Veeam acquires Coveware to bolster its ransomware incident response capabilities – Business
Veeam Inc. today announced that it has acquired incident response firm Coveware Inc.
The new offering that results from the acquisition — Coveware by Veeam — will operate independently initially, but the company will integrate elements over time. Dave Russell, vice president of strategy at Veeam, gave me a preview of the announcement.
“We will have a standalone or Coveware team, which we will add additional personnel to as we scale up that business,” Russell told me. “Then our product development team will begin to take portions of the reconnaissance capabilities and deploy them side-by-side with Veeam.”
Though it’s only now announcing the acquisition, the deal was consummated some time ago. “We closed on this the last week in March,” he told me. “Coveware has a considerable number of large customers, 41% of which are F500 and 59% are G2000.”
Looking for vulnerabilities
Russell shared that one of the products that attracted Veeam to Coveware is Recon, which can look at vulnerabilities in an existing environment.
“From a services perspective, they can do tabletop exercises with an organization and help them understand where vulnerabilities could be at a conceptual level,” he said. “They can run Recon in the production customer environment to show the vulnerabilities.”
This Recon capability doesn’t send any customer data, he said, but it does send metadata for functions such as port usage and other indicators of compromise — nothing like server names or even sensitive metadata.
“With that, a report can be generated using their large language model, to suggest known vulnerability strains in the wild and their attack vectors in areas where your deployment model, your data center, could be open to vulnerability,” he said. “So that’s very proactive.”
Using LLMs as an early warning system
Coveware might fall under the “incident response” category, but it’s really an early warning or simply stopping the threat before it becomes a problem.
“Coveware does proactive threat hunting,” he said. “They are engaging with their clients in advance to offer best practices to keep them out of a cyber situation. On the one hand, they market themselves as an incident response team, like a fire department. But they’re more like fire prevention. And the part that excites us at Veeam is the ability to do the proactive threat hunting to understand the nature of the threats operating in the wild today and how to best defeat them.”
But in the future Russell sees many more possibilities from Coveware’s large language model. “Because their LLM will get better with the more information it receives, and with over 1 million Veeam backup and replication servers out in the wild, even if we got 10% uptake that’s 100,000 new backup servers that are now able to add to that LLM — becoming even more intelligent but also proactively identifying vulnerabilities that a customer may be running with and unaware of,” he said.
Some final thoughts
Veeam has become a significant player in ransomware recovery, and this acquisition should add to its broad capabilities. Blending the artificial intelligence world of LLMs to create a vast storehouse of knowledge to prevent attacks before they happen is very possible. Vendors will need to turn to this approach because attackers will be using AI in all its forms to relentlessly test every company’s defenses.
Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.