One of the interesting new features of Veeam Backup & Replication is the introduction of YARA (Yet Another Recursive Acronym) rules to scan the VM guest files.
As explained in this great blog post, YARA is one of the most effective ways to help identify and classify malware like ransomware. YARA is an open sourced resource that enables cybersecurity teams to search for, detect and alert you to the presence of malware before it can do any damage.
Does not replace the antivirus/antimalware scan, but can be used as an additional control.
Enable this feature is very easy:
But if you try to use in a Scan Backup or Secure Restore job, you may have the following error: YARA scan functionality is not available in your Veeam Data Platform edition.
Also if you have Enterprise Plus or VUL license, it could be not enough… you need Veeam Data Platform Advanced!
The Advanced suite it includes also VeeamONE, technically not needed to apply the YARA rules, but it can provide also other interesting security feature.
Related Posts
Andrea Mauro
Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.
