Skip to main content

Organizations our facing evolving cyber threats must adopt advanced solutions to protect their data. Veeam has introduced the Recon Scanner within the Veeam Data Platform to strengthen threat detection and prevention capabilities.

Powered by an extensive database of cyber incidents, the Recon Scanner is designed to proactively identify potential cyberattacks before they can affect an organization. Developed by Coveware by Veeam, this tool enables businesses to assess threats more dynamically, allowing them to respond to suspicious behaviors and security breaches with greater precision and speed.

Unveiling the Recon Scanner for Veeam Data Platform

We’re excited to announce the integration of the Coveware by Veeam Recon Scanner into the Veeam Data Platform, enhancing our data resilience capabilities with advanced cybersecurity protection. Developed by Coveware, a leader in cyber-extortion incident response, the Recon Scanner adds a powerful layer of defense, drawing on years of experience in ransomware assessment, negotiation, and recovery.

This technology, proven in thousands of cyberattack scenarios, uses an extensive database of ransomware incidents to proactively identify, triage, and prevent threats before they can escalate. Since acquiring Coveware in April 2024, we've integrated their world-class incident response services into Veeam Cyber Secure. Now, with the addition of the Recon Scanner, this cutting-edge technology is available in every Veeam Data Platform Premium deployment, delivering proactive defense against cyber threats.

 

 

Proactive Threat Detection with the Recon Scanner

The Recon Scanner empowers organizations to detect and address potential threats before they cause harm. By continuously scanning environments, it identifies suspicious activities and tactics, techniques, and procedures (TTPs), enabling teams to take preventive actions and mitigate risks in real-time.

This proactive approach is unique in the data protection market—no other vendor offers this level of advanced threat detection. As part of Veeam's commitment to radical resilience, the Recon Scanner combines expert insights with cutting-edge technology to strengthen the Veeam Data Platform, all at no additional cost.

Building Your Own Veeam Data Platform Security

Veeam has reaffirmed its commitment to cybersecurity by joining CISA’s Secure by Design Pledge, demonstrating our ongoing focus on adopting best practices in security. Alongside strengthened software development processes, we’re introducing a range of new security features to keep our customers protected. A key addition is the Recon Scanner, a unique, proactive solution designed to safeguard both production and backup environments.

Strengthening Your Veeam Data Platform Security

Imagine detecting cyberattacks before they happen. With the Recon Scanner, that’s now possible. By continuously collecting and analyzing data, it detects suspicious activities—such as unexpected network connections, unusual user behavior, unauthorized file access, data exfiltration attempts, and even brute-force attacks.

Traditional threat detection often struggles with the unpredictable nature of dwell time—the period between initial compromise and full-scale attack. To counter this, we’ve integrated the Recon Scanner into the Veeam Data Platform, leveraging years of expertise in helping organizations respond to cyber threats. This proactive protection ensures your environment stays one step ahead of potential attacks.

A Major Advancement in Threat Detection

The Recon Scanner represents a significant leap forward in proactive threat assessment for Veeam Data Platform environments. By utilizing innovative, patent-pending technology, it helps ensure that the Veeam platform stays ahead of evolving cyber threats. This advanced approach not only helps organizations save time and reduce costs but also provides a vital layer of protection in any data resilience strategy.

Recon Scanner is available for all users with Veeam Data Platform Premium Edition. Customers do not need Veeam Cyber Secure or TTP to access this feature.

Accessing Recon Scanner

The Recon Scanner is available in My Profile within Veeam Data Platform. It will be visible on the Products page in My Account, available for Primary or Secondary Administrator level users and License Administrator users.

When the customer activates Recon from the My Account page, their data will be sent to Coveware (with their consent). Coveware will send an email directing them to create a Coveware Portal account where they can download Recon.

Recon Scanner is a lightweight, persistent agent for rapid collection of forensic data. It is easily deployed and scans with minimal overhead at runtime.

Recon Scanner will only scan and collect data from VBR servers.

It is designed to have a minimal performance impact on VBR servers. It only runs when the scans are happening, and execution normally completes in under 1 minute.

Recon’s resource usage is normally under 5% of CPU but may spike to 10% depending on the amount of event logs on the system.

Once the scan is completed, logs will be written to the default location next to the Recon executable. After automatically uploading, the scan results will be deleted locally.

Analysis and Results

Users will receive an email summarizing findings based on risk level (Critical, High, Medium, Low) and can access the Coveware Portal to see more details. Most reports will be available within 10-15 minutes after the scan completes.

The customer's security team can access Coveware’s portal to review results and potential security

threats, including:

  • Details about events and changes
  • Identification of potential brute force attacks
  • Information about unexpected network connections
  • unusual user behavior
  • Suspicious file activity
  • Data exfiltration attempts

The report includes automatic mapping of data to MITRE ATT&CK and Coveware ransomware indicators

MITRE ATT&CK®️ is a publicly accessible knowledge base of adversary tactics and techniques based on real-world data. It helps organizations develop effective threat models and cybersecurity strategies. Free to use, ATT&CK supports the global effort to improve security by fostering collaboration across sectors.

With Recon Scanner, Veeam Data Platform Premium Edition customers can proactively identify and address potential threats, enabling early detection of suspicious activity and adversary tactics. This allows organizations to take defensive actions before damage occurs.

About Coveware

Coveware is a leading provider of ransomware incident response services, offering expertise in assessment, negotiation, and recovery using proprietary technology. Known for its deep knowledge of ransomware attacks, variants, and the threat landscape, Coveware helps organizations manage the complexities of ransomware incidents.

In April 2024, Veeam acquired Coveware to enhance its Veeam Cyber Secure offering. This integration combines Coveware’s incident response expertise with Veeam’s data protection solutions, enabling new proactive security tools like the Recon Scanner. The acquisition strengthens Veeam's ability to help organizations prevent, detect, and respond to cyber threats, protecting both production and backup environments.

 

Wow!  Thanks for sharing this one Sean.  I am going to get this on my lab VBR server and test it out.  😎


Very informative thank you so much for sharing this.


Thank you ​@SSimpson for the extensive post.

This shows the seriousness of Veeam as the Data Protection software platform by proactively help us the customer to identify the gap.


Heard a little about this, but good post to fill in the gaps Sean. Thank you for sharing!

Is this kind of like a SIEM?


With the Recon Scanner, customers can proactively identify threats before they can cause damage. By scanning customer's environments on a set schedule, it recognizes suspicious activity and TTPs, organizations can take defensive and mitigation actions in advance.

 


With the Recon Scanner, customers can proactively identify threats before they can cause damage. By scanning customer's environments on a set schedule, it recognizes suspicious activity and TTPs, organizations can take defensive and mitigation actions in advance.

 

Still hoping they bring this to VCSPs to use as I know rental licenses is the issue.  🤞🏼


Oh boy. There goes my weekend 🙂 To much cool stuff not to start trying! 


Thank you so much for sharing. 👍


Comment