Finding Sensitive Data on Endpoints with Veeam Endpoint Backup FREE and DataGravity

I have for a long time been a huge fan of Veeam - both as a customer and as a virtualization community member.  I cut my teeth with their FastSCP product (remember that?) to efficiently move files between ESX/ESXi hosts and datastores.  It was awesome, and the best part about it was that Veeam offered it completely for free. In fact, they still do as part of Veeam Backup Free edition.  Fast forward a number of years, and Veeam has done it again.  This time they have released Veeam Endpoint Backup - a completely free standalone solution to help protect Windows endpoints.

Knowing their reputation for developing products that simply 'just work', I was eager to try out this new Endpoint product.  In fact I recently had a customer who asked if they might be able to use the product to save data from some of their Windows clients up to a DataGravity SMB share.  Now that caught my attention, and sure enough 'it just works'.  Let's check out how.

Install Veeam Endpoint Backup Free & Configure Backup

There are several tutorials on the internet to show you how to install Veeam Endpoint Backup, so I will spare you all of the 'Next, Next, Next, Finish' details.  It really is that simple.  I tested this with Windows 7, but can be run on Windows 8, 2008R2 & 2012.  

Once installed, you simply need to configure the backup of the endpoint.  I chose to backup the entire computer to a shared folder on my DataGravity array which also serves as a backup repository for the Veeam backups of my VMs.  I scheduled this backup to run every night at a specific time, but one cool option is to schedule it run whenever the backup target is available.  Veeam Endpoint Backup actually throttles the frequency/activity of the backup so it doesn't compete with other applications running on your endpoint, and it doesn't mess around backing up stuff that doesn't matter like temporary and page files.  Very nice.

Backup Mode.png

Run a Backup of your Windows Endpoint

Now that we have configured and and started to protect our Windows endpoints, we can check the status of these Veeam restore points very quickly from the Control Panel.  You can open this up from endpoint itself by selecting the Veeam icon in the system tray.

This will allow you to see the status of all of your restore points, and drive into any of them to initiate a recovery.

RESTORING FILES TO A DATA-AWARE DATAGRAVITY SMB SHARE

To begin a restore, simply select the 'Restore Files' option under any restore point.  This launches the Backup Browser which allows us to specify the file level items to restore.  This is actually opening up the appropriate Veeam VBK and VIB files in the backup repository and presenting them in a directory tree (mounted to the the VeeamFLR directory).  In our case we won't actually be restoring the files to the original endpoint, but rather making use of the Copy function to extract all of these files up to a data-aware SMB share on the DataGravity array named End Point Data.

Checking for Sensitive INformation in Endpoint Data

We can now look at the data demographics of this endpoint within DataGravity to identify dormant data, file category growth, top consumers of space, as well as any sensitive items.  Looking at the File Analytics of this endpoint data we can see that there are several files with Credit Card numbers being saved.

Looking at the details of these files containing credit cards, we can see that this endpoint has Excel spreadsheets and Word documents with the Sales Team expense account information.  These include the credit card numbers of the team being stored in clear text.

We can also see from the search below, that there is content being saved out to DropBox and Google Drive from this endpoint.

 

Summary

For my customer, this series of steps was exactly what they were looking for - 1.) Getting a backup of their most important PCs & 2.) Understanding if there is sensitive data being saved, carried around (laptops), or being synced from these PCs.  The economics of the solution certainly couldn't be beat.  This highlights just one use case for the Veeam Endpoint product paired with DataGravity, but it certainly can offer much more: Volume level restores, Bare Metal Restores with Recovery Media, integration with Veeam Backup & Replication - the list goes on and on, which is a topic for a separate post.  Nice work Veeam.