Keepit Live World Tour: Join us in a city near you

Keepit Platform LoginPartner Portal Login
Support
ENDEFRES
Keepit Platform LoginPartner Portal Login
Support
ENDEFRES
Get a demo
HomeBlogIntroducing anomaly detection: Visibility, control, and faster response in your backup data

Introducing anomaly detection: Visibility, control, and faster response in your backup data

Inside KeepitApril 30, 2025 | 4 minutesBy Hleb Laurukevich

At Keepit, we believe backup shouldn’t be passive. It should give you awareness and insight — not just after something happens, but while it's happening. That’s the thinking behind our newest feature: Anomaly Detection Dashboard. 

  

Anomaly detection helps you identify unexpected changes in your backup data, so you can act fast — whether it’s due to a mistake, a misconfiguration, a malicious attack, or something else. 

First, what is anomaly detection? 

Anomaly detection monitors backup snapshots and alerts you when there’s a significant change in your data — like a sudden drop in volume or a large number of files added or modified. 

Let’s say, for example, 30% of your tenant data disappears between snapshots, the system flags it. You’ll see exactly where the change occurred and when, so you can react quickly and investigate the cause. 

This is especially useful when handling: 

  • Cyberattacks (e.g., encryption or mass deletion)  
  • Accidental or unauthorized data removal  
  • Unexpected configuration changes  
  • Sudden data growth or reorganization 

It’s designed to help prevent major incidents — or at least minimize their impact — by giving you a clear signal that something’s different. 

Why anomaly detection matters for SaaS data protection

Many customers already use third-party tools to analyze what's happening in their live environments. But they also want that level of insight in their backups — because backup is the last line of defense. 

With anomaly detection, backup becomes more than storage. It becomes a source of truth and a key part of your security strategy. This visibility supports faster decision-making and more confident recovery. 

Keepit’s Anomaly Detection Dashboard 

While similar functionality exists in the market, what sets Keepit’s approach apart is the end-to-end flow. Anomaly detection is directly connected to our platform’s built-in investigation and recovery tools — so you can go from alert to resolution without leaving your dashboard. 

Backup becomes more than storage. It becomes a source of truth and a key part of your security strategy.

From detection to recovery: a seamless workflow 

Anomaly detection integrates directly with Keepit’s comparison and restore tools, giving you a complete flow from alert to resolution. When an anomaly is flagged, you can:

  • Compare the snapshot with its previous version 
  • Drill down to see which folders or users were affected 
  • Restore data at the folder or file level

This built-in workflow supports faster incident response — making it easier to validate the anomaly, identify the root cause, and recover only what you need. Everything happens within the same platform, with no need to switch tools or dig through logs manually. 

How anomaly detection works 

The Anomaly Detection Dashboard shows monthly trends and highlights any anomalies detected across your backup snapshots. 

  

Each anomaly includes:  

  

  • Date of detection  
  • Size change in gigabytes  
  • Percentage change  
  • Item count: the number of files added, modified, or removed 

  

Anomalies are classified into one of the following three types: 

 

  • Added  
  • Modified  
  • Removed 

  

These categories help you quickly understand whether the change looks like a normal update — or something more critical. For example, a “removed” anomaly might point to mass deletions, while “modified” could be a sign of encryption. 

  

You can jump from any anomaly into a snapshot comparison, where you can:

  • Filter changes by size or path  
  • Drill into specific folders or users  
  • Identify the exact files impacted  
  • Restore folders or individual files if needed 

This lets you validate whether a change was expected — and if not, take action immediately.

What would a real anomaly detection incident look like? 

Here’s a hypothetical, yet realistic, example:

Let’s say you detect a 57% data removal, representing 5.1 GB missing from a snapshot. You can trace that removal to a specific user account and folder (such as a OneDrive Documents directory). You find three folders were deleted — either by accident, or as part of a suspicious event. 

  

From there, you can restore the data with one click — either at the folder level or file by file. Once restored, the incident is resolved, and your data is back and operational again. 

  

That’s the flow: Detect → Investigate → Recover. 

What to do when an anomaly is detected 

When an anomaly is flagged, the first step is to investigate it using Keepit’s built-in snapshot comparison tool. From the Anomaly Overview section, you can click into the specific event and compare the snapshot where the anomaly occurred with the snapshot that came before it. 

This allows you to:

  • Browse affected folders and files 
  • See exactly what was added, deleted, or modified 
  • Understand the scope and significance of the change

If the anomaly is critical — such as large-scale deletion or suspicious modification — you can restore the most relevant backup version. Whether you need to bring back an entire folder or just a few files, you can act right away, all from within the same platform. 

Alerts, integrations, and SIEM support 

When an anomaly is detected, Keepit automatically sends an email alert to system admins. For organizations using SIEM or CIEM tools, anomalies are also logged in the audit log — giving you the option to parse and trigger workflows using your existing security infrastructure. 

Future releases will expand support for dedicated anomaly types within audit logs, allowing even more granular integration and filtering. 

Packaging, release date, and availability 

Anomaly detection will be included in the Enterprise Unlimited and Governance Plus packages. The feature will be available in the 10.5 release, scheduled for May 11, 2025.

For most eligible customers, anomaly detection will be enabled automatically. If you have a custom package or are unsure about your configuration, our customer success team is ready to help. 

Getting started 

Once the feature is enabled, you’ll find anomaly detection in the monitoring dropdown of your Keepit dashboard. There, you can explore anomalies, compare snapshots, and restore any data affected by unexpected changes.

Anomaly detection gives you real-time visibility into your backup environment — so you're not just reacting to problems but staying ahead of them. 

Data protectionDashboardData Anomaly DashboardAnomaly detection

Hleb is a product manager at Keepit where he channels his passion for intelligent technologies like anomaly detection to make systems more secure and resilient.

Driven by a commitment to helping businesses protect their data with reliable SaaS backup solutions, Hleb focuses on transforming complex challenges into simple, powerful products that people trust and love to use. 

Inside KeepitJan. 8, 2025 | 5 minutes

Keepit’s Data Protection Dashboard
SecurityMay 29, 2024 | 7 minutes

What does ransomware recovery look like?
Inside KeepitFeb. 25, 2025 |

Intelligent resilience: The future of SaaS data protection