Veeam has acquired cyber-extortion incident response provider Coveware. We’re told Coveware has helped thousands of cyber extortion victims and developed software and services to enable rapid attack forensic triage, extortion negotiation and remediation, to help organizations recover their data from ransomware attacks.
Veeam CEO Anand Esware said in a statement: “It’s no longer a question of when your organization is attacked, but how often. Seventy-six percent of organizations have been attacked over the past 12 months, and addressing that cyber threat is critical for every enterprise.”
He added: “Coveware is already helping enterprises across the world improve their defense and if the worst happens, helping them recover. … Veeam now provides enterprise customers with proactive threat intelligence that helps identify any security gaps with forensic triage and decryption, all combined with the capabilities of the market leader.”
Coveware was founded in 2018 in the NewYork area by CEO Bill Siegel and CTO Alex Holdman. Siegel said: “Our goal is to minimize the cost of disruption by providing best-in-class incident response tools and services. The threat intelligence gathered from our incident response work also benefits our proactive large enterprise clients – 41 percent of which are in the Fortune 500 – to reduce their risk and increase their resiliency.”
Siegel was CFO at cybersecurity company SecurityScorecard from 2016 to 2018. Prior to that he was the head of the NASDAQ private market after selling SecondMarket, where he was CEO, to NASDAQ. His background is in corporate finance, portfolio management, and equity research.
Holdman is an ex-product manager at Paperless Post and Datto, and worked at SecondMarket as a lead software engineer in 2011-2015.
Siegel and Holdman said in a 2018 introduction to Coveware: “There is a stigma associated with paying a ransom. We expect criticism and scrutiny of our model. Coveware makes it easier for businesses to pay. Popular refrains involve a utopian vision of every afflicted business and person, ceasing to pay, and the problem disappearing for good. While we understand and appreciate these refrains, we deem the implementation unrealistic.”
They added: ”We also have no intention of profiting off of the payment of ransomware. In the future, we envision opening up Coveware case management as a public utility, so that any victim can have a clean experience without predatory fees, and our interested institutions, both private and public, can glean the insights they need to make a difference.”
Coveware has accumulated data and insights on miscreants patterns. This means it has access to continuously updated data on ransomware variants, attack vector analysis, attack footprints, and recovery options. It has automated SaaS technology that runs across a client’s operational environment to perform forensic triage analysis. The service assesses the impact, identifies the ransomware (strain, threat actor group, entry point), and helps recover encrypted data from known ransomware groups.
Veeam prides itself on the immutability of its backups, claiming they are safe from ransomware. With ransomware crews sometimes being present in a victim’s IT systems for up to 200 days, there is a risk that corrupted data could be inadvertently backed up. Asked about this in a briefing in London, Dan Middleton, Veeam VP for the UK and Ireland, told us Coveware’s services could help when data was exfiltrated.
Coveware is privately owned and there is no record of any outside funding. The acquisition price has not been revealed. LinkedIn lists around 25 employees and Coveware says it has a global team of cyber threat experts.
Coveware will operate as a fully owned Veeam business – Coveware by Veeam – and selected Coveware capabilities will be incorporated into Veeam’s products including Veeam Data Platform and the Veeam Cyber Secure Program. In effect, the Coveware tech now gets a market boost by using Veeam’s hundreds of channel partners. The acquisition may trigger acquisitions by competitors such as Rubrik.