Veeam security features and required licenses (2025)

Reading Time: 4 minutes

Veeam Backup & Replication has several advanced data security features useful to:

• Built‑in security withaZero Trust Architecture
• Detect threats earlier withproactive threat hunting
• Maintain integrity withimmutability everywhere
• End downtime withincident response

But not all of them are available in all Veeam edition.

In Veeam Data Platform v12 there are three diffent editions: Foundation, Advanced, Premium. If you are not using VUL licensing, the socket based license Enterprise Plus is feature similar to the VUL Foundation.

Security features useful pre-backup

• Security & Compliance Analyzer: a built-in tool to ensure that your backup server configuration follows security best practices for Veeam backup infrastructure components based on Microsoft Windows Server and Linux operating systems.
  To automate implementation of Security & Compliance Analyzerrecommendations, just use the script provided by Veeam KB 4525.
• Veeam Incident API (feature introduced in v12.1): makes it easy for external CyberSecurity and Analytics tools (including XDR/NDR/MDR/EDR) to notify the backup server of infections at earlier attack stages, ensuring all restore points created after the corresponding moment in time for the given machine are marked as infected. Furthermore, you can enable Veeam to instantly create an out-of-band restore point of the affected machine, before malware has a chance to do much damage.
• MFA autentication (feature introduced in v12): VeeamBackup&Replication supports multi-factor authentication (MFA) for additional user verification. A one-time password (OTP) generated in a mobile authenticator application is used as a second verification method. Combined with login and password credentials, it creates a more secure environment and protects user accounts from being compromised.
• Four-eyes authorization (feature introduced in v12): you can enable four-eyes authorization to reduce the risk of accidental actions affecting sensitive data. This functionality requires additional approval for certain operations in VeeamBackup&Replication given by another user.
• Data Observability & Analtics: provided by Veeam ONE (for this reason an Advanced license is required)
• Recon Scanner by Coveware: with the Recon Scanner as a feature of Veeam Data Platform, customers can proactively identify threats before they can cause damage. By scanning Veeam environments Recon Scanner collects data and recognizes suspicious activity and TTPs, organizations can proactively take defensive and mitigation actions. (Premium license is required)

Security features useful during backup

• 12:
  • Entropic inline malware detection: To scan blocks in a data stream, VeeamBackup&Replication uses inline entropy analysis.
  • File system activity analysis: To scan guest indexing data, VeeamBackup&Replication uses file system activity analysis.
  • IoC Tools Scanner (feature introduced in v12.3): Indicators of compromise (IoC) are non-malware programs. However, their unexpected presence on a system can indicate a security risk. They are selected from and categorized using theMITRE ATT&CK Matrix. (Advanced license is required)
• Repository with soft immutability: to protect backup files from being modified or deleted, you can make them immutable. The feature is supported for any tier of scale-out backup repository.. with the Linux based hardened backup repository or with 3th pary solutions (like S3 Object Lock).
• Backup Data Encryption at rest: Data encryption transforms data to an unreadable, scrambled format. If encrypted data is intercepted, it cannot be unlocked and read by the eavesdropper. Only intended recipients who know the secret key can reverse encrypted information to a readable format.

Security features useful during restore or post-attack

• Backup Scan: limited for Windows machine in v12 (supporting also Linux machine in upcoming v13)
  • YARA rule based scanning (Advanced license is required, see also Cannot use YARA rules with Veeam Backup)
  • Veeam Threat Hunter signature-based scanning (Advanced license is required): see also How fast is Veeam Threat Hunter?
  • 3rd party antivirus signature-based scanning (Advanced license is required)
• Secure Restore and SureBackup: useful to automatically scan you backup
• Orchestrated Restore & Clean Room Recovery using Veeam Recovery Orchestrator (Premium license is required)
• Incident Response by Coveware (only for selected customers)

Security ecosystem

Veeam is not (yet) a security company, they have lot of security related features, but they enable integration with other specialized security solution: