cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support



Welcome to the Veritas REDLab and Cybersecurity Group


Veritas built an isolated lab codenamed REDLab, to conduct cybersecurity research, study ransomware and malware attacks firsthand, and validate our assertions on ransomware resiliency beyond just simulations and reviews. In the REDLab, Veritas regularly executes real ransomware and malware attacks on our products. This provides Veritas with many advantages to study attacks, assess features that aid in detecting cyber attacks, protect the backup repository and infrastructure, and, speed up recovery — all while enabling team members to practice and grow the skills needed to tackle these tasks.

Here the team will regularly share updates, findings, best practices and insights from the Veritas REDLab and the ever evolving world of Cybersecurity.

To learn more: REDLab: Making and Verifying Ransomware-Resilient Veritas Products

Group Hub Activity

Veritas™ REDLab Newsletters

Veritas™ REDLab Newsletters Date Newsletter Link Summary June 2023  REDLab-Newsletter-June-2023  NetBackup 10.2 introduced a new anomaly detection framework through which we delivered two   new extensions, Image Expiry and Client Health Anomaly. Both of these utilize our machine learning engine to provide just-in-time detection capabilities keeping our customers one step ahead of the new cyber attacks. These extensions and any new ones will be available in a single package to simplify deployment and will receive regular updates. August 2023 REDLab-Newsletter-August-2023  In this edition we would like to introduce you to an Isolated Recovery Environment (IRE) that enables air-gapped backup copies by disabling network connectivity to a secure copy of your critical data, providing administrators a clean set of files on demand to neutralize the impact from a ransomware attack.  We conducted Royal and Ryuk ransomware attack on NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform. October 2023 REDLab-Newsletter-October-2023  We have carried out Maze and Lockbit ransomware attack on a NetBackup client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client health anomaly is detected. Once the anomaly is detected, the Client Health anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. In this edition we would like to introduce a feature which is RBAC in NetBackup enhances security by ensuring that users have the appropriate level of access and control over backup and recovery operations. It helps prevent unauthorized access and minimizes the potential for errors or data breaches caused by users with overly broad permissions. November 2023 REDLab-Newsletter-November-2023  In this edition we would like to introduce a feature which is Anomaly Detection of ransomware file extension. During a backup operation NetBackup 10.3 check all file extensions, compares them with the ransomware extension list and generates an anomaly if there is a match. We have carried out Rhysida and Akira Ransomware attack on VMware infrastructure protected by NetBackup and post attack, a system anomaly of type ransomware file extension was generated. NetBackup rules engine is a new feature added in NetBackup 10.3 which is a rules-based engine that can trigger certain threshold-based detection use cases. The rule engine detects abnormal activities through NetBackup audit data. December 2023 REDLab-Newsletter-December-2023  In this edition we would like to introduce a feature which is Multi Person Authorization(MPA) NetBackup Security Administrator can configure multi-person authorization. It proactively protects NetBackup primary servers from an undesirable or a malicious act by ensuring that a second authorized user approves that action before it is allowed to take place. We have carried out BianLian and NoEscape Ransomware attack on NetBackup Client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client Health anomaly is detected. Once the anomaly is detected, the Client Health system anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. January 2024 REDLab-Newsletter-January-2024  In this edition we would like to introduce a feature is Multi-factor Authentication which is a multiple-step account login process that requires you to enter a 6-digit one-time password along with your password. It is strongly recommended that you configure multi-factor authentication to protect the security of your account. We have carried out Faust and Mallox ransomware attack on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. February 2024 REDLab-Newsletter-February-2024  In this edition, we would like to introduce a feature known as Data-in-transit encryption(DTE). The security policies require the backup administrator to ensure that the channel on which NetBackup Clients send metadata and data to NetBackup Servers be secure. In NetBackup 10.0 and later, the data and metadata are encrypted over the wire. We conducted Lucky and MuskOff ransomware attacks on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. March 2024 REDLab-Newsletter-March-2024  We conducted LostTrust and LeakDB ransomware attacks on the NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform. April 2024 REDLab-Newsletter-April-2024  We conducted Trigona and Wannacry ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".WNCRY" by Wannacry ransomware and "._locked" by Trigona ransomware, resulting in the generation of a Ransomware file extension-based anomaly detection. ... View more
PandurangTerkar
By Level 1REDLab | Blog 2 weeks ago
78 Views
0
0

How do you best protect your valuable data?

We all dread the notion of our identity being stolen. The vulnerability, the unknowing, and the anxiety around who and why someone would do this. Well, imagine if that identity was the administrative credentials to your core cyber resilience solution. With credential theft on the rise, insider-based attacks, privilege escalation, and advanced persistent threats are no longer just targeted at production or edge systems, they’re going after your last line of defense: your data protection infrastructure.  In a world where cybercriminals no longer break in but simply log in, how do you best protect your valuable data? Matt Waxman, SVP & GM, Data Protection, Veritas answers this question in his latest blog found here: https://www.veritas.com/blogs/when-cybercriminals-no-longer-break-in-and-simply-log-in-how-do-you-protect-your-valuable-data?om_camp_id=global_osoc_Social ... View more
benspickard
By Community ManagerCommunity ManagerREDLab | Technical Discussions 4 weeks ago
2,034 Views
0
1

Embrace Unified Cyber Resilience with Veritas 360 Defense

Protecting your business technology against an evolving array of cyber risks and security concerns is a big challenge that requires an advanced multi-layered cyber defense strategy.  Are you confident in your ability to protect and recover your IT services in the event of a cyber-attack?  Veritas 360 Defense is a comprehensive and proven strategy to keep your applications and data safe and highly available – using native functionality that offers immutability, indelibility, and resiliency to protect against cyber-attacks. Veritas 360 Defense helps you deliver IT services that are secure, resilient, and quickly recoverable while providing the smooth experience that your end users expect. Learn more about the three principles of how Veritas 360 Defense is a multi-faceted, extensible cyber resiliency and data protection architecture in Tom Kozlowski's latest article: https://www.veritas.com/blogs/embrace-unified-cyber-resilience-with-veritas-360-defense    ... View more
benspickard
By Community ManagerCommunity ManagerREDLab | Technical Discussions‎04-10-202408:11 AM
180 Views
0
0

NoEscape

NoEscape ransomware emerged in May of 2023 and functions as a Ransomware-as-a-Service(RaaS). CERT-In issued an alert for NoEscape ransomware which is believed to be a rebrand of Avaddon and has impacted around 10+ victims in October'23 alone. NetBackup Malware Scan results : Detected Attack Pattern : Encrypted files will have a random 10-character extension appended to the filename, which is unique for each attack. ... View more
rhHax_Vox
By Level 2REDLab | Technical Discussions‎11-24-202302:49 AM
475 Views
0
2

How can we get access on Veritas REFlab's documentation?

Hello Team, I believe this is an excellent effort. How can we get access on the documentation?   Regards ... View more
Mallek
By Level 4REDLab | Technical Discussions‎11-07-202304:16 AM
405 Views
0
0
More
Group Hub Information
Veritas REDLab

Veritas REDLab

Join this group for regular updates, findings, best practices, and insights from the Veritas REDLab and the ever evolving world of Cybersecurity.
35 members
Open group
Created 08-02-2023
Members (35)
View all