Skip to main content

Cybersecurity is a constant battle, and backups are a prime target. That's why I'm exploring how to integrate Palo Alto's Cortex solution with Veeam to further strengthen.

Can you help me with these questions?

  • What kind of integration exists between Cortex and Veeam? Is it a native integration or does it require additional components?
  • What layers of protection does Cortex offer to my Veeam backups? Does it detect threats in real-time, analyze suspicious behavior, prevent ransomware attacks?
  • How does backup scanning work with Cortex? Is it automatic? Can I customize scanning policies? What kind of threats does it detect?
  • Can Cortex protect my backups both on-premise and in the cloud? Does the integration work with different cloud providers?
  • What impact does Cortex have on the performance of my Veeam backups and restores? Should I consider additional resources?

Hi,

let me try to answer it with what I can say today:

  • What kind of integration exists between Cortex and Veeam? Is it a native integration or does it require additional components?
    • Currently we are finalizing the first integrations with PA as you may have seen/heard in the announcement as VeeamON. Stay tuned for official communication soon.

 

  • What layers of protection does Cortex offer to my Veeam backups? Does it detect threats in real-time, analyze suspicious behavior, prevent ransomware attacks?
    • One thing that you can do even today is sending thread PA detects via their XDR agents to the Veeam Incident API to flag backups being potentially risky. Therefore you would need to create a integration/playbook in XSIAM or XSOAR to talk to the VBR REST API. as mentioned above I would wait until you see official communication on what will come with PA.

 

  • How does backup scanning work with Cortex? Is it automatic? Can I customize scanning policies? What kind of threats does it detect?
  • Can Cortex protect my backups both on-premise and in the cloud? Does the integration work with different cloud providers?
  • What impact does Cortex have on the performance of my Veeam backups and restores? Should I consider additional resources?
    • For the 3 questions above. If I understand it right you are interested to understand if the PA XDR agents can be used alongside Veeam Secure Restore and SureBackup Light jobs which allows you to scan your backups. This is a seperate topic we are discusssing currently with PA to see if the Agent is compatible with our processing. If it is, you will be able to use the Agent to scan your backup files after the are finished or before your recover to make sure they are clean. This can be automativ or manual and it will detect any threads within the file system PA is able to detect as we presetent the filesystem of the back to the agent. For detials where it can be used please check the helpcenter of veeam. There is not really an impact on backup performance as long as the scan does not run at the same time another backup runs as of course they share the CPU load on the server it is executed. As it is post-processing it can be well planned. But again, all of above first requires us (or you) to check if the PA agent supports what we need.

I’m very interested to get feedback on integration requirements you as a partner or customer have so feel free to drop and requests and I’ll see what we can solve.

 

Hope that helps a bit.

Thanks

Stefan


Thank you, this information is useful for me. I will be on the lookout for official announcements.


Comment