Veeam’s Data Platform 13 boosts AI-driven threat detection and resilience, but execs admit true zero-time recovery isn’t realistic despite strong immutable-backup protection.
Veeam’s latest updates – in version 13 of its Data Platform – devote a lot of attention to resilience, meaning near-instant intelligence-driven responses to AI-driven threats.
But even a raft of detection and instant response measures simply can’t get response times down to zero.
That’s something Veeam execs were happy to admit at the Technology Live! Event in London this week.
To be fair to Veeam, it’s probable no data protection vendor can, unless suspicious activity is caught early enough. In addition, players like Veeam form only a part of the entire defences.
Yesterday saw the announcement of Veeam Data Platform 13, which included numerous features from its acquisition of Coverware in 2024.
This includes a raft of functionality that includes flagging suspicious activity such as brute force attacks and unusual file changes, the ability to triage such behaviours, analytics and visualisations of threats, and connectivity to third party detection services and products.
Version 13 also saw introduction of an AI malware analysis agent, making backups immutable by default and integrations with security platforms and ops environments including CrowdStrike, Palo Alto Networks, Splunk, and ServiceNow.
But talking to execs at the Technology Live! event, it became clear that efforts to create an instantaneous response – ie, to get anywhere near RTOs of zero – are not always realistic.
Having said that, Veeam does claim an effective RPO of zero, with no data losses, said VP for product strategy Rick Vanover, as long as their data is held in immutable storage.
“We have over half a million customers and we don’t have a tech support case on record of someone unable to recover data if their data was in an immutable repository like a bucket, and they have their encryption key,” said Vanover. “We have always been able to recover data.”
“And it happens every day, added Vanover. “We have a dedicated team dealing with full-blown incident response. There’s 30 in the Americas. There’s 45 in EMEA and probably less than those two numbers in APJ.”
Veeam intends, however, for its intelligent detection capabilities to discover threats before that, using AI to spot threats as it processes backups.
“Our inline malware detection, it’s not a generative AI technology, but it is an AI and machine learning technology that looks at data coming over the wire during a backup,” said Vanover. “When that happens, we can detect potentially malicious attacks on systems.”
The Veeam exec described how its software can spot numerous potential signs that a ransomware attack is potentially going to happen, including malware, links out to the dark web etc. And that all this can be orchestrated to execute responses.
“I call them smoke signals,” said Vanover “Smoke signal comes in, Veeam goes, ‘Right, something bad is happening, do something about it’.”
“So, I want to actually orchestrate something. Orchestrate something into Azure, quickly, into an isolated environment, assure the backup, make sure that it actually runs, and then that can sit there until we work out what to do next.”
So, while responses to the signs of a threat can be near instantaneous, or at least from the Veeam point of view, can take place when it gets sight of data it protects, responses can still impact production.
It can be argued that the entire question of achieving resilience is a battle against bad actors over RTO. If you can guarantee zero RPO – in that you can always protect data – the question becomes, to what extent can you limit the time it becomes unavailable?
The reality is, said Vanover, that the technology may be able to do all you ask of it, but the real world can still get in the way of what’s possible technologically.
“The RTO of a workload is really quick nowadays, a minute or two,” said Vanover. “But the reality is longer than that in a widespread attack. We had a multinational food service organisation that was in a ransomware situation. They got out of it with Veeam.
“Then out of nowhere, cybersecurity law enforcement shows up. That slows it down. They had their data, but then there’s all these questions about root cause, blast radius. What I consistently see is that organizations don’t have the people and processes at the same level as the technology.”
The takeaway
Veeam’s latest Data Platform update doubles down on resilience, adding AI-powered threat detection, malware analysis, and deeper integrations with major security platforms. While the company claims zero data loss when backups sit in immutable storage, executives concede that real-world incident response — from triage to law-enforcement involvement — prevents true zero-time recovery. The tech can react instantly, but people, processes, and external factors remain the bottleneck. The real measure of resilience is not just stopping data loss, but reducing disruption during attacks.
Read more about data protection
RPO and RTO: Their roles in disaster recovery planning. RPO and RTO define acceptable downtime and data loss in disaster recovery. Learn how to calculate them, apply tiers, and align storage and cloud strategies.
Replication and snapshots: Essential elements of enterprise data protection.Learn the differences between backups, snapshots and replication, and discover how to combine them for a robust enterprise data protection strategy—on-premise and in the cloud.