Emilee Tellez, Field Chief Technology Officer of Veeam Software, and Rick Vanover, Vice President of Product Strategy at Veeam, engage in a dynamic conversation during the RSAC 2025. Joined by Christophe Bertrand, Principal Analyst at SiliconANGLE and theCUBE, they examine the intersection of cybersecurity and backup solutions.
In this episode, Tellez leverages their extensive experience in field operations and strategic technology implementation to provide insights into Veeam's role in enhancing cyber resilience. Alongside Vanover, recognized for their strategic contributions to product growth, the discussion addresses Veeam's contributions to cybersecurity strategies and the importance of maintaining robust backup solutions to counteract ransomware and other cyber threats. Hosted by theCUBE Research team, the video explores these critical industry topics.
Key takeaways from the discussion include the importance of integrating backup and cybersecurity to form a holistic cyber resilience strategy, emphasized by Tellez. Vanover highlights Veeam's innovations, such as the Veeam Threat Hunter, a tool designed to enhance data protection. Furthermore, insights from Bertrand underscore the role of immutability in data protection and the evolving landscape of artificial intelligence in cybersecurity, outlining future prospects for Veeam's product advancements.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Emilee Tellez & Rick Vanover, Veeam
Emilee Tellez, the field Chief Technology Officer of Veeam Software, and Rick Vanover, Vice President of product strategy at Veeam, engage in a dynamic conversation during the RSA Conference 2025 in San Francisco. Joined by Christophe Bertrand, principal analyst at SiliconANGLE and theCUBE, they examine the intersection of cybersecurity and backup solutions.
In this episode, Tellez leverages their extensive experience in field operations and strategic technology implementation to provide insights into Veeam's role in enhancing cyber resilience. Alongside Vanover, recognized for their strategic contributions to product growth, the discussion addresses Veeam's contributions to cybersecurity strategies and the importance of maintaining robust backup solutions to counteract ransomware and other cyber threats. Hosted by theCUBE Research team, the video explores these critical industry topics.
Key takeaways from the discussion include the importance of integrating backup and cybersecurity to form a holistic cyber resilience strategy, emphasized by Tellez. Vanover highlights Veeam's innovations, such as the Veeam Threat Hunter, a tool designed to enhance data protection. Furthermore, insights from Bertrand underscore the role of immutability in data protection and the evolving landscape of artificial intelligence in cybersecurity, outlining future prospects for Veeam's product advancements.
Emilee Tellez and Rick Vanover of Veeam Software join theCUBE’s Christophe Bertrand at the RSAC 2025 Conference to explore how backup strategy plays a growing role in cybersecurity. The conversation highlights how organizations can strengthen cyber resilience through smart data protection.
Tellez shares how real-world field experience informs Veeam’s approach to integrating backup into broader security frameworks. Vanover details how product strategy evolves to keep pace with threats such as ransomware and support rapid recovery.
Together, t...Read more
exploreKeep Exploring
What are the benefits of Veeam being present at RSA and how does Veeam's technology contribute to cyber resilience?add
What are some important considerations for organizations to keep in mind when it comes to cybersecurity and data recovery processes, especially in light of the increasing threat of ransomware attacks?add
What are the features and benefits of Veeam's new software appliance?add
What approach is Veeam taking towards implementing AI in their offerings and what is the future of Veeam in this context?add
What do you think is a good start when it comes to Veeam's capabilities expanding beyond just backup and recovery?add
>> Welcome back to theCUBE RSA Conference 2025 in San Francisco. I'm joined today by two CUBE alums, Emilee Tellez, Field CTO at Veeam, and the Rickatron Rick Vanover, VP of Technology at Veeam. Thank you so much for joining us today. Let's talk about RSA. What are your impressions? Let's start with you, Rick.
Rick Vanover
>> Wow. First of all, it's a big event this year. I personally haven't been here since 2014. We've had the team have a presence for a long time. It's actually quite refreshing to see a really authentic energy, a really engaging audience, and we're bringing the good Veeam news to additional people here. So, so far so good.
Christophe Bertrand
>> Yeah, we'll talk about that in a minute. Emily, what's your take? Why Veeam at RSA? Backup and recovery meets cyber security? What's going on here?
Emilee Tellez
>> Absolutely. So backup and recovery, I mean, as you know if we look at, let's say for example, ransomware, there's a lot of organizations out there that have to think about not just their strategy, but their people process technology. But when it comes to that incident response lifecycle, you have recovery and Veeam, we're able to check the box on a lot of different recovery options for customers, so obviously we wanted to be here at RSA to help not only fight against the ransomware and those common threats, but then also ensure that we have customers that can build the right strategies and make sure that Veeam perfectly aligns with their cyber security strategy.
Christophe Bertrand
>> Yeah, and that's really what I've observed from a market standpoint, this confluence of cyber security and traditional backup and recovery really in what has become cyber resiliency, which I think is the name of the game now, and what people recognize as a critical new set of technologies that have to work nicely together. So, let's talk about that for a second, because obviously you're at the exhibit hall, there are lots and lots and lots of vendors, and you have... And Emily, we're talking about this last week at your big conference. About your partner ecosystem, let's talk about that. Why is it important for Veeam to be in cyber resilience and to have all of these partners?
Emilee Tellez
>> Absolutely. I mean, every organization out there, I mean, they're all taking the same approach. It's defense in depth, right? We're not utilizing just one single vendor for our security or for when it comes to GRC compliance, et cetera, so essentially what Veeam wanted to do is make sure that customers that have already made those large investments into companies like CrowdStrike, Palo Alto, Splunk, et cetera, keep that investment, leverage the tool sets that you already know and love, but be able to bring data protection along with it and allow us to feed into that ecosystem so that way your security teams can be able to make better decisions, get their mean time to detection down lower but even increase their mean time to response. So, Veeam's focused in on building out the security ecosystem. We currently partner with over 65 security vendors and we're constantly adding more. Part of me being here today was having a lot of conversations with new partners as well as building on additional integrations with others.
Christophe Bertrand
>> Yes, and there's no shortage of vendors today. It's an absolute zoo, the equivalent of about two city blocks underground, and that's two San Francisco city blocks. It's a lot of surface. Rick, let's talk about RPO and RTO for a second in the context of cyber resilience, because we used to know those reasonably predictable RPOs and RTOs, something goes wrong, there's some logical corruption, you have to pick up a bunch of VMs or database goes bad. Okay, that's more or less something we knew how to do. Now, ransomware comes in or cyber attacks come in, do we still have the same metrics, and how do you, with your technology and the integrations Emily was just mentioning, help get back to what we used to be able to predict, which was some recovery times that made sense and very minimal data loss?
Rick Vanover
>> Yeah, that's an excellent question, and I think it really takes a holistic approach of the stack. And if I look at what Veeam has brought to market, there are a couple of things I want to highlight. One is a technology that we have called Threat Hunter, Veeam Threat Hunter, and that is an iteration of something we've had for a long time. And the thought is we are this incredible copy of the data, and the best part is, it's not something that can interfere with production when organizations are running their workloads, so I recommend to people all the time to take the backups with Veeam and then run a Veeam Threat Hunter scan right after that. This is something that's optimized for our use case. Now, it is signature based, right? If you talk to any incident response individual or some of the advanced threats, signatures aren't the end all be all, but at least it's a very important additional data point. But that's also just part of it, so some of the integrations that Emily E was talking about, what really goes well with that is our additional indicators of compromise detection, so we can actually connect the worlds of this incredible copy of data. And the thought is these are very important data points when it comes to that time to activate a recovery or declare a disaster or whatever individuals have as a process. Pro-tip, if you don't have a process and a plan, now's a good time to start making one. But the thought here is it's very reasonable to expect that a cyber incident is going to be a different recovery experience. Okay? There's questions, there's answers, who's in charge, stuff like that. But the thought is we can absolutely still be in a world where those high speed recovery techniques are still something that organizations can enjoy, but it's super important that organizations know the tooling, it's super important that they've done some drills to be familiar with this stuff.
Christophe Bertrand
>> Right. And practice makes perfect. Emily, would it be fair to say that the workflow, the run books have fundamentally changed? As field CTO, what do you see every day in the field and what type of advice would you have for our viewers?
Emilee Tellez
>> Oh, boy, that is a loaded question, but it's a great question. I think, for a lot of customers or for a lot of organizations, they've been so siloed in their approaches, right? You have our IT ops teams that's just focused in on, "Is the data protected? Do we know how to do the recovery? What's our RTO? What's our RPO?" And then now they have to take a step back, talk to their security teams and really understand, to your point, "What are those true SLAs that we need to hit? And what is our process for verifying is the data going to be clean when we do the recovery? Where are we recovering to? Who do we need to involve inside of this process if it's been a breach, if the data that was impacted has any type of PII or compliance related around it, if we're part of CERCIA, having to report that within 72 hours?"
There's a lot around the cyber recovery process that I think organizations are starting to get their hands over this entire new world that we have to live in just due to ransomware. Usually, my advice to those organizations is, number one, invest in doing a tabletop or workshop and bringing in all of those people that have to make decisions, because last thing you want to do is you're in an incident and you're now having to think off the top of your head, or you have maybe an individual that wants to play hero and maybe they unfortunately make some wrong decisions and they end up in a more compromised type of situation, so usually for us, it's let's bring everybody together, all the stakeholders that have a decision to be made in the process, and let's start covering all the bases from a basic breach to a ransomware note with encryption and operational disruption, and then all the way down to your recovery process and who all has hands-on keyboard to do that. And part of that approach also included our acquisition of Coveware, which is an incident response firm that deals with negotiation and helping organizations when it comes to those types of incidences that occur. We've really leaned into them as being those SMEs and allowing them to bring in and give that information to not only our Veeam customers, but also organizations to really understand what their process looks like.
Christophe Bertrand
>> Yeah, it's an interesting acquisition because I can see how, in time, you will also integrate a lot of the IP and the knowledge into the product. I don't think we're quite there yet, but definitely I would not be shocked if that happened. Also, probably with a reasonable and healthy dose of AI, and we'll talk about that. A couple more questions. We've recently conducted survey, you guys do surveys also, and I'll just, without divulging too much, we're still under wraps and we're going to be publishing the results soon, clearly backup and recovery infrastructures are under attack. Just like storage systems, just like a bunch of other critical systems, it's a primed system that you would want to go after if you're a bad guy, in these days with AI, by the way. Maybe Rick, you can give us a sense as to what do you do to really protect the protector at Veeam, because I think that's a big question.
Rick Vanover
>> Protect the protector, I love that. The thought is we have really good insights here as the largest provider of backup recovery solutions in the world. We've seen a lot of scenarios and the single most effective specimen to drive data recovery in an incident like that is an immutable backup, okay? And so we've educated our partners, our sales teams and things like that. And a big challenge, I'll throw down here, if we have backup copies in something like a bucket in the cloud, an immutable target like that, and the customer has that encryption key, their own encryption key, we don't have a case of organizations unable to recover data. I mean, that's a very powerful thing to say, and we're serious about it. That is our resiliency. That's one example of our resiliency in the market. But my advice to the market is if you don't have one or more copies of data, that is what I like to say, "ultra resilient," that is a plausible emergency for an organization, absolutely have to have it.
It doesn't have to be the cloud. There's plenty of other ways to do that, but my advice is we have to know what those are, we have to know where they are, we have to know how to get them. A lot of people, I get specific with things like, "Make sure access keys and encryption passwords are also in the password vaults." And stuff like that. Those are things that'll save you a lot of time when it comes to that time. And my advice above that though, is to yes, prepare for breach. It comes right out of the zero trust kind of mentality. You need to be ready for that. And having that ultra resilient copy is very effective, a must have, in today's world and arguably, you could say maybe even two, two copies that are ultra resilient.
Christophe Bertrand
>> Right. You were a champion of the 3-2-1-0 a few years ago. I don't know if that number sequence still works. It feels like it's 3-2-2-1-1-0-0.
Rick Vanover
>> It's flexible. It doesn't prescribe any specific configuration or yet it can handle nearly any type of disaster. 3-2-1-1-0, the extra zero is no surprises. One, that's ultra resilient or more, and then three different copies, two different media, one off site. It actually was born in the digital photography world when they switched to cards versus film. It was like a big change for that space, but it works well for this era. It's a zip code now, maybe next year it'll be a phone number.
Christophe Bertrand
>> That's funny. Yeah, if you continue, it's going to be an encryption key itself. I'm not going to say how many bits. Okay. Let's talk about what you've recently announced at VeeamON, which was last week, something got my attention, a couple of things got my attention. We'll talk about AI in a minute, but what about finally a software appliance? Look at that. Emily, what can you tell us about it?
Emilee Tellez
>> Yes. Absolutely. It's a Veeam software appliance, Just Enough OS is what we're coining the term there. Essentially, it's an easy way for our users to be able to download an ISO or OVA and be able to deploy that on the hardware of their choice, whether that's going to be physical or virtual. Essentially, we wanted it to be flexible for all of our users, but the biggest portion of that is that the security and everything from an update perspective is all maintained by Veeam. We're going to handle all of that out of box, and it's just going to make it very simple for organizations to be able to deploy it and get their data protection policies running as quick as possible. Now, there were some good security integrations that were also added in there, like high availability, which we demoed on the main stage, right? Being able to have some redundant copies in the event that we were to have some type of issue or failure with production. But then also integrating or introducing some new roles like a security officer role where they would have approvals for specific, or I would say sensitive operations around the VSA itself, so there was a lot of really great R&D effort and work that has gone into the new software appliance. We're very excited to announce it and have it available.
Christophe Bertrand
>> It's a Linux-based appliance, Just Enough OS, and you can run it on literally any type of hardware, but you will have some recommendations obviously on the type of configurations that work,-
Emilee Tellez
>> Correct....
Christophe Bertrand
>> what to avoid, what to look for. Okay.
Emilee Tellez
>> Yep, absolutely. Yep. We'll have about five or so launch partners. We already had one that jumped the gun and made their announcement previously for VeeamON, but we'll have some others that'll be coming out shortly as well.
Christophe Bertrand
>> Yeah, I suspect this will do really well with a lot of your partners. It will do very well on their channel. We'll see. I may be wrong, but I have a pretty good sense that it will be very successful. The other thing that got my attention was obviously there's this interesting relationship between cyber resiliency, data protection and AI, so leveraging AI, the bad guys, the cyber actors, leveraging AI to build more aggressive and more successful attacks. Maybe at some point we'll see some agents being able to drive the attacks, that's probably already started. At the same time, data protection and cyber resiliency as an extension, in the context of what we discussed, can really benefit from AI as a tool, as a feature set, whether it's through genAI, whether it's through some generation of code or better support, better ability to automate those complex workflows. Rick, where are we with, are you going inject AI and what do you see as the future for Veeam in this context?
Rick Vanover
>> I'll be the first to say, what I do not want to do is do AI washing. I want the world to know that Veeam is taking taken a very practical, user benefit first approach to AI. And we announced a part of our vision, and there will be a new offering. It was showcased last week at VeeamON called Veeam Guardian, but I'm a product person, I like to see it in action, in the concepts, on the go. One of the previews we did, and it really got organizations starting to think about the potential of this data fabric, lack of a better word, that is the backup data that's under management by Veeam, we're literally allowing people to talk to the data. The example we showed last week was, "Okay, let's take an enterprise app, SharePoint, it's protected by Veeam, and let's ask it some questions about years of retention." Like, "Where are all of the data points on this part of our business?" And then I could keep scoping down these questions to something more specific, and then this final output, the beautiful thing was, it was littered with references to where in the source data it got this, so it's solving one of those big problems with AI of being explainable and justifiable that you can map it to the business. That's one of the big risks that, "I don't know how that happened. I don't know where we got that information." That's another discussion on the explainability, but this is just one example of being able to talk to your data. Really, really powerful stuff. I think Veeam's going to get this one right.
Christophe Bertrand
>> Well, yeah, because it's all about data. And then of course the ability to classify data. You can also get into security, posture management, just like that. Obviously, compliance, governance is a big topic, and to a large extent, forensics. I mean, now, you can be part of the stream of forensics that needs to happen when something came up, "What happened?" You can literally roll history back and say, "Well, this is when the file or the executable appeared, or whatever it is that happened and the configurations that changed." So, I think that's very powerful, above and beyond all of the other use cases. It feels like we're starting to slowly but surely open Pandora's box. Emily, I'd like for you to maybe look in your crystal ball and tell us what do you see in the next year or two years, if you think about cyber resiliency, what are the next sort of frontiers that will quickly get to either within the Veeam sort of general perimeter, but also in the industry? What do you see as the next big things?
Emilee Tellez
>> Oh, there's a lot of things that are happening, right? I mean, Rick just mentioned one of them, which is around the AI piece, but obviously looking at what we just saw, Entrust actually who's a Veeam partner of ours, they just made their announcement of going in and looking at different ways in which they can help customers or organizations with the way that they're handling encryption and KMS, as well as we have other partners that are talking about automation and making it easier. What I see from our perspective is actually us being able to integrate closer with those types of vendors and those types of partnerships specifically in helping them with the meantime to detection, the meantime to response, making it so much easier for organizations to build out those incident response playbooks. And then on top of that, making sure that they can have that overall compliancy be recognized because there's new cyber laws that are being generated per region, it feels like every other month now, right? So how can we ensure that we're maintaining compliance, that there's no laws that are being broken or that need to be reported on, so that is also something that Veeam is very much so focused in on the future.
Christophe Bertrand
>> Right. Better response, AI and compliance as the next frontier. Final words of wisdom from the Rickatron?
Rick Vanover
>> The Rickatron crystal ball. Okay. I think, when I just mentioned talking to your data, is a good start. I think it's reasonable to expect that Veeam is actually going to really land a vision in the market of being more than backup. Okay, we need backup and recovery. I have nothing but evidence of bad things happening to good data, and I'm tired of seeing it, so we want to protect it. But I think when you take the example of talking to your data, you're going to see Veeam capabilities go kind of into the business of like, "Hey, this is something I can use more than just recover and cyber resiliency." So I see us really broadening our portfolio, getting into that, running the show use case.
Christophe Bertrand
>> So, Veeam as the one source of data, the one data platform, maybe?
Rick Vanover
>> It's the data fabric.
Christophe Bertrand
>> The data fabric. Okay. Well, I'm sure there'll be lots of messaging and positioning conversations in our future.
Rick Vanover
>> Well, we'll see, we'll see about that.
Christophe Bertrand
>> All right, well, Emily, Rick, thank you so much for your time. And to our viewers, thank you for watching us. My name is Christophe Bertrand, Principal Analyst at theCUBE Research, and we are at RSA conference in San Francisco. Thank you for your time.
Christophe Bertrand