Veeam Inline Entropy Analysis is a feature used to detect ransomware attacks. This feature analyzes the entropy of the data stream during backup. Files encrypted by ransomware typically increase in entropy. By detecting this increase, Veeam Inline Entropy Analysis can stop a ransomware attack before it happens.
Benefits:
- Rapid Detection: Ransomware attacks typically occur very quickly. Veeam Inline Entropy Analysis can prevent data loss and system outages by detecting these attacks before they happen.
- Improved Accuracy: Traditional ransomware detection methods can cause false alarms. Veeam Inline Entropy Analysis aims to minimize the number of false alarms using entropy analysis.
How does it work:
Veeam Inline Entropy Analysis analyzes the entropy of the data stream during backup. Files encrypted by ransomware typically increase in entropy. By detecting this increase, Veeam Inline Entropy Analysis can stop a ransomware attack before it happens.
What types of VMs (or systems) can be scanned with Veeam Intropy Analysis?
- VMware VMs, including VMware Cloud Director VMs
- Hyper-V VMs
- Machines with Veeam Agent for Microsoft Windows running in managed mode on your Veeam server
- Machines backed up to tape devices
Veeam Inline Entropy Analysis can be used in a variety of use cases, including:
- Backup of physical and virtual servers
- Backup of applications and databases
- Backup of Microsoft Office 365 and SharePoint
Scanning Process:
Veeam Inline Entropy Analysis scans the data stream during backup. The scanning process occurs in the background and does not significantly impact backup performance.
Veeam Inline Entropy Analysis has an architecture consisting of the following components:
- Data Stream Analyzer: Analyzes the entropy of the data stream.
- Threshold Controller: Triggers an alarm when entropy exceeds the threshold value.
- Quarantine Manager: Quarantines suspicious files.
Veeam Inline Entropy Analysis can detect various types of viruses and ransomware, including:
- CryptoLocker
- TeslaCrypt
- WannaCry
- Petya
- Ryuk
Veeam Inline Entropy Analysis has the following limitations:
- It only scans during backup.
- It does not scan compressed files.
You can follow the steps below to activate it:
It should be entered in the Malware Detection > General field via the Veeam interface.
Then, as seen in the image below, the Enable inline entropy analysis option is activated.
(Note: If you have a low-risk environment, you can use the Normal or Extreme option. If you use a high level of encryption, you can use the Low option.)
