.jpg)
N-able, Inc., a global cybersecurity company focused on business resilience, has expanded its Anomaly Detection capabilities in Cove Data Protection to address the rising wave of identity-driven cyberattacks targeting backup environments. The new feature provides real-time alerts for suspicious or unauthorized modifications to backup policies—such as altered retention settings, excluded data, or deleted protected devices—enabling IT teams to detect and respond before attackers disable recovery capabilities ahead of ransomware deployment.
Identity-based attacks remain a dominant tactic, with the 2025 Verizon Data Breach Investigations Report noting that approximately 88% of basic web application breaches involved stolen credentials. Attackers increasingly use legitimate access to quietly sabotage backups, often remaining undetected for weeks or months. Even well-intentioned employee errors can introduce similar risks. By monitoring policy-level changes in real time, N-able closes this critical window, complementing last year’s Honeypots feature that detects brute-force attempts on backup infrastructure.
The enhancement delivers event-based notifications that highlight potential indicators of compromise or risky configurations. This gives IT and security teams immediate awareness of changes that could compromise recovery posture—whether from external attackers or internal mistakes—allowing just-in-time remediation to preserve data integrity.
“It’s no longer just active systems under attack – backups are firmly in the crosshairs,” said Neil Douglas, CIO at Network ROI, a UK-based managed IT services provider. “If attackers gain access to the backup platform, they don’t always strike immediately. They can quietly manipulate backups, alter retention policies, or delete servers, then sit undetected for weeks (or even months). When they finally launch their attack, recovery can be impossible. In the past, we had no visibility into those subtle changes happening behind the scenes. Now, with real-time, event-based alerts for even the smallest alteration, we know the moment something suspicious occurs. That not only protects us from malicious actors but also guards against accidental misconfigurations. It’s a powerful step forward in strengthening our overall data resilience.”
“A new wave of threats is targeting businesses through stolen identities,” said Chris Groot, General Manager of Cove Data Protection. “Real-time alerts to backup policy changes give customers peace of mind by protecting them from risky changes that could affect recovery, whether that change was caused by attackers or employees. By catching these changes as they happen, organizations can stop identity-driven attacks and misconfigurations before recovery is compromised."
The expanded Anomaly Detection capability reinforces N-able’s focus on proactive, AI-powered resilience, helping partners and customers safeguard backup environments against credential abuse and maintain business continuity.
About N-able
N-able protects businesses from evolving cyberthreats. Our AI powered cybersecurity platform delivers business resilience to more than 500,000 organizations worldwide, leveraging advanced end-to-end capabilities, simplified workflows, market leading integrations, and flexible deployment options to improve efficiency and drive critical security outcomes. Our partner first approach pairs our technology with experts, training, and peer-led events that empower customers to be secure, resilient, and successful.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.