The Anomaly Detection for Critical Configuration Changes provides proactive visibility into configuration changes that could impact backup integrity and client data protection.
This feature allows continuous monitoring of critical backup and platform settings with automatic generation of alerts when a high-risk modification is detected. These alerts help customers quickly identify and address unusual or potentially harmful activity to mitigate risks of data loss or any unauthorized activity.
Significance of this feature
Backup configuration changes are uncommon operations, typically performed only by authorized administrators. Unexpected changes, such as shortened retention, modified backup selections, or backup schedule deletion may indicate human error, misconfiguration, or unauthorized access.
For example, if an attacker compromises a backup administrator’s account, they might not delete backups immediately. Instead, they could gradually weaken protection by:
-
Reducing data retention (e.g., from 1 year to 7 days)
-
Adding sensitive files to the exclusion list
-
Disabling new backups
Over time, these changes reduce the number of recoverable backups and may leave the environment vulnerable.
Critical Configuration Changes notifications enable early detection of potential risks, allowing customers to take corrective action before a ransomware attack or any data loss event.
Operational Flow
When a critical configuration change is detected, an alert is automatically sent by email.
Each alert includes the following details:
-
What happened: Refers to the type of change (for example, retention reduced, backup schedule deleted, selection modified)
-
Who performed the change: Refers to the user name, email address, IP address
-
When it occurred: Refers to the date and time of the modification
-
Recommended actions: Refers to the remediation guidance (if applicable)
Benefits
-
Early warning of risk: Detects potentially harmful changes before they affect recovery options
-
Operational transparency: Gains visibility into backup policy adjustments across all managed devices
-
Faster incident response: Quickly identifies the source and context of suspicious activity
-
Enhanced resilience: Ensures that backup configurations remain aligned with organizational and compliance requirements
You can configure Critical Configuration Changes notifications feature while adding notifications.