Identity-Based Attacks Are Now Targeting Backup Policies. New Anomaly Detection Feature from N-able Closes That Window

BURLINGTON, Mass.--(BUSINESS WIRE)--N-able, Inc. (NYSE: NABL), a global cybersecurity company delivering business resilience, today expanded its Anomaly Detection capabilities in Cove Data Protection to combat the surge in identity-driven cyberattacks targeting backup environments. The new functionality delivers real-time alerts when suspicious or unauthorized changes to backup policies are detected – giving customers an early warning system against the credential-based tactics attackers use to disable or corrupt backups before deploying ransomware.

Identity-based attacks have become a major driver of successful cyberattacks, with AI making these schemes even more convincing. With stolen or phished credentials, attackers can gain access to backup software and weaken backup policies. The 2025 Verizon Data Breach Investigations Report found that roughly 88% of basic web application breaches involved stolen credentials, making it clear how widespread this tactic has become. Once inside, attackers – and sometimes well-intentioned employees - can alter retention policies, exclude critical data from backups, and delete protected devices. These are subtle changes that can go unnoticed for weeks or even months before the attacker triggers the final ransomware event.

To give IT teams real-time visibility, Anomaly Detection introduces a vital layer of protection through event-based notifications that highlight these indicators of compromise. This capability notifies users of potential cyberattack signals or misconfigurations before they escalate, allowing organizations to take just-in-time action to safeguard their recovery posture and maintain data resilience. This new capability builds on last year’s Anomaly Detection feature, Honeypots, an always-on defense mechanism designed to detect brute-force attacks on backup infrastructure.

“It’s no longer just active systems under attack – backups are firmly in the crosshairs,” says Neil Douglas, CIO at Network ROI, a UK-based managed IT services provider. “If attackers gain access to the backup platform, they don’t always strike immediately. They can quietly manipulate backups, alter retention policies, or delete servers, then sit undetected for weeks (or even months). When they finally launch their attack, recovery can be impossible. In the past, we had no visibility into those subtle changes happening behind the scenes. Now, with real-time, event-based alerts for even the smallest alteration, we know the moment something suspicious occurs. That not only protects us from malicious actors but also guards against accidental misconfigurations. It’s a powerful step forward in strengthening our overall data resilience.”

“A new wave of threats is targeting businesses through stolen identities,” said Chris Groot, General Manager of Cove Data Protection. “Real-time alerts to backup policy changes give customers peace of mind by protecting them from risky changes that could affect recovery, whether that change was caused by attackers or employees. By catching these changes as they happen, organizations can stop identity-driven attacks and misconfigurations before recovery is compromised."

To learn more about how Anomaly Detection can strengthen your organization’s data resilience, visit our blog.

About N-able

N-able protects businesses from evolving cyberthreats. Our AI powered cybersecurity platform delivers business resilience to more than 500,000 organizations worldwide, leveraging advanced end-to-end capabilities, simplified workflows, market leading integrations, and flexible deployment options to improve efficiency and drive critical security outcomes. Our partner first approach pairs our technology with experts, training, and peer-led events that empower customers to be secure, resilient, and successful. n-able.com

© 2026 N-able Solutions ULC and N-able Technologies Ltd. All rights reserved.

The N-able trademarks, service marks, and logos are the exclusive property of N-able Solutions ULC and N-able Technologies Ltd. All other trademarks are the property of their respective owners.

Category: Product