Veeam 100 Summit 2023 - Day 2

Next up we have a presentation by Veeam focused on Cirrus, with @Rick Vanover, @martynh and Tim Hudson talking about the Cirrus by Veeam product offering.

An interesting but welcome discovery is that Cirrus by Veeam utilises the same binaries and features available to VB365 whether you roll your own deployment, or leverage a service provider. They’ve just leveraged a lot of the API functionalities to achieve brilliant results, such as a truly granular RBAC.

This was a demo heavy session, but seeing that you could create a new tenant and be backing up in under 10 minutes was a fantastic experience to see.

During the Q&A I asked what size scales we should expect for customers that wish to adopt Cirrus, as it’s multi-tenant would there be such a thing as ‘too big’, and I was assured that if VB365 can handle it, Cirrus can handle it. A bold statement that I look forward to seeing proven.

Another excellent summary Michael. 👍

After a lunch break we’re keeping in the SaaS world with a discussion on Veeam Backup for Salesforce, with Andrey Zhelezko & Maxim Ivanov taking to the stage.

There isn’t much I can share here as a lot of the content talking about vNext is restricted content, and a good chunk of the session was focused on discussing how the product works, the architecture, and what features have been released to date. Of which this is captured in the Veeam User Guides and Helpcenter, so there’s not much point re-inventing the wheel. But I did discover a few interesting things:

• Veeam Backup for Salesforce supports Salesforce OpenID + MFA now in v2, meaning the amount of authentication options dramatically expands
• Veeam Backup for Salesforce can be installed on Ubuntu as of v2
• Veeam Backup for Salesforce can be deployed on-prem or in AWS/Azure/GCP, vs Salesforce’s native backup tool which can only be deployed on AWS. And a dramatic difference to a lot of the SaaS backups that have no ‘roll your own’ options.

Great recaps Michael.

Following on from Hannes and a quick break, we saw @Rick Vanover, @Viperian and @ddomask all sharing the stage to give an incredibly useful session on ransomware, from multiple angles. I’ll start off by saying that @ddomask’s content was event exclusive so I won’t comment further on that, but personally a massive thank you to him for delivering that session as it was fantastic 👏

Rick set the scene by talking about his top 10 worst practices being seen in the field, and how to flip these into a top 10 best practices.

1. Immutability - No surprises here, immutable backups are one of the best defences available against the loss of your backups in a cyber attack
2. Encryption Password Not Forgotten - Ensuring there isn’t a reliance on the survivability of VBR or VBEM during a cyber incident, these servers could also be attacked, in this scenario it is essential to have the backup encryption password
3. Restore testing - Being aware of the different ways to restore data in different scenarios is one of the best ways to achieve the lowest recovery times, with the minimum of data loss.
4. Performant Backup Storage - Rick focused on recovery performance, asking an important question ‘what happens if you need to restore EVERYTHING?’ How would your backup infrastructure cope?
5. Explicit Credentials - At a minimum, backup repositories having explicit credentials to minimize the possibility of access, but the more restricted the permission scopes per access account the better, instead of having a single ‘God mode’ service account
6. Readiness for clouds - Being sure of how to recover to the cloud ‘properly’ was the justification of this point. Whilst it’s trivial to perform a restore to Azure/AWS/GCP, what does security and networking look like in this scenario as examples. The goal is to avoid having your DR response creating additional security headaches.
7. Veeam ONE - An interesting recommendation that I haven’t heard before here, deploy Veeam ONE as a standalone machine, think of it as ‘on an island’, let it be left alone handling events and actions.
8. MFA - Rick goes one step further here than just MFA on the VBR console, you should still look at MFA to gain access to the entire server(s). Once you’re on a VBR server, it’s still possible to do a lot of damage without gaining VBR console access.
9. Have a plan - Exactly what it says on the tin, failing to plan is planning to fail. Even if your plan doesn’t cover your exact scenario you find yourself within, the ability to leverage decisions already made provides a great template to align yourself against.
10. Everyone gets training & threat intelligence - Educating and empowering users is important, and ensuring that your IT team gets threat intelligence is also incredibly useful.

With the list out of the way, we then pivoted to the extremely experienced ‘explorer’, Mr @Viperian!

Edwin hit us with some hard truths straight away. “Hackers don’t hack, they log in”. Edwin also put some useful spins on common phrases such as how IT Security need to be right every time, hackers just need to win once, and highlighting how once a hacker is within your network, the scenario flips, the hacker needs to be stealthy constantly, otherwise IT Security will notice and kick them out.

Edwin then laid out what an attack scenario can look like, echoing a point I’ve long made, ‘ransomware doesn’t just appear, someone has to put it there’.

Edwin provided a high level view of the sheer volume of hacking tools available readily to anyone with a slight interest in the topic, it was overwhelming!

Edwin wrapped up his segment discussing the importance of some of the new features in v12.1 such as YARA rules and automated malware & content scans.

After this we moved onto some event exclusive content for the rest of the day, and this brings my coverage of Day two to a close!