An attacker can not immediately delete or change backup files located on Hardened Repositories. But with more time the attacker can do some damage. So it is important to keep a regular eye on it. A efficient way is to monitor Hardened Repository with Veeam ONE v11a. In this version some enhancements have been added which we will now take a look at.
Monitoring immutability enabled
When Veeam hardened repository is setup correctly, immutability is enabled and a appropriate number of days is chosen. When an attacker has access to the backup server, he could try to disable immutability. After some time all backups would be free to delete or modify. Therefore it is important to keep it enabled.
In Veeam ONE v11a there is a new alarm for checking the state of immutability: Immutability state. Alarm is assigned by default to whole Backup Infrastructure. When Immutability state becomes disabled, alarm will trigger. Use this to be notified by mail.
Monitoring days of immutability
In the last section we saw how to monitor state of immutability. Which is great, but a hacker could do make life difficult for us just by reducing the number of days of immutability. The minimum is 7 by the way. Fortunately there is also an alarm for this in v11a: Immutability change tracking.
Alarm can be configured to be triggered by increase and/or decrease of days. When a warning is generated, the change can be directly seen there.
Monitoring backup encryption
Not just for hardened repositories, monitoring backup encryption is also very important. How to do this in Veeam ONE v11a, see my post here:
A modern data protection strategy should include immutable backup data. Because attacker are able to spend a lot of time before they strike, they will try to disable immutability in advance. It is therefore essential to recognize such attempts as soon as possible. The new alarms and improved reports of Veeam ONE v11a helps a lot here. Use them to increase availability of your backup data!
For more information see my full featured blog post here: