Link Menu Expand (external link) Document Search Copy Copied
Veeam

Recovery Strategy

Preparation is the key.

Have a recovery strategy in place, before you find out your infrastructure is breached you should know what to do when being compromised through attacks. Backup your data and make sure the backups cannot be accessed by an attacker to damage them. An offsite copy (air gap) or read-only on any media is highly recommended to survive any attack.

Furthermore, you must be aware that in case of a breach it is very likely that your assets will be sealed by government entities for analysis and forensic and they won’t be available for recovery. You should rely on dedicated recovery hardware in addition to keep off-site copies.

It’s also very likely that your internet connection will be shut down to kick intruders out and/or to prevent data leaks. Therefore, you might need an alternate way to reach your off-site backups.

You must have tested recovery keeping in mind you will have to restart from nothing but backup files and a blank infrastructure. Make sure during the tests, you also scan your backups for possible malware in order to prevent re-infection during recovery after a disaster. You can consider the use of a Clean Room for the tests.

  • Define a task force, enroll the needed people, develop a plan
  • Know your assets, to prioritize recovery (DNS, domain controllers, mail, collaboration will be needed first, then your core applications shall restart immediately after)
  • Extensively use testing automation tools, such as Veeam SureBackup or Veeam Recovery Orchestrator, including automate the backup scan for malware to prevent the risk of re-infection
  • it’s not just IT: access to the facilities, support for remote workers, phone systems…

Back to top

Copyright © 2019 - 2025 Solutions Architects, Veeam Software.
Please note that information provided in this guide is not produced or verified by Veeam R&D but is a result of community effort based on the field observations.