![\"veeam-v12-1-whats-new-pt-1-01\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-01.jpg\" "\\"veeam-v12-1-whats-new-pt-1-01\\"")
<\/p>\n<\/p>\n
Veeam announced the new upcoming Veeam<\/a> v12.1 version that provides several new amazing features and enhancements, mainly focused on security.<\/p>\n In this new version one of the most interesting new feature is perhaps the Inline Malware Detection<\/strong> that allows the administrators to ensure malware free<\/strong> backups during the execution of a Backup Job.<\/p>\n <\/p>\n Veeam v12.1 what's new - pt.1 <\/p>\n Veeam v12.1 provides several new features with particular attention to security concern.<\/p>\n <\/p>\n When an infrastructure suffers a malware intrusion, there are some scenarios that might occur<\/strong> by putting your data at risk:<\/p>\n To protect backups from possible malware infections, Veeam Backup and Replication v11<\/a> already introduced the Secure Restore in SureBackup<\/strong> to allow the administrators to scan backups against malware before performing the recovery.<\/p>\n With Veeam v12.1 is now possible to analyzes block-level data during backup<\/span><\/strong> leveraging the new Inline Malware Detection<\/span><\/strong> feature. You can enable this feature from the menu Settings > Malware Detection<\/strong>.<\/p>\n During the backup operation, Veeam collects metadata and statistics<\/strong> and data are cross-correlated<\/strong>.\u00a0Once the backup has been completed, malware metadata file is stored in the VBRcatalog<\/strong> and current and previous malware metadata<\/strong> are compared to identify possible unwanted changes.<\/span><\/p>\n Incremental backup size, <\/span>encryption (absolute size and percent), c<\/span>ompression, r<\/span>emoved data and n<\/span>ewly encrypted data are the values analyzed<\/strong> to identify if a backup is infected<\/strong>.<\/span><\/p>\n When the cross-correlation between current and historic values<\/strong> produces a h<\/span>igh score of combined values, the backup is marked as<\/strong><\/span>\u00a0<\/span><\/strong>suspicious<\/strong>.<\/span><\/p>\n <\/p>\n The Inline Malware Detection feature is also able to analyze text documents and find onion links<\/strong>\u00a0(generally composed by<\/span> 56 symbols: [2-7] and [a-z] + .onion<\/em>).<\/p>\n Onion links are links to websites on the dark web<\/strong> that use the .onion extension as top-level domain<\/strong> instead of\u00a0 traditional .com, .net, .gov and so forth. Onion sites use The Onion Router (Tor)<\/strong> software to encrypt their connections<\/strong> and to make the communication anonymous<\/strong>. Identifiers such as location, ownership and so on, are also hidden<\/strong>.<\/p>\n The Inline Malware Detection is supported for the following systems<\/strong>:<\/p>\n <\/p>\n To detect if previously unencrypted data become encrypted<\/strong> in processed disk images (typical indicator of a ransomware attack), the In-Guest Index detection<\/strong> can be used to find encrypted files and malware binaries. <\/span><\/p>\n To activate this new feature, go to <\/span>Settings > Malware Detection<\/strong> section and select the Enable inline entropy analysis<\/strong> and Enable file system activity analysis<\/strong> options from General<\/strong> tab.<\/p>\n To take benefit of this feature, you must enable the Enable guest file system indexing<\/strong> option in Guest Processing<\/strong> tab during the Backup Job configuration.<\/span><\/p>\n The In-Guest Index scan is supported for the following systems<\/strong>:<\/p>\n <\/p>\n For a deeper analysis to better detect possible malware infections<\/strong>, Veeam v12.1 leverages the YARA rules<\/a>, fully customizable patterns used to identify targeted attacks and security threats<\/strong>.<\/p>\n Downloaded or custom\u00a0YARA rules must be saved<\/strong>\u00a0to\u00a0C:\\Program Files\\Veeam\\Backup and Replication\\Backup\\YaraRules<\/em>\u00a0folder.<\/p>\n <\/p>\n Antivirus and YARA scan can be automated via SureBackup without using Virtual Labs<\/strong>. This capability allows to scan entire Backup Jobs or specific machines<\/strong>.<\/p>\n Enable the Scan backup content with the following YARA rule<\/strong> option and specify the YARA rule to use. To perform the backup scan operation, Veeam uses the Mount Server<\/strong>.<\/p>\n Also the classic SureBackup with Virtual Lab<\/strong> can be configured to scan the backup content with YARA rules or antivirus.<\/p>\n Backups can be scanned on-demand<\/strong> by right clicking a specific backup and selecting the Scan backup<\/strong> option.<\/p>\n Specify the Scan mode<\/strong> e Scan engine<\/strong> to use and click OK<\/strong>.<\/p>\n The alert for malware detection<\/strong> is triggered by the following operations:<\/p>\n To easily identify infected backups, suspicious backups are marked with a bug icon<\/strong>.<\/p>\n When a malware is detected, the warning can be viewed in History > Malware Detection<\/strong> or notified via email, Syslog, SNMP <\/strong>and Windows Event<\/strong>.<\/p>\n In case of false events<\/strong>, right click the backup and select Mark as clean<\/strong> to remove the alert associated to that VM in Inventory<\/strong>.<\/p>\n It is also possible to mark a backup as infected or clean<\/strong> by selecting the corrisponding option in Backups<\/strong>.<\/p>\n <\/p>\n To increase the security level<\/strong> in the Veeam infrastructure, Veeam v12.1 provides support for Key Management Servers (KMS). To configure the KMS Server, go to Settings > Credentials & Passwords<\/strong> and select Key Management Servers<\/strong> option.<\/p>\n Click Add<\/strong> and enter the KMS Server details then click OK<\/strong>.<\/p>\n This solution brings several advantages in terms of security:<\/p>\n During the Backup Job configuration, administrators can now encrypt Backup Jobs<\/strong> with a higher level of security leveraging the KMS capability by entering the KMS FQDN instead of the password<\/strong>.<\/p>\n Currently Veeam v12.1 KMS feature is unsupported<\/strong> for the following workloads:<\/p>\n <\/p>\n To prevent backups deletion<\/strong> (accidental or unauthorized), it is now available in Veeam v12.1 the capability of requiring a second authorization<\/strong> before being able to execute the operation.<\/p>\n From Settings > Users & Roles<\/strong> select Authorization<\/strong> tab and enable the Require additional approval for sensitive operations<\/strong> option and specify the reject period.<\/p>\n When the four-eyes authorization feature is enabled in Veeam v12.1, you need a second approval by a Backup Administrator<\/strong> to perform the following tasks:<\/p>\n When you try deleting a Backup for example, you need to create a deletion request<\/strong> that must be approved by another Backup Administrator.<\/p>\n The report for operations with second approval enabled can be found in Home<\/strong> (Pending approvals), Veeam History<\/strong>, Windows event logs<\/strong> or sent via email<\/strong>.<\/p>\n When using four-eyes authorization, keep in mind the following:<\/p>\n <\/p>\n In Veeam v12.1 is now possible to centralize all the events by sending Veeam logs to Syslog systems<\/strong> using the standard protocols UDP, TCP, TLS and port.<\/p>\n Syslog can be configured from Settings > General Options > SIEM Integration<\/strong>. Under Syslog servers<\/strong>, click Add<\/strong> and specify the Server<\/strong> to use then click OK<\/strong>.<\/p>\n <\/p>\n The Best Practice Analyzer introduced with version 12 has been renamed and now offers additional features<\/strong>.<\/p>\n To run Security & Compliance Analyzer, the operation can be scheduled<\/strong> by accessing the Schedule Settings<\/strong> window.<\/p>\n <\/p>\n Veeam v12.1 performs a check on passwords length<\/strong> (minimum 12 characters required<\/strong>) to avoid the use of passwords too shorts.<\/p>\n The system will analyze the password length only and not the complexity<\/strong> (in the example the password is 123456<\/em>)<\/p>\n Part 2<\/a> will continue exploring the new available features<\/strong> in Veeam Backup & Replication<\/a> v12.1, such as Immutability enhancements, Continuous Data Protection (CDP), SureBackup and many others.<\/p>\n Veeam announced the new upcoming Veeam v12.1 version that provides several new amazing features and enhancements, mainly focused on security. In this new version one of the most interesting new feature is perhaps the Inline Malware Detection that allows the administrators to ensure malware free backups during the execution of a Backup Job.<\/p>\n","protected":false},"author":3,"featured_media":59291,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[2138,933],"tags":[1888,2696,980,2748],"class_list":["post-59258","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backup-en","category-veeam-en","tag-kms","tag-malware","tag-surebackup-en","tag-yara","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/59258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=59258"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/59258\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/59291"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=59258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=59258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=59258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Blog Series<\/h2>\n
\nVeeam v12.1 what's new - pt.2<\/a><\/p>\nVeeam v12.1 what's new<\/h2>\n
Inline Malware Detection<\/h2>\n
\n
![\"veeam-v12-1-whats-new-pt-1-02\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-02.jpg\" "\\"veeam-v12-1-whats-new-pt-1-02\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-03\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-03.jpg\" "\\"veeam-v12-1-whats-new-pt-1-03\\"")
<\/p>\nOnion Links<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-04\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-04-600x452.jpg\" "\\"veeam-v12-1-whats-new-pt-1-04\\"")
<\/p>\n\n
File Index scan<\/span><\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-05\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-05.jpg\" "\\"veeam-v12-1-whats-new-pt-1-05\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-06\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-06-600x427.jpg\" "\\"veeam-v12-1-whats-new-pt-1-06\\"")
<\/p>\n\n
YARA rules<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-07\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-07-600x546.jpg\" "\\"veeam-v12-1-whats-new-pt-1-07\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-08\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-08-600x183.jpg\" "\\"veeam-v12-1-whats-new-pt-1-08\\"")
<\/p>\nAutomated malware and content scans<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-09\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-09-600x427.jpg\" "\\"veeam-v12-1-whats-new-pt-1-09\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-10\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-10-600x427.jpg\" "\\"veeam-v12-1-whats-new-pt-1-10\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-11\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-11-600x427.jpg\" "\\"veeam-v12-1-whats-new-pt-1-11\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-12\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-12.jpg\" "\\"veeam-v12-1-whats-new-pt-1-12\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-13\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-13-600x489.jpg\" "\\"veeam-v12-1-whats-new-pt-1-13\\"")
<\/p>\n\n
![\"veeam-v12-1-whats-new-pt-1-14\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-14-600x302.jpg\" "\\"veeam-v12-1-whats-new-pt-1-14\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-15\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-15-600x402.jpg\" "\\"veeam-v12-1-whats-new-pt-1-15\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-16\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-16-600x402.jpg\" "\\"veeam-v12-1-whats-new-pt-1-16\\"")
<\/p>\nKMS support<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-17\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-17.jpg\" "\\"veeam-v12-1-whats-new-pt-1-17\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-18\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-18-600x447.jpg\" "\\"veeam-v12-1-whats-new-pt-1-18\\"")
<\/p>\n\n
![\"veeam-v12-1-whats-new-pt-1-19\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-19.jpg\" "\\"veeam-v12-1-whats-new-pt-1-19\\"")
<\/p>\n\n
Four-eyes authorization<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-20\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-20.jpg\" "\\"veeam-v12-1-whats-new-pt-1-20\\"")
<\/p>\n\n
![\"veeam-v12-1-whats-new-pt-1-21\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-21-600x387.jpg\" "\\"veeam-v12-1-whats-new-pt-1-21\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-22\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-22-600x240.jpg\" "\\"veeam-v12-1-whats-new-pt-1-22\\"")
<\/p>\n\n
Integration with SIEM Systems<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-23\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-23.jpg\" "\\"veeam-v12-1-whats-new-pt-1-23\\"")
<\/p>\nSecurity & Compliance Analyzer<\/span><\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-24\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-24-600x371.jpg\" "\\"veeam-v12-1-whats-new-pt-1-24\\"")
<\/p>\n![\"veeam-v12-1-whats-new-pt-1-25\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-25-600x338.jpg\" "\\"veeam-v12-1-whats-new-pt-1-25\\"")
<\/p>\nWarning on short encryption passwords<\/h4>\n
![\"veeam-v12-1-whats-new-pt-1-26\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/11\/veeam-v12-1-whats-new-pt-1-26.jpg\" "\\"veeam-v12-1-whats-new-pt-1-26\\"")
<\/p>\n![\"signature\"](\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" "\\"signature\\"")
<\/p>\n","protected":false},"excerpt":{"rendered":"