NetBackup 10.5 Scans Cloud Object Storage Backup Images for Malware
The latest version of NetBackup adds malware scanning for cloud object store backups. It does this through the Cloud-Object-Store (COS) image type selection option. All of the common COS providers are supported through this image type. Recovery time scans of COS resources are also possible. That means during DR events cloud object backups can be scanned before restoration to ensure the restored data does not contain malicious code/malware.
Enabling this feature is as simple as upgrading to version 10.5+. No unique installation steps are required for this feature. Malware scan host hardware requirements have also not changed from previous versions. Malware scanner installation is covered in the NetBackup Security & Encryption Guide. Please refer to the Veritas NetBackup Software Compatibility List for all supported scan host operating system configurations.
Malware scan host(s) must be deployed and configured using the NetBackup Web UI. No changes are required to existing (pre-upgrade) malware scan host configuration settings for the COS feature. Please refer to the Malware Detection section of the NetBackup 10.5 NetBackup Security & Encryption Guide for more scan host deployment details.
The workflow to configure and activate malware scanning is also the same as before. No changes to malware scanning architecture and workflow are part of this new feature. If you’re not familiar with the malware scanning workflow it’s documented in the Malware Detection section of the NetBackup 10.5 Security & Encryption Guide as well.
The COS feature adds the following new functionalities described in the sections below.
On-Demand Cloud Object Backup Image Scans
A COS workload administrator with required permissions can scan these types of images. Images to be scanned can now be searched for and found as the Cloud-Object-Store type of backup images. Shown below in the “Malware detection” section of the WebUI is the start of a COS image search. All policy types are selected (instead of a policy name) so the search will return a list of all COS images. Specific COS policies can be selected as well.
COS images for specific client(s) can also be searched for and selected as shown here.
Recovery Time (DR) Cloud Object Backup Image Scans
During a COS image recovery scan, user-selected files and folders for the recovery will be scanned before the image(s) are recovered. No data will be written to the target until the scan is completed. Administrators performing such scans must also have “Restore form malware infected images” RBAC permissions, even if no infected restores are to be performed.
When the “Scan for malware before recovery” option is selected, two malware scan and recovery options are available as shown below:
- If any files are infected with malware, do not perform the recovery job
- If any files are infected with malware, recover all files, including infected files
Recovery Check for Previously Scanned Images
Alerts for infected images and warnings for unscanned images are shown during the recovery workflow for COS policy protected data. Relevant messages appear clearly in the WebUI if a potentially unsafe condition exists with the restore job before it starts. You’ll always know if COS data selected for restore has been previously scanned and found safe as shown in this example:
It’s very important to note an administrator’s permissions play a key role in COS recoveries. A “clean file only” recovery option is not supported for COS. All COS objects selected for recovery, whether infected or not, are restored in a COS recovery if the administrator has permission to recover infected files as shown below. With such permissions, the “Allow recovery of files infected by malware” recovery option becomes the default selection. The administrator cannot change this option in the recovery workflow. The proper administrator login, either with or without infected file restoration permissions must be used during COS recoveries accordingly.
COS backup image malware scanning either before or during restores is a powerful tool to identify existing malware infections. Through login permissions and selectable options administrators can control how and when this scanning is implemented. They can also control whether infected files are restored.