Veeam acquires Coveware for incident response capabilities

Coveware will remain operationally independent with its cyberincident capabilities and ransomware research complementing the data backup vendor's recovery offerings.

Veeam quietly acquired Coveware, an incident response vendor, late last month. Veeam declined to disclose the cost of the acquisition, but representatives said Veeam is interested in keeping the two companies and associated technologies separate for the time being.

The rebranded Coveware by Veeam will have integrations with the Veeam Cyber Secure program, a white-glove cyber recovery service, according to the vendor.

Coveware provides comprehensive cybersecurity incident response services including ransomware negotiations, auditing and damage assessments. The company created Recon and Unidecrypt, two proprietary software packages for cost analysis and ransomware decryption, respectively.

The purchase bolsters Veeam's cyber recovery capabilities, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group. Cyber recovery is the next market frontier for backup and disaster recovery vendors, he said, as enterprises rely on data backups to recover from ransomware attacks and ensure business continuity.

"Disaster recovery is dead," Bertrand said. "It's now cyber recovery. The backup and recovery vendors are repositioning themselves as cyber-resilience vendors."

Prior to Coveware, Veeam's most recent acquisition was Kasten in 2020 for Kubernetes backup services.

Ounce of prevention

Veeam intends to keep the two companies separate in technology for the foreseeable future, according to Dave Russell, vice president of enterprise strategy at Veeam.

This separation will enable the two companies to meet different customer needs, with Veeam focused on backups and Coveware providing incident insights and recovery, he said.

"[Veeam doesn't] want to be in the [incident] response business. We want to be in the prevention business," Russell said. He added that Veeam doesn't intend to bolt on Coveware to the Veeam Data Platform, its flagship data protection and backup suite that offers a hybrid cloud management console.

Veeam's 450,000 customers provide a massive audience for Coveware's research, according to Bill Siegel, CEO and co-founder of Coveware.

Companies can avoid the effects of most ransomware attacks if they follow best practices and have a recovery plan in place, Siegel said. Integrating Coveware's knowledge and technology into Veeam Data Platform should help provide continuity services that minimize downtime, he said.

One of the problems with a DIY response team is that it's hard to know what you don't know.
Phil GoodwinAnalyst, IDC

"The limitation we had prior to this was getting the word out there about how to defend yourself against ransomware," Siegel said. "The reality is most ransomware attacks are entirely preventable. You may not prevent everything, but you're going to pinch the level of disruption."

Pound of cure

Regardless, many IT teams comprise generalists who might be unaware of or unable to address every issue within an enterprise's security infrastructure, said Phil Goodwin, an analyst at IDC. This lack of knowledge can lead to slapdash fixes or policies that could be avoided with an additional set of eyes and knowledge.

"One of the problems with a DIY response team is that it's hard to know what you don't know," Goodwin said. "When you get into a cyber recovery response situation, the results aren't good. Organizations are looking to professional incident response teams to help fill the gaps in knowledge."

Worse, many IT teams are aware of security flaws they might be unable to address due to a lack of resources and time, said Krista Macomber, an analyst at Futurum Group. Hiring advisory services such as Coveware can make a stronger case for IT teams to request additional support from an organization, she said.

"We see a lot of attacks get through unpatched infrastructure and known vulnerabilities IT hasn't been able to address," Macomber said. "[Coveware] does give some power back to the customer, as it's easy to feel like [security is] a lost cause."

Still, Siegel's certainty on preventing ransomware is an important perspective for a cyber recovery vendor to hold, Bertrand said. If attacks are to be considered inevitable, having additional services to help IT prepare and expedite recovery is valuable.

"[Veeam has] people with this acquisition that really understand the ransomware [attack] issue, [as] it's a matter of when, not if," Bertrand said.

Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.

Next Steps

Veeam executives discuss data protection trends, future IPO

Dig Deeper on Data backup and recovery software