The Anomaly Detection for Cove Data Protection (Cove)'s Critical Configuration Changes provides proactive visibility into changes and deletion of configuration that could impact backup integrity and client data protection.
This feature allows continuous monitoring of critical backup and platform settings with automatic generation of alerts when a high-risk modification is detected. These alerts help customers quickly identify and address unusual or potentially harmful activity to mitigate risks of data loss or any unauthorized activity.
Significance of this feature
Backup configuration changes are uncommon operations, typically performed only by authorized administrators. Unexpected changes, such as shortened retention, modified backup selections, or backup schedule deletion may indicate human error, misconfiguration, or unauthorized access.
For example, if an attacker compromises an administrator’s account, they might not delete backups immediately. Instead, they could gradually weaken protection by:
- Reducing data retention (e.g., from 1 year to 7 days)
- Adding sensitive files to the exclusion list
- Disabling new backups
Over time, these changes reduce the number of recoverable backups and may leave the environment vulnerable.
Critical Configuration Changes notifications enable early detection of potential risks, allowing customers to take corrective action before a ransomware attack or any data loss event.
Operational Flow
When a critical configuration change is detected, an alert is automatically sent by email.
Each alert includes the following details:
- What happened: The type of change that has been made (for example, retention reduced, backup schedule deleted, selection modified)
- Who performed the change: The user name, email address, or IP address of the person who has made the change
- When it occurred:The date and time of the modification
- Recommended actions: If applicable, Cove may provide remediation guidance to minimize loss.
Benefits
- Early warning of risk: Detects potentially harmful changes before they affect recovery options
- Operational transparency: Gains visibility into backup policy adjustments across all managed devices
- Faster incident response: Quickly identifies the source and context of suspicious activity
- Enhanced resilience: Ensures that backup configurations remain aligned with organizational and compliance requirements
You can configure Critical Configuration Changes notifications feature while adding email notifications.