Reading Time: 3 minutes

Many customers are using backup tools to identify potential dormant threats in their environment and Veeam Backup & Replication adds a lot of malware detection methods starting with v 12.

Whether through periodic manual spot-checks, continuous scheduled backup scans (for example with SureBackup), or alert-driven scans, risks can be uncovered without adding overhead to production environments while allowing for a fast response from security teams.

However, one of the challenges with searching for threats is knowing what to look for.

While YARA scans are fast, they can only search for a strictly defined list of signatures, which can be problematic when proactively looking for unknown threats. Although incredibly useful for a forensic investigation, it is not optimal as a defensive measure.

On the other hand, purpose-built antivirus software avoids this issue by having millions of malware signatures in its database, but their speed and performance can be difficult to scale.

Veeam Backup & Replication 12.3 brings a new feature (called Veeam Threat Hunter) that provides best of both worlds: the speed of YARA scans and the breadth of malware detection of a classic antivirus.

This advanced signature-based malware detection engine is integrated directly into Veeam Backup & Replication data processing engine for significantly faster scanning than with the Bring Your Own Antivirus approach, with the breadth of malware detection that YARA scans cannot touch.

The key benefits of Veeam Threat Hunter are:

  • Built directly into Veeam Data Platform to offer highly optimized, accelerated signature-based backup content scans for malware while reducing costs and freeing up your critical IT resources from managing a third-party antivirus scanner on your mount hosts.
  • Veeam Threat Hunter employs machine learning (ML) and heuristic analysis to identify advanced threats such as polymorphic malware, which are impossible to detect with YARA rules due to the dynamic nature of signatures of each malware instance.
  • Updates to threat signatures and ML models used to detect polymorphic malware are delivered multiple times per day to quickly expand detection to newly developing threats.

You can use Threat Hunter also in your scans:

Share