Skip to main content

hi veeam community

In version 12.1, extraordinary security features are offered, one of which is Early Threat Detection.I want to know what is the out-of-band restore point that is marked in yellow in the picture and has anyone used this feature and has any experience about it?

 

So basically keeping it out of the default location is one of the meanings. See here FBI podcast

https://www.fbi.gov/audio-repository/news-podcasts-thisweek-out-of-band-backups.mp3/view

 

“One out-of-band solution is physically keeping the backup in a safe location outside of your home. The other is using a reputable cloud-based backup service. Both options have advantages and disadvantages.”

 

As always when it comes to terminology there can be variations you see out there. Veeam can chip in here to comment on their interpretation.

 

 


Out-of-band restore point I believe basically means outside its normal retention. In other words, performing a restore point outside of the automatic retention process. 


If Veeam malware detection picks up something this means it can create a backup of the VM to hopefully ensure the malware infection is kept to a minimum.  Basically a one off backup to help with remediation.


Out-of-band restore point I believe basically means outside its normal retention. In other words, performing a restore point outside of the automatic retention process. 

Exactly

Veeam immediately initiates a backup of the affected machine, outside of the usual backup schedule. This ensures the created "out-of-band" restore point captures the state of the machine before the malware could spread or cause further damage.

 


Veeam has made it possible to do this automatically within its Malware Detection settings if you enable it in the Incident API tab:
 

Incident API - Quick Backup

 


Hi @Jenes hooshangi just to give some extra context to this.

 

This functionality isn’t Veeam initated, it’s driven by the third-party security product or service triggering an API call to Veeam to say that they believe an incident is taking place and to trigger a backup “out of band” of your normal backup schedule, aka on demand.

 

The concept behind this is that if a ransomware attack was initiated and a third party system detected this, it could tell Veeam to back everything up there and then to preserve the maximum amount of data, with minimal RPO. A common question with this is “well isn’t it too late by the time your backup runs” but when we think how fast a snapshot is taken, and Veeam reads from the snapshot, it does dramatically improve the chances of recovering live data with minimal data loss.


Comment