Key Takeaways:
- Backups are still a blind spot for many SOC teams, leaving organizations vulnerable to attacks targeting backup environments.
- Veeam continues to expand its security ecosystem, helping customers integrate backup data into their broader cyber resilience strategy.
- The Veeam App for Microsoft Sentinel brings backup intelligence into the SOC, including adversary TTPs from Recon Scanner and bi-directional automation so teams can detect threats earlier and respond directly from within Microsoft Sentinel.
- Now available for free in the Microsoft Marketplace and Microsoft Sentinel Content Hub for Veeam Data Platform Advanced and Premium customers.
The Rising Threat to Backups
Cyberattacks are evolving at a relentless pace, and backups have become a prime target. For security operations centers (SOCs), the backup environment is often a blind spot, even though they monitor networks, endpoints, and identities with precision. That gap leaves organizations vulnerable and forces IT and Security to work in silos when speed and coordination matter most.
Closing the SOC Gap with Veeam App for Microsoft Sentinel
Veeam has been working to close this critical visibility gap through an expansive ecosystem of security integrations. Now, with the launch of the Veeam App for Microsoft Sentinel, backup is no longer the blind spot in the SOC.
This new integration brings Veeam backup and security events, including adversary TTPs from Veeam Recon Scanner, directly into Microsoft Sentinel. Security analysts can monitor and investigate backup threats alongside other signal sources, automating key investigation and recovery actions without leaving their console. With bi-directional capabilities and flexible connectivity, Veeam empowers SOC teams to detect threats earlier, respond smarter, and unify response across IT and Security.
What the Integration Delivers
This integration brings backup into the heart of the SOC and provides enhanced visibility, enriched context, and automated actions that accelerate threat detection and response. Here’s what security teams can expect:
- Event Ingestion: More than 300 Veeam backup and security events are sent into Microsoft Sentinel, including job failures, suspicious activity, ransomware detections, and Recon Scanner findings. This is Veeam’s first SIEM integration to surface adversary TTPs findings from Recon Scanner revealing early indicators of compromise and cyberattacks.
- Dashboards: Microsoft Sentinel-native dashboards visualize key backup and security data, such as threat detections, restore activity, and job health, alongside existing source signals. This centralized view helps SOC analysts understand the full scope of an attack without switching between consoles.
- Automation & Playbooks: Veeam provides pre-built playbooks that use Azure Functions to call Veeam REST APIs allowing SOC teams to enrich Microsoft Sentinel incidents with backup context like affected workloads, restore points, and repository health. Customers can also build custom playbooks to tailor automation or initiate specific recovery workflows using Veeam APIs.
- Connectivity & Architecture: The app supports dual connectivity options, both syslog and API, giving customers flexibility in how they integrate and investigate. Its bi-directional capabilities empower SOC teams to not only ingest Veeam intelligence but also act on it from within Microsoft Sentinel.
Why It Matters for the SOC
The Veeam App for Microsoft Sentinel empowers security operations teams with earlier visibility, faster investigations, and tighter coordination between IT and Security. Here’s how:
- Proactive Threat Detection: Surface early signs of compromise with Veeam Recon Scanner findings and suspicious backup activity streamed directly into Microsoft Sentinel.
- Accelerated Investigation: Enrich Microsoft Sentinel incidents with workload data, restore point history, and repository status from Veeam via prebuilt or custom playbooks.
- Strengthened Ransomware Response: Use Recon Scanner’s MITRE-aligned detections to prioritize alerts and inform incident response strategies.
- Enhanced Visibility: Microsoft Sentinel-native dashboards bring Veeam backup intelligence into the SOC’s existing monitoring workflows.
- IT + Security Collaboration: Bi-directional automation allows SOC teams to act directly from Microsoft Sentinel using Veeam’s REST APIs.
Getting Started with the Veeam App for Microsoft Sentinel
The Veeam App for Microsoft Sentinel brings data resilience directly into security operations, giving SOC teams visibility into backup events, enriched context for investigations, and automation that reduces manual effort. Together, Veeam and Microsoft Sentinel help organizations detect threats earlier, respond faster, and improve collaboration between IT and Security.
The integration is available now through the Microsoft Marketplace and Microsoft Sentinel Content Hub at no additional cost for Veeam Data Platform Advanced and Premium customers.
FAQs
What is the Veeam App for Microsoft Sentinel?
The Veeam App for Microsoft Sentinel integrates data resilience directly into SOC workflows by sending Veeam backup and security events, including identified adversary TTPs from Recon Scanner, into Microsoft Sentinel. This gives security teams earlier visibility into potential cyber threats and turns backup into a critical signal source.
Built-in automation enables analysts to enrich incidents with Veeam context or initiate response actions directly within Microsoft Sentinel. This bi-directional integration enhances detection, accelerates investigation, and empowers a faster, more coordinated response.
Which customers can leverage the Veeam App for Microsoft Sentinel?
This is a free app available to Veeam Data Platform Advanced and Premium customers.
Where can I download the Veeam App for Microsoft Sentinel?
The Veeam App for Microsoft Sentinel is available in both the Microsoft Marketplace and the Microsoft Sentinel Content Hub.
The post Turn Data Resilience into Security Intelligence with Veeam App for Microsoft Sentinel appeared first on Veeam Software Official Blog.
from Veeam Software Official Blog https://ift.tt/64vrVOw
Share this content: