Synology expands ActiveProtect Manager with cloud recovery and AI threat detection
Synology ActiveProtect Manager 2.0 adds cloud recovery, AI anomaly detection, malware scanning, and backup automation.
Synology has announced ActiveProtect Manager 2.0, the latest update to its ActiveProtect data protection appliances, extending the platform’s backup and recovery coverage across more cloud, virtualisation, and SaaS environments.
Table Of Content
The release adds support for Azure Virtual Machines, Amazon EC2, Nutanix AHV, Proxmox VE, and Google Workspace. It also introduces AI-powered anomaly detection, malware scanning, and automated fallback to help organisations reduce the risk of restoring compromised backup versions.
For enterprises managing hybrid infrastructure, the update brings two parts of the recovery problem closer together. ActiveProtect Manager 2.0 broadens where workloads can be protected and restored, while adding more checks around whether a backup version is clean enough to use.
Philip Wong, Chairman and CEO of Synology, said AI-driven threats have increased the need for data protection that is dependable and accessible. “AI has turned cyber threats into a force enterprises can no longer outpace, driving organisations to seek data protection that is both dependable and accessible,” he said.
Broader workload coverage across enterprise environments
ActiveProtect Manager 2.0 expands backup and recovery across major infrastructure categories, including IaaS platforms, SaaS applications, virtual machines, servers, endpoints, file servers, and databases. The new support for Azure Virtual Machines, Amazon EC2, Nutanix AHV, Proxmox VE, and Google Workspace gives IT teams more coverage across environments that often sit across cloud and on-premises systems.
That broader coverage is tied closely to recovery flexibility. VM instances can now be restored across platforms to either cloud or on-premises environments, giving organisations more options when the original production environment is unavailable, compromised, or unsuitable during disaster recovery.
Jia-Yu Liu, Executive Vice President of the Synology Data Protection Group, said the update “extends protection coverage to major clouds, hypervisors, and SaaS platforms, while introducing AI-driven threat detection that shifts data protection from reactive recovery to proactive defence.”
Recovery options extend beyond the original platform
The update also expands where backup copies can be stored and how they can be restored. ActiveProtect Manager 2.0 adds Azure Blob Storage as a backup copy and tiering destination, alongside other supported destinations such as ActiveProtect appliances, Synology NAS, Synology C2, Amazon S3, Wasabi, and S3-compatible storage.
By supporting cloud-to-cloud restoration from backup copy destinations directly to production VM environments, the platform can reduce the steps needed to bring workloads back online. Synology said this can help lower recovery time and associated costs, particularly when backup copies are already held in cloud object storage.
The cross-platform recovery model also gives IT teams more room to restore workloads into a different environment from the one they came from. Synology described scenarios such as restoring a VM from VMware to Proxmox and restoring data from Blob Storage directly to Azure.
For enterprises running hybrid or distributed environments, recovery depends on whether backup systems can map to the infrastructure already in use. ActiveProtect Manager 2.0 is designed to support restore workflows across multiple platforms, rather than tying recovery to one hypervisor, cloud platform, or deployment model.
AI detection checks backup behaviour earlier
ActiveProtect Manager 2.0 introduces AI and machine learning-based anomaly detection during the backup process. The system uses historical backup versions to flag unusual change rates, mass deletions, and entropy spikes, which can indicate suspicious activity in protected data.
The anomaly detection engine uses key metrics, metadata, and the past 30 backup copies as a baseline to identify irregularities in future backup versions. It also tracks activity such as file updates, mass deletion, change rate, and entropy, while continuous learning allows false positives to be identified and used to improve model accuracy over time.
When suspicious backup versions are detected, affected files are automatically quarantined. General self-service users can be prevented from restoring or downloading data from suspicious versions, while administrators can still access impacted data for investigation.
That changes the role of the backup system during an incident. Instead of treating the newest available backup as the default restore point, IT teams get an additional control layer to assess whether a backup version should be used.
Malware scanning and Auto Fallback support cleaner recovery
ActiveProtect Manager 2.0 extends those checks into the recovery stage through third-party antivirus integration. Synology describes the capability as Malware-Free Restoration, where backup data is scanned for potential malicious entities before recovery.
The platform also supports an isolated recovery environment. In this setup, a scan server sends output results to the backup server, while the backup server can remain air-gapped to keep the recovery environment isolated from outside threats.
Auto Fallback then handles cases where the latest backup version cannot be trusted. If ActiveProtect Manager detects a vulnerability in the latest version during pre-recovery malware detection, it identifies the latest vulnerability-free version and uses that for the recovery task.
Together, anomaly detection, quarantine, malware scanning, and Auto Fallback create a recovery workflow centred on clean restore points. The priority is not simply to recover from the most recent backup, but to recover from a version that has been checked before it is returned to production.
Efficiency features address backup growth
Synology is also extending ActiveProtect Manager 2.0 with tools aimed at reducing storage use, bandwidth demand, and manual administration. The update includes an end-to-end data reduction engine, synthetic full backup, auto-protection, and lifecycle automation.
The data reduction engine includes global source-side deduplication, which reduces outbound data transfer and lowers bandwidth costs. It also includes global server-side deduplication, which removes redundant data across cloud and on-premises VMs.
Synthetic full backup is designed to improve backup efficiency and data consistency by copying unchanged blocks and merging them with incremental changes. This allows backup systems to maintain full backup points without repeatedly moving the same unchanged data.
Lifecycle automation addresses another part of backup administration. Auto-Backup automatically detects emerging workloads based on a pre-defined protection strategy, while Auto-Retire retires and retains backups when workloads are removed from the source side.
The platform also supports 3-2-1-1-0 backup principles, covering three backup copies, two types of media, one copy at a remote site, one air-gapped or immutable copy, and zero errors through verification. Within ActiveProtect Manager 2.0, that model is linked to wider workload coverage, isolated or immutable backup copies, anomaly detection, malware scanning, and clean recovery workflows.
ActiveProtect Manager 2.0 is scheduled for release in Q3 2026.
