s not enough to back up what’s available and end the process there. With threats becoming more advanced and sophisticated, we have to go beyond the check box and dive deeper. We need to know what has changed when compared to the last backup. Has the data trend changed or has anything substantial and unexpected been removed?
With Druva’s data anomaly detection, also referred to as Unusual Data Activity (UDA), we actively monitor the ingested data to alert you when something unexpected has happened to your data. There are several possibilities, including:
Large change rates
Deleted items
Encryption
Here’s a snapshot of Druva’s UDA in action: