Book demo
29 November 2024

R17.2: Boosting Backup Resilience & Recovery

Predatar R17.2: Viper brings practical enhancements designed to strengthen resilience and recovery strategies for customers and partners alike. Building on the foundations of R17.0 and R17.1, this release focuses on expanding Predatar’s AI-driven capabilities and refining operational efficiency in key areas.

Two standout features define this release: expanded support for the Recovery Risk Report and significant improvements to our IBM FlashSystem Safeguarded Copy scanning. These enhancements aim to provide deeper insights, faster workflows, and better outcomes for backup environments.

Recovery Risk Report

The Recovery Risk Report has been extended to include Veeam, adding to the existing support for IBM Storage Protect, Storage Protect Plus, and Rubrik. This feature offers AI-powered analysis of backup environments, helping organisations identify risks such as security gaps, workload vulnerabilities, and architectural complexities. With insights delivered in hours, the report provides clear, vendor-neutral recommendations without requiring intrusive consultancy or significant internal resources.

For partners and managed service providers, the Recovery Risk Report is an invaluable tool. It enables fast and accurate benchmarking of client environments, offering actionable insights that help guide improvements in cyber resilience. This streamlined process delivers high value for clients, giving them clarity on their recovery risks at a fraction of the cost of traditional consultancy engagements. Starting at $999, the Recovery Risk Report provides an affordable, impactful way to engage clients while demonstrating expertise and driving deeper partnerships.

FlashSystem Scanning Enhancements

R17.2: Viper also introduces enhanced processes for IBM FlashSystem Safeguarded Copy scanning. These updates focus on streamlining how snapshots are mounted, tested, and securely removed from the CleanRoom environment after use. These improvements reduce complexity and improve efficiency, ensuring that Safeguarded Copy testing is as seamless and effective as possible.

Together, these features reflect our commitment to simplifying resilience. R17.2: Viper gives organisations the tools to uncover hidden risks, improve recovery confidence, and act decisively—all without unnecessary complexity or cost. For partners, it provides a straightforward way to deliver value and open new opportunities in the backup and resilience space.

Check out R17.2: Viper here

Learn more about
Predatar recovery assurance

28 November 2024

Build a Business Case for Cyber Recovery Assurance

Cyber recovery assurance is a relatively new concept, but it’s one that is quickly becoming essential for most organisations.  Driven by the rapid evolution of cyber threats and a new generation of operational resilience regulations (including DORA, FISMA, PRA, and NIS2), cyber recovery innovation is thriving.

If you have evaluated the options but are struggling to get stakeholder buy-in or secure the budget for the technology you need, you are not alone.  After all, it is not like your business hasn’t already invested extensively in security and business continuity projects.

As the title suggests, the purpose of this article is to help you build a business case for your cyber recovery project. We will quickly explore the ‘why’ of cyber recovery, but the focus will be more on answering the following questions:

  1. Which department should pay for a cyber recovery project – infrastructure, security, or business continuity?
  2. What does this solution replace in my existing security, storage, or disaster recovery arsenal?
  3. How do I justify this expenditure to my financial officer?

Why Cyber Recovery Matters

After the terrorist attack on the World Trade Center in 2001, many companies scrambled to build out mirrored datacenters. Prior to this event, it was mainly the banks who could justify the expense of synchronous replication to a second or third site. As the cost of storage came down, more industries followed suit.

Since then, the threat landscape has grown and morphed, but the methods of defence have not kept pace.

The traditional threats to business continuity haven’t gone away – fires, floods, power outages, and terrorist activity – but now you must plan for cyber incidents too. In a cyber attack scenario, replication only exacerbates the problem. In 2024, ransomware attacks increased both in frequency and sophistication. Cyber criminals have increasingly targeted high-value sectors such as critical infrastructure, healthcare, telecommunications, and financial services. 

The Growing Importance of Backups.

The new threat of cyber attacks threw a spotlight on backup. Prior to this development, the backup market had started to move away from tape-based solutions – which were slow and difficult to manage – towards disk solutions. While this meant much faster recovery, it was at the expense of the ultra-safe, air-gapped tape copy – often stored in an off-site vault.

Suddenly, backup became part of the cyber problem. Threat actors were increasingly targeting backup repositories, and despite massive investment in security and disaster recovery, the ability of companies to avoid having to pay a ransom was actually decreasing. This represented a colossal return-on-investment failure of risk management.

While secure backup is critical, so is speed of recovery, so ‘rewinding’ to tape-based solutions, stored in off-site vaults, in underground bunkers, doesn’t solve the problem.

The rise of Recovery Assurance technologies has been driven by the need to guarantee that backups are safe and recoverable, before they are called-on in a crisis.

What is a Cyber Recovery Cleanroom?

Arguably, the cornerstone of any Recovery Assurance solution – a cyber recovery cleanroom is quickly becoming a necessity for operational resilience in many organisations.

A secure, isolated environment designed to proactively recover critical data and systems both before and after a cyber incident – a cleanroom is physically or logically separated from the main IT infrastructure to ensure safety from malware and unauthorised access.

With a cleanroom, users can validate the integrity of data before restoring it, ensuring that only clean, uncompromised data is reintroduced to the network. For a deeper dive into Cyber Recovery Cleanroom solutions, read our guide.

Aligning Cyber Recovery Assurance with Business Goals

According to Sophos, the average ransom in 2024 is $2.73 million. That’s an increase of $1 million from 2023.

On top of the cost of the ransom itself, organisations also face loss of income, and reputational damage. The CrowdStrike outage in July 2024, which wasn’t even a malicious attack, led to a combined loss of $4.5 billion for the Fortune 500 companies. Read the Guardian article.

If the need to recover from backups is increasingly likely, any solution which increases the predictability, while also decreasing the time to recover, will clearly align with the business goals of continuity and operational resilience.

Next, we will start to look at building a business case but before we do, consider that the average cost to run a datacentre for a medium sized company is between $5m and $15m per year (based on a mid-sized Russell 2000 company).

A second datacentre is designed for the old threat landscape of high-impact low probability events. A recovery assurance solution is designed for both new and old threats and costs a fraction of traditional disaster recovery.

Quantifying the Financial Risks of Inaction

Step 1 – Calculate downtime cost

As a rule of thumb, the average cost of an hour of downtime for mid-sized businesses is $84,650, making prevention a high-priority investment. This cost varies dramatically across different industry sectors, so, the first task in building a business case is to catalogue your applications and calculate the cost of an hour of downtime for each one.

Step 2 – Measure restore time

For each application add the time to restore from backup, assuming the backup is validated and safe to restore to production. Don’t know your restore time from backup? You are not alone. Organisations typically restore less than 1% of their data from backup in any given year.

A Recovery Risks Report can quickly give you insights into your backup environment and will help you understand the recovery time for each application.

Step 3 – Calculate Risk Premium

Map as many downtime-creating events as you can for which a recovery from backup might be required. Rank them based on likelihood and severity of impact. Examples include a localised server failure, datacentre power outage, database corruption, cyber or terrorist attack. Calculate the Risk Premium for each event. Here is an example:

Probability (P) is 1:50 in any given year, which is a 2% probability

Cost of event (C) is $1,000,000

The formula for Risk Premium = PxC

In this case the Risk Premium = 0.02 x 1,000,000 = 20,000

You could add more sophisticated techniques such as Quantitative risk analysis (QRA) or use Monte Carlo analysis, which considers many more variables and would be recommended for large projects.

Using this technique, or simply knowing your cyber insurance annual premiums will help to present a business case to a CFO in language they understand. In the example above, if the solutions cost $20,000 or less than you would expect little resistance from executives.

Step 4 – Create a Risk Matrix – Likelihood vs. Impact

Following on from Step 3 present the data in a Risk Matrix such as the one shown below.

Step 5 – Create a Cyber Resilience ROI matrix.

There is no single solution which can eliminate the risk of downtime from either a power outage or a cyber-attack. Building resilience is a journey. It’s about managing risk and taking a pragmatic approach to prioritisation. Some steps will be small, others will be much bigger.

For more information read the Closing your Cyber Recovery Gap eBook.

Once you have identified the recovery gaps in your organisation, map them out on a cost vs impact matrix (example below).

In the final assessment, it’s a judgement call. For example, if the cost of a data breach is estimated to cost your company $5 million, is an additional investment of $200,000 in a cyber recovery cleanroom, an appropriate one to dramatically reduce the impact?

Whose budget is it anyway?

According to a Splunk article, since the pandemic, IT security spending has experienced notable growth as organisations adapt to increasing cyber threats and digital transformation challenges. Recent data indicates global year-over-year growth in security and risk management spending of 14.3% in 2024, reaching $215 billion, compared to $188.1 billion in 2023. This expenditure far outweighs the equivalent figures for the backup and recovery market. And yet, the cyber insurance premiums continue to rise – suggesting the return on this investment has been poor.

Where to allocate the budget for a cyber recovery assurance project depends on its primary objectives, who stands to benefit, and who will manage it.

The considerations below are based on implementing a Cyber Recovery Cleanroom. Arguably, the security team stands to benefit the most but here are some options to think about:

  1. Infrastructure team (storage and backup).
    If the cleanroom will integrate with existing IT systems, ensure robust technical functionality, and automate manual backup administration tasks, assigning the budget to the infrastructure team is ideal. They can manage the hardware, software, and operational aspects efficiently.
  2. Security (CISO).
    When the cleanroom is aimed at mitigating advanced cyber threats or meeting compliance standards, the security team should oversee the budget. This ensures alignment with threat response and regulatory requirements, making the cleanroom a critical cybersecurity asset.
  3. Business Continuity (CFO / Compliance officer)
    For minimizing downtime and operational disruptions, the business continuity team is best suited to manage the cleanroom budget. This allocation could also help compliance officers meet regulatory requirements such as NIS2, DORA or GDPR. For a highly regulated business, a fine of 2% of revenue should be factored into any cost benefit analysis.

Ultimately, a cross-departmental approach provides the most comprehensive justification for the budget, ensuring alignment with technical, security, and business objectives.

How to get started?

If you are still struggling to get the commercial buy-in having followed the 5-step approach above, we suggest documenting your current recovery risks to provide additional evidence to support the business case. Predatar’s Recovery Risk Report evaluates vulnerabilities in recovery processes, identifying gaps in backup integrity, disaster readiness, and cyber resilience. This tool quantifies potential risks and impacts, enabling organisations to justify investment in cyber recovery assurance by demonstrating tangible benefits in operational continuity and reduced risk exposure.

Conclusion: Investing in Confidence and Resilience

Building a business case for cyber recovery assurance requires aligning its value with organisational goals like operational resilience, data integrity, and regulatory compliance. By quantifying downtime costs, assessing recovery times, and evaluating risks, buyers can clearly demonstrate the financial and operational benefits. Assigning responsibility—whether to infrastructure, security, or business continuity teams—depends on the project’s primary objectives and impact areas. Ultimately, a collaborative approach ensures the investment supports both technical needs and strategic priorities, reducing risk and enhancing preparedness for evolving cyber threats. Use tools like Predatar’s Recovery Risk Report to strengthen your case with actionable insights.

Learn more about
Predatar recovery assurance

25 November 2024

Building business biceps from 40 years of experience and hard knocks.

An MSP Evolution Story: Kon Kakanis, OneTeam IT

For the IT Channel, evolution isn’t just a buzzword; it’s the difference between thriving and going out of business. For OneTeam IT, an Australian reseller and MSP, that’s risen to become a Predatar APEX Partner, their journey has been one of resilience, reinvention, and a deep understanding of people and problems.

Predatar Founder & CEO, Alistair Mackenzie managed to speak to Kon as he was high-tailing it out of Brisbane to escape the supercell storms which were threatening to batter the Queensland coast. Not so much the “Sunshine State” that day but it did seem to be an appropriate scenario to be talking about resilience with this 40-year IT industry veteran.

From IBM to OneTeam: Building Credibility from Scratch 

Kon’s journey began at IBM, where, at the age of just 21, he was tasked with selling mainframes to senior government officials. Armed with a prestigious business card and good old-fashioned IBM training, he gained firsthand experience in earning credibility without an established track record. 

At 25, Kon helped to launch the reseller, Sundata, and found the transition from Big Blue was anything but easy. The memory of that time prompted my first question for Kon “How do you build trust when you’re starting from zero?” Imagine the stress and pressure he faced from his fellow board members, who waited 18 months for him to land his first significant deal. But that was 18 months of building trust with prospects, many of whom are still doing business with him today at OneTeam IT.

Kon explained that making the transition from reseller to service provider sometimes feel like starting again from zero. But it all starts with building trust with prospects and customers.

“Tell Me Where It Hurts”

Kon outlined a fundamental principle of the company’s trust-building approach, starting with the customer’s pain points. 

“It’s like going to the doctor,” Kon says. “The first thing you ask is, ‘Where does it hurt?’ People love to talk about their challenges, and if you genuinely listen, you’re halfway to solving the problem.” 

This consultative approach isn’t about flashy presentations or sales tricks. It’s about having the courage to delve into areas that might initially seem beyond your expertise. As Kon puts it, “If I don’t know the answer, I’ll go find it. But I’ll always tell the customer honestly whether we can help or not. Wasting their time would be wasting my own.” 

This ethos resonates throughout OneTeam’s culture, where fostering meaningful conversations has been the key to building long-term trust with clients.

The IT Industry – Then and Now

Reflecting on the industry’s evolution, Kon notes that the channels for building relationships have changed dramatically. “Forty years ago, you’d pick up the phone, and people answered. Now, we’re competing with voicemail, email filters, and endless distractions,” he explains. 

Yet, the core of the business remains the same: understanding the customer’s needs. And while the tools and strategies have evolved, Kon believes that authenticity and persistence are timeless.

Mentoring the Next Generation

One Team’s journey is also about passing the torch. Kon mentors MBA students and aspiring entrepreneurs, many of whom are diving into the world of software-as-a-service startups. 

“It’s inspiring to see their passion,” he says. “These young entrepreneurs aren’t necessarily drawn to the infrastructure side of IT like I was—they’re building cloud-based solutions from their garages. It’s a different world, but the same principles apply; solve real problems, build trust, and stay curious.” 

Scaling the business with Managed Services

For OneTeam IT, a strategic pivot has been the move toward managed services—a shift driven by the need for sustainable, high-margin revenue. Managed services encompass everything from managing systems to providing backup services and other recurring contracted offerings.

 Today, OneTeam is leveraging its partnership with Predatar to scale its backup-as-a-service offering, focusing on recovery assurance. Kon likens it to starting over but with decades of experience as a guide. 

“It’s like launching a new business within the business,” he says. “The energy is different, but the lessons learned over 40 years help us avoid the blind alleys and focus on delivering real value.” 

Addressing Customer Churn with Proactive Strategies

One of the significant hurdles for managed service providers (MSPs) is contract churn, often caused by customers underestimating the value of services once their IT environments are stabilised. As Kon explains, the phenomenon can feel like “a leaky bucket.” Customers initially approach MSPs to address pressing grievances, but as the provider resolves these issues, the customer may start questioning the necessity of the ongoing relationship.

To counter this, One Team IT employs a two-phase strategy:

1. Proactive Issue Mitigation: Before initiating a Managed Services Agreement (MSA), the company conducts an in-depth “take-on period” to address any major grievances upfront. This establishes a stable foundation for ongoing services, ensuring initial buy-in from the customer.

2. Continuous Optimisation: During the first six months, the team works to improve system efficiency and reliability, automating processes and gaining a deeper understanding of customer needs. This effort reduces costs and reinforces the value of the partnership.

This strategy creates the link between customer value and price, allowing OneTeam to offer a point of differentiation.

Lowering cost or dropping price?

A standout feature of OneTeam IT’s approach is its flexible pricing model. Recognising that customers appreciate transparency and fairness, Kon emphasises a commitment to lowering costs as systems stabilise.

“If you sign an MSA with us, we will commit to a reduction in cost for the same scope if you renew,” Kon says. This anti-inflationary approach not only builds trust but also demonstrates the company’s confidence in its ability to deliver value through automation, efficiency, and process improvements.

Shifting the Perception of Managed Services

Many customers perceive MSPs as expensive when compared to the costs of hiring in-house staff. According to Kon, this perception stems from a lack of understanding of the broader value MSPs provide. Talking data protection, he draws an analogy to a well-maintained house that can withstand storms versus relying on insurance to rebuild a flimsy house after damage, perhaps caused by one of those Queensland cyclones!

In this context, OneTeam IT positions its recovery assurance services not as “insurance” but as an investment in operational resilience. For instance, in backup and disaster recovery services, the emphasis is on ensuring data integrity and recoverability, rather than just selling a policy that covers potential losses. This shift from a cost-focused to a value-focused narrative helps customers appreciate the strategic importance of robust IT systems.

Tell them what you are doing. Then tell them again.

Effective communication is a cornerstone of customer retention for OneTeam IT. Kon highlights the importance of concise and impactful reporting to keep stakeholders informed of the value being delivered. “You don’t want to do it at a systems administrator level; you want to do it at a CIO or CEO level,” he asserts.

OneTeam IT’s service reports include:

  • Summaries of recovery testing outcomes.
  • Key performance indicators (KPIs) for metrics such as Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
  • Visual dashboards that clearly communicate system health and compliance.

Such transparency reassures customers that their IT environments are being managed effectively, addressing concerns from finance leaders who are inclined to question the value of every offering.

Driving Growth with Predatar

Predatar has been instrumental in transforming OneTeam IT’s operations. Its advanced dashboard capabilities allow OneTeam IT to provide customers with clear insights into their IT performance, including cleanroom recovery testing and adherence to SLAs. This level of visibility not only strengthens customer confidence but also aligns with the company’s goal of demonstrating continuous value.

Kon notes that tools like Predatar are particularly effective in illustrating the outcomes of disaster recovery tests and compliance with recovery metrics. These insights provide tangible evidence of the MSP’s effectiveness, helping to counter the misconception that IT services are merely a line item on the budget.

Conclusion

As customer expectations of MSPs continue to increase, OneTeam IT is proving that success lies not just in solving technical problems but in building trust, confidence, and resilience for its customers. With a clear vision and innovative strategies, OneTeam IT is well positioned to lead the industry into the future.

Is Your IT Channel Business Ready To Evolve?

More than 20 exceptional channel businesses are already on an evolution journey with Predatar. If your organisation has an ambition to deliver world-leading cyber resiliency services, get in touch to learn more about the APEX partner program.

Learn more about
Predatar recovery assurance

15 November 2024

Dell & Accenture: Recovery Beats Bigger Walls.

Cyber resilience is as much about bouncing back as it is about keeping threats out. At this year’s Control24 summit, Dell and Accenture took a hard stance on an evolving truth: cyber resilience today isn’t about building bigger digital walls but about how fast you can recover when the inevitable happens.

Why Fortifying Defences wont deliver Rapid Recovery

Liz Campbell, Dell’s EMEA Cyber Leader, and Christian, Accenture’s UK & Ireland Cyber Strategy Head, challenged the conventional ‘keep them out’ mindset. With threat actors adapting and even using AI to penetrate defences, they argued, it’s no longer realistic to think your walls will hold forever.

“Building bigger walls is outdated thinking,” Liz explained. “Today’s resilience relies on recovery solutions that go beyond traditional disaster recovery (DR) methods, which are usually too slow and don’t account for the way cyber threats move.”

Christian added that traditional DR was designed for limited, single-location outages, not for the rapid, multi-layered attacks we see today. The result? An over-reliance on old strategies, leaving a significant gap in organisations’ actual readiness. “Without a recovery plan that fits modern threats, many businesses are just replicating infected data across locations—hardly a safeguard in a ransomware attack,” he noted.

Isolated Data Vaults: Safeguarding Your Recovery

Dell has taken proactive steps to close this gap with its air-gapped data vaults. These isolated copies of critical data are untouchable by attackers during an incident, offering businesses a guaranteed path to recovery.

Elizabeth elaborated:

This approach from Dell signals a shift from “keep them out” to “keep your data safe” so recovery becomes more assured. It’s about prioritising continuity, even if the worst happens.

Accenture’s Recovery-First Resilience Strategy

While Dell focuses on the tech, Accenture brings the strategy. Christian described how Accenture helps companies map out a recovery-first approach that considers which services are mission-critical, minimising downtime by prioritising key recovery steps.

“The reality is, no business can withstand being down for days, let alone weeks,” Christian said. “Rapid recovery isn’t just a nice-to-have; it’s essential to staying competitive. Our work with Dell means we can deliver both the infrastructure and the game plan for resilience.” Accenture helps companies outline their top priorities, building recovery plans around what matters most so clients aren’t just reacting but responding with clarity and speed.

Resilience as an Ecosystem: Predatar, Dell, and Accenture

Cyber resilience is never a solo act; it’s about bringing together the right technology and strategic guidance to create an ecosystem of recovery. This is where solutions like Predatar come in, alongside Dell and Accenture’s collaboration. Predatar’s platform focuses on continuous testing and ensuring data is not just backed up but truly recoverable, pushing resilience from theory to practice.

By integrating Dell’s data vaults with Accenture’s strategic planning and Predatar’s continuous recovery assurance, businesses can stay ahead. It’s a holistic approach, where each partner addresses a unique part of the recovery challenge, ensuring companies are prepared not only to respond to an attack but to recover in a way that keeps their operations stable and their reputation intact.

Building a Recovery Assured Cyber Strategy

Liz and Christian’s session at Control24 laid down the essentials for building resilience that goes beyond defences. Here are a few takeaways:

  1. Invest in Isolated Data Vaults: Off-network, air-gapped data storage (such as a vault) ensures you have a clean copy of critical data to prevent malware from spreading.
  2. Adopt a Recovery-First Mindset: The combination of planning and the right technical solutions lets businesses pivot from pure prevention to recovery-first thinking.
  3. Leverage Predatar for Assurance: Predatar brings proactive recovery testing into the equation, validating that your data isn’t just backed up but truly recoverable when it matters.
  4. Engage Leadership in Resilience: Effective resilience planning extends beyond IT; it requires senior leadership to understands the value and invests accordingly.

Ultimately, cyber resilience today isn’t about stopping every threat. It’s about ensuring that, when attackers break through, your business can recover fast, strong, and with confidence. By working as an ecosystem, Predatar, Dell, and Accenture are leading the way in showing that resilience is about far more than prevention—it’s about being ready for what comes next.

Learn more about
Predatar recovery assurance

12 November 2024

A Guide to Cyber Recovery Cleanrooms

Cyber recovery cleanrooms are quickly becoming essential for any business concerned about their operational resilience. The new generation of cleanroom technology can prove your recoverability, enhance your data integrity, improve your incident response – and help you achieve regulatory compliance.

As is often the case with emerging technologies, every storage and backup vendor has its own approach, and unfortunately, there seems to be a certain amount of “cleanroom washing” to go with the hype. This is making the evaluation of solutions difficult and making buying decisions complicated and expensive.

This article by Predatar’s CEO Alistair Mackenzie will explain the benefits of cleanrooms. It will help you navigate the complexities of this emerging marketplace, and ultimately make better buying decisions.

1. An introduction to Cleanrooms

If you think a ‘cleanroom’ is only called on in exceptional, post-cyberattack scenarios, I’ve got news for you. The game has changed. Today, cleanrooms are so much more.

Where once, cleanrooms were used specifically for forensic analysis during the response and recovery phases of a cyber incident, today’s emerging cleanroom technology is making them an essential component for any data backup and storage system.

Today’s cleanrooms are powerful, proactive tools that you can put to work 24/7 to detect threats, test your recovery and boost your resilience.

2. The benefits of cleanrooms for Data Recovery and Data Security

2.1 Disaster recovery planning and governance

Whilst cleanrooms may have been a consideration in DR planning for some time, it would typically be in the context of how to provision one, when (or if) one was required.

As recognition has grown amongst IT and security leaders that recovery from snapshots and traditional backup copies is critical for disaster recovery and business continuity, so has the recognition that validation of these important workloads is falling well short of what is needed.

The truth is, very few storage experts can tell you with certainty how long a system will take to restore from backup, if it will restore at all, or whether it is safe to do so.

To answer these questions, IT leaders are searching for reliable, cost effective ways to conduct proactive recovery testing. The increasing drumbeat of regulations such as NIS2 and DORA in the EU, and FISMA in the USA is accelerating this search for answers.

The solution lies in the new generation of cleanroom technology that is emerging. It promises to revolutionise the expectations of storage and backup teams to guarantee rapid, and secure system recovery in the event of a cyberattack (or any other data-loss incident).

2.2 Security enhancements

Investing in a ‘just-in-case’ cleanroom is a luxury that few companies can afford, especially when storage and backup is viewed just through the lens of response and recovery.

It is worth therefore clarifying the possible use cases of cleanroom systems – both reactive and proactive.

  • We’ve already touched on the first use case – the temporary running of production machines in a safe environment. The main reason for this is post-attack validation of the system’s integrity and cleanliness.
  • Many organisations also use cleanrooms proactively (albeit on a one-off or occasional basis) to help them design their Business Continuity Plans (BCPs) and Disaster Recovery (DR) plans.
  • The third, and newest use case turns cleanrooms into a proactive threat-detection tool and puts backup data to work to boost security posture.

This third use case is rapidly becoming the most important, and is changing the way security leaders view storage and backup systems. So, what is driving this change?

At the time of writing, 74% of organisations who have deployed Predatar Cyber Recovery Orchestration have found unwanted files in their backup systems, despite running best of breed XDR tools on production systems. The ability to detect long-cycle cyber activity using the historical nature of backup data is helping to promote backup beyond response and recovery.

This third use case, allows cleanrooms to contribute to more stages of the NIST 2.0 security framework. As such, cleanrooms are no longer an expensive luxury. They are becoming a valuable and cost-effective operational asset.

3. Key criteria for selecting a cyber recovery cleanroom system

3.1 Ease of deployment

A cleanroom needs to be quick to deploy, ideally in a few hours. Unfortunately, most cleanrooms on the market today are little more than design blueprints and reference architectures. The last thing you want when your business is down and the pressure is on, is to start building your cleanroom from an instruction manual. You simply can’t afford days (or maybe weeks) of additional downtime while you setup your isolated recovery environment.

That said, if you have the time and skills to build your own cleanroom then blueprint documentation is a good place to start. An example of this can be found on IBM’s support webpage IBM Storage Defender: Cleanroom environments …just don’t wait for a crisis to get started!

3.2 Ease of use

If you plan to use your cleanroom to run proactive recovery testing schedules every day, then it needs to be serviceable. The recovery testing process needs to be fully automated – because few storage teams have the time or resources to do manual restore testing every day.

Your solution should be intelligent too – with the ability to respond to changes in storage or backup behaviour. For larger enterprises it should be capable of prioritisation, so that serious anomalies can be investigated quickly.

3.2 Cost considerations

The general expectation when speaking with IT leaders is that cyber recovery cleanrooms are expensive to build, and expensive to operate. This may have been true in the past, when the price tag was driven by the high-stakes scenarios where cleanrooms where often acquired. Today’s cleanrooms can be built quickly with commodity components. As a result, the cost has come down significantly.

The first generation of cleanrooms were based on proprietary technology and often only available as part of a vendor’s larger, more expensive cyber vault solution. At this point it’s worth noting the basic difference between a cyber vault and a cyber recovery cleanroom.

  • A cyber vault is used for storing an isolated, or air-gapped immutable copy of data. Good examples of cyber vaults include the Dell PowerProtect Cyber Vault, the HPE Zerto Cyber Resilience Vault, or for primary data storage on System Z, IBM has the IBM Z Cyber Vault. Cyber vault solutions can be extremely expensive because of their bespoke and proprietary nature. Prices typically start in the hundreds of thousands of dollars growing to millions for larger organisations.
  • A cyber recovery cleanroom on the other hand, provides a safe target environment with which to perform restore testing and security analysis of the restored data. A rule of thumb for third generation cleanroom technology is it should cost around 10-15% of the purchase price of your data backup solution. A cleanroom can be installed in just a few hours, and should include integrated XDR scanning tools.

Vaults and cleanrooms can be combined to bring the security fundamentals of immutability, air gaps and recovery testing into one solution. For more information on these fundamentals, read the Predatar Recovery Gap eBook, available here.

3.3 Integration with cyber resilient backup and storage vendors

A current trend for cyber security is platformisation. By consolidating tools and data into a single platform, organisations can reduce costs, streamline operations, and improve threat detection and response. The same trend will apply to cyber resilience, and given the multi-vendor nature of data storage; security officers will not want siloes across their cyber resilience architecture.

A typical infrastructure estate will have one vendor for mainframe, another for open system block storage and still another for file storage. This is also true for secondary storage.

Companies also typically change their storage supplier every five years or so. These are time-consuming projects, and if cyber resiliency tooling also hads to be changed every time the underlying storage was replaced, the decision-making would be even more difficult.

If you have a heterogenous storage and backup environment, you need cleanroom technology which is vendor agnostic. At Predatar, we’ve developed a SaaS control plane which can adapt to the underlying storage and backup products. Predatar is the only solution on the market today which supports IBM, Pure, Veeam, Rubrik and Cohesity.

3.4 Hybrid cloud workload support

Whilst it might be true that the attack surface is larger for windows and virtual machines; in DR planning, UNIX systems are often the priority. Security experts often talk about security posture, accepting and recognising the need to identify gaps in their defence. Automated and scheduled recovery testing must be made easy not just for VMware virtual machines, but also for bare metal, file servers, different hypervisors, and UNIX workloads. Until recently, this would require the purchase of multiple solutions. Whether you are testing your recoverability, or responding to a cyber event, do you really want to be juggling with point products?

This is an ongoing mission for the Predatar team. The latest release, R17 Viper, extends support from VMware to Hyper-V and Nutanix AHV hypervisors, with AIX support just around the corner.

3.5 Security and Access Controls

When evaluating a cyber recovery cleanroom, security and access controls are essential to maintain data integrity and prevent unauthorised access during recovery operations. To ensure a secure and isolated recovery environment, key considerations include a rigid deployment configuration and layered isolation architecture.

A well-designed cleanroom should use appliance-level isolation as the first security layer. This includes strictly controlled firewall rules, allowing only essential, pre-defined communication channels, and a restricted command pathway. Such an arrangement minimises interaction with production systems, preserving the integrity of the recovery environment while preventing malware contamination or unauthorized access.

The second layer, machine-level isolation, applies stringent security standards to the machines restored within the cleanroom. Automated network isolation, such as disabling network interfaces upon recovery, can be valuable in containing any potential malware. Furthermore, comprehensive malware scanning and data verification should be performed on each machine, ensuring a safe and reliable testing environment for data integrity.

These dual isolation layers, coupled with tightly managed firewall configurations and controlled virus definition updates, create a strong perimeter around the cleanroom. A prescriptive setup, which limits deployment flexibility, allows for consistency across environments, helping organisations ensure that recovery testing and operations are conducted securely without compromising production systems.

3.6 Reporting Capabilities

As cleanroom adoption grows, Chief Information Security Officers (CISO) will expect critical reporting and metrics to ensure comprehensive data storage and backup recovery readiness. As a minimum, key metrics including backup validation percentage must be monitored to ensure that all backups are complete and uncorrupted. Recovery point objectives (RPOs) and recovery time objectives (RTOs) are also essential; these track how frequently data is backed up and the expected time for recovery, ensuring minimal downtime and data loss in case of an incident.

With growing capability, we believe the CISO will want to see proof that backups have been fully scanned with best-of-breed XDR tools. Scanning backups for anomalies is useful, but it’s not a replacement for a deep malware scan. Only full scanning can detect dormant threats. Behaviour-based scanning will only detect anomalies caused by active threats in backup, when it’s already too late.

The CISO would also prioritise audit trails and compliance reports to verify adherence to regulatory standards, crucial for highly regulated industries.

3.7 Deployment options

Cyber recovery cleanroom deployment options vary based on an organisation’s security, accessibility, and compliance needs. Cleanrooms can be installed on either shared or dedicated infrastructure. Shared infrastructure allows organisations to utilise resources more efficiently, often reducing costs, but may limit control over the environment and security protocols. Dedicated infrastructure, on the other hand, provides exclusive access and stricter security, making it ideal for industries with high regulatory standards or sensitive data.

Proximity to the backup or storage system is critical for cleanroom deployment, as frequent restore testing requires minimal latency. Thus, many organisations opt for an on-premises cleanroom close to the backup systems. This setup ensures optimal speed and performance, especially crucial for frequent data verification and recovery tests.

However, advancements in cloud technology make the cloud a feasible alternative for cleanroom deployment, particularly for organisations with significant remote or distributed operations. A cloud-based cleanroom provides flexibility and scalability, allowing organisations to manage recovery efforts with remote access and on-demand resources. With robust access controls, encryption, and continuous monitoring, a cloud environment can serve as a secure, compliant option for cyber recovery, offering the added advantage of geographic redundancy for disaster recovery.

4. Cleanroom vendor evaluation checklist

4.1 Key Questions to ask vendors

How does your cleanroom solution facilitate regular backup and restore validation and proactive threat detection?

Look for capabilities in anomaly detection, XDR integration, and automated recovery testing to maintain robust operational security.

Is your solution compatible with diverse storage and backup environments, and how does it support multi-vendor integration?

Seek a vendor-agnostic solution that can easily adapt to various storage infrastructures to ensure flexibility and resilience over time.


What deployment options do you offer (on-premises, cloud-based, or hybrid), and how do they address latency requirements and compliance standards?

Ensure the cleanroom’s setup aligns with proximity needs, regulatory compliance, and preferred infrastructure to minimise downtime.

What automated features are included for recovery testing, reporting, and maintenance, and how customisable are these functions?

Prioritise ease of use and serviceability, with options for custom reporting and automatic anomaly response.

How does your cleanroom solution help us meet new regulatory requirements such as NIS2 or DORA, and what metrics does it track to prove compliance?

Look for a solution that tracks recovery metrics, maintains audit trails, and offers comprehensive reporting aligned with compliance standards.

5. Conclusion

Cleanrooms, once seen as a post-crisis measure, have evolved into proactive assets, enabling companies to regularly validate backup integrity and detect threats before they escalate.

When selecting a cyber recovery cleanroom solution, companies need to prioritise a technology that not only meets today’s data recovery and security standards but also future proofs their business continuity and disaster recovery strategies. With considerations from ease of deployment and cost efficiency, to vendor compatibility and deployment flexibility, modern cleanrooms offer robust support for both compliance and operational resilience.

Cleanroom systems vary widely, and nearly every backup and storage vendor has one in their portfolio. Choosing the right one depends on what data storage technology is currently used, budget, and any security considerations around deployment. By prioritising user-friendly, serviceable, and automated solutions that integrate within a diverse storage and backup environment, organisations can achieve a significant step-up in security posture. In today’s increasingly regulated environment, a cyber recovery clean room provides value by aligning with frameworks such as NIST 2.0, offering advanced threat detection, and facilitating regular recovery testing.

In a dynamic security landscape, investing in a high-quality cleanroom solution strengthens a company’s resilience, helping you meet both present and future demands for data security and disaster recovery.

If you’re ready to discover more about proactive recovery assurance with a cyber recovery cleanroom visit www.predatar.com

Learn more about
Predatar recovery assurance

06 November 2024

On the Road to Cyber Readiness

This week we announced some big news. Predatar has been awarded Veeam Ready status. So, why is this a big deal for us and for our customers on the journey to cyber readiness?


The journey began

Rewind just 2 years, and Predatar’s Cyber Recovery Orchestration (CRO) platform was exclusively for IBM backup customers.  Built to fill a competitive gap, we had an ambition not only to provide competitive levels of resilience to this very specific customer base – we wanted to give them total recovery confidence.

Despite our success in building the most innovative Recovery Assurance platform on the market, we couldn’t deliver total recovery confidence for most of our customers. Why? Because many of them – mostly medium and large enterprises – use multiple storage and backup technologies from different vendors.

A fork in the road

We recognised that total recovery confidence for our customers meant multi-platform support. We would need to bring our ground-breaking technology to all the big backup platforms – and primary storage technologies too.

The first integration we built outside of the IBM storage ecosystem was for Veeam. As the world’s most widely used backup & recovery platform the choice was a no-brainer.

We’ve come a long way

We launched Veeam support last year in the Predatar R14:Eagle release. It was a huge milestone. Today, Predatar supports IBM Storage Protect, IBM Data Protect, IBM FlashSystems, Veeam, Cohesity, Rubrik and Pure storage.

Customers have often told us they don’t want separate cyber resiliency solutions for each of the storage platforms they use. Now with just one Predatar CRO licence and one Predatar CleanRoom, customers can hunt-down and remove hidden malware, and run automated recovery testing across all of their storage technologies – 24/7.


A signpost on the road to resiliency

This week Predatar has been awarded Veeam Ready status. Veeam designed the Veeam Ready Program to help their customers find technologies they can rely on. The Veeam Ready badge lets the world know that the integration has been through an extensive validation process, and Veeam has deemed the Predatar solution worthy of the prestigious marque.



Benedikt Däumling, Business Solutions Architect at Veeam explains,

“Predatar’s Veeam Ready status let’s our customers know this is a tried and tested integration that they can trust.”

For Veeam customers on a journey to greater operational resilience, Predatar’s Veeam Ready badge is a clear sign of a solution they can rely on and one that’s worthy of serious consideration. According to Stefan Renner, Technical Director of Product Management at Veeam

Predatar gives Veeam customers a great choice for boosting resiliency.”


Accelerate your journey to cyber readiness

If your organisation is facing obstacles on the road to cyber readiness, it’s worth knowing that Predatar can be deployed in hours, and typically starts to deliver tangible results within a matter of weeks. In fact, Predatar has uncovered hidden malware in over 70% of customer deployments within the first 8 weeks.  In most cases the malware had been present for several months and had the potential to cause significant damage.

If you are new to Preadatar, take a look at our short explainer video, and read the Predatar + Veeam solution brief to see how Predatar can boost resilience in your Veeam backups.

Learn more about
Predatar recovery assurance

05 November 2024

Rubrik: The Lie Behind Your Recovery Plan

At this year’s Control24 summit, we had an exceptional session from Harpinder Powar (Field CTO at Rubrik) and Rich Cassidy (Field CISO at Rubrik). They covered a wide range of topics, from the rise of nation-state attacks and the persistence of cybercriminals in corporate systems, to the misconception that cloud providers are a safety net. But one topic that really stood out was their take on disaster recovery testing.

It’s an uncomfortable truth: annual disaster recovery (DR) tests just aren’t enough anymore.

The End of the Annual DR Test

Rich shared a familiar story from his experiences working in a large Financial Services business, where DR testing felt more like routine exercises than real-world preparations.

This hit home for many in the audience. In today’s world, where cyber attacks can strike at any time, the idea that an annual test is enough is dangerously outdated. As Harpinder put it,

Too many businesses treat DR as a compliance exercise, not a real strategy. They believe a once-a-year test is sufficient to protect against the ever-evolving threat landscape, but when the time comes to actually recover, those plans often fall apart.

Predatar’s Stance: Continuous Testing, Continuous Resilience

At Predatar, we’re 100% aligned with Rubrik on this. We believe that recovery is not just an annual exercise; it’s a continuous requirement. Our platform is built on this philosophy – automating recovery testing so that businesses aren’t left scrambling when disaster strikes.

Disasters, whether from cyber attacks or operational failures, don’t happen on a schedule. You can’t afford to wait until next year’s DR test to know if your systems are ready. Continuous resilience requires continuous testing.

As Harpinder pointed out in the session:

This shift in mindset is essential for businesses today. Recovering everything isn’t always necessary or even possible, but ensuring that your critical services can come back online quickly is vital. That’s where Predatar’s automation comes in, we ensure that your critical systems are regularly tested, recovered into clean environments, and ready to go when you need them most.

The Illusion of Resilience

Rich also touched on something that resonates deeply with us at Predatar: the illusion of resilience. Many businesses have a misplaced sense of confidence, thinking they’re covered – when, in reality, they’re unprepared.

This is the heart of the issue. Annual DR tests might look good on paper, but they don’t reflect the realities of modern cyber threats. What’s more, businesses that aren’t testing their recoveries regularly are leaving themselves exposed to massive risks.

The Predatar Promise: Resilience Through Automation

Predatar’s platform is designed to close this gap. We believe in continuous testing because resilience can’t be achieved with a yearly check-in. By automating recovery tests, we ensure that when disaster strikes, whether it’s a cyber attack, hardware failure, or human error, your business is ready.

To borrow from Rich’s metaphor, it’s like the Emperor’s with new clothes — many businesses are confidently marching forward, unaware that they’re dangerously exposed.

Don’t let an untested recovery plan leave you vulnerable when you need it most. mMake sure your resilience is real. Discover Predatar’s AI powered Recovery Assurance for Rubrik, Veeam, Cohestity & IBM Storage environments on our website.

Learn more about
Predatar recovery assurance