Book demo
20 December 2024

AI in Cybersecurity: Dell Questions the Hype

At this year’s Control24 summit, we heard a range of insightful perspectives on AI in cybersecurity. While IBM‘s Martin Borrett explored the transformative potential of AI, highlighting its dual role as both a tool and a threat, Steve Kenniston from Dell approached the topic from a different angle, focusing on foundational security practices and the importance of a balanced approach. Together, their insights provide a well-rounded look at AI’s role in today’s cybersecurity landscape.

The 90-10 Rule: Focus on What Works

Steve introduced his ’90-10 philosophy’, which proposes that 90 percent of what’s needed to secure your environment can be achieved through fundamental security practices. The remaining 10 percent accounts for newer, specialised approaches like managing prompt injection risks in Gen AI models. But he cautioned against chasing trends without solid basics in place, urging organisations to keep their focus on what has consistently worked:

  1. Reducing Attack Surface: Steve pointed out that roughly 47 percent of breaches exploit weaknesses in basic defences, threats that don’t necessarily need advanced tech to address. Core measures like multi-factor authentication, role-based access, and regular patching are still the first line of defence, effectively countering nearly half of common attacks.
  2. Detection and Response: Building on Martin’s view of AI as transformative, Steve reframed the conversation, reminding us that traditional AI-driven tools, such as MDR (Managed Detection and Response) have provided critical support for years. “AI and ML tools have been built into security solutions for decades,” he noted, emphasising the value of these existing AI solutions in reducing detection and remediation times.
  3. Recovery Readiness: Steve highlighted the importance of robust, regularly practised recovery strategies, sharing that only 37 percent of organisations currently recover from air-gapped storage, leaving a crucial resilience measure underutilised. “Practise, practise, practise,” he urged, likening it to military drills that prepare teams to respond intuitively in a real incident.

AI: A Piece of the Puzzle, Not the Whole Solution

While Martin’s talk showcased AI’s exciting potential, Steve’s approach underscored the importance of integrating AI alongside established security practices. He sees AI as one component within a broader toolkit that supports, rather than replaces, strong cybersecurity hygiene.

Steve advocates balancing automation with oversight – using AI for repetitive tasks, while maintaining human control where it counts.

Building a Unified Strategy

Steve’s advice on viewing cybersecurity as a unified framework added a valuable dimension to the discussion. Rather than compartmentalising attack surface reduction, detection and response, and recovery readiness, he encouraged assessing tools with a holistic perspective. Does a solution reduce the attack surface? Support quick detection and response? Aid recovery? This approach helps organisations avoid tool sprawl and unnecessary complexity.

A Balanced Perspective on AI’s Role

Martin Borrett and Steve Kenniston brought two equally valuable perspectives to Control24. Martin’s talk highlighted the dual nature of AI and its potential to shape the future of security, while Steve reminded us of the enduring importance of strong fundamentals. Together, their messages underscored that a resilient cybersecurity strategy isn’t about choosing between innovation and basics; it’s about finding the balance that fits your organisation.

As Steve put it,

Control24 attendees left with both the excitement of AI’s possibilities and the reassurance that foundational principles remain as relevant as ever.

Learn more about
Predatar recovery assurance

17 December 2024

Mega Trend for 2025: The Convergence of Backup and Recovery with Security Operations

What will 2025 have in store for the world of Backup and Recovery? As ever, Predatar’s CEO Alistair Mackenzie has some thoughts and opinions. History tells us that his predictions are never far off the mark. So, let’s take a look at his perspective on the year ahead…

Author: Alistair Mackenzie

In 2025, the backup and recovery landscape will continue its shift toward becoming a core function of enterprise security operations. This trend, emerging in the mid-market, will accelerate across large enterprises as organisations recognise that data backup is no longer just an IT infrastructure task—it’s a critical line of defence against cyber threats. As backup systems increasingly fall within the domain of Security Operations Centres (SOCs), the industry will see a series of transformative outcomes.

1. A Major Merger Between a Security and Backup Vendor 

With backup now a security priority, the stage is set for a significant merger between a security and backup vendor. This groundbreaking partnership will affirm the need for seamless integration between backup and cybersecurity and act as a catalyst to further accelerate the convergence. As a result, enterprises will be able to simplify their stack and their their resilience strategies.

2. New KPIs for Backup and Storage Administrators 

The roles of backup and storage administrators will shift rapidly. Security-related key performance indicators (KPIs)—such as anomaly detection, data integrity validation, and ransomware recovery times—will complement traditional metrics like uptime and speed, reflecting the dual mandate of safeguarding and restoring data.

3. Recovery Assurance Cleanrooms Become Ubiquitous 

As organisations prioritise recovery assurance, Recovery Cleanroom technology—dedicated environments for validating and recovering clean backups—will become more accessible and affordable. This ubiquity will make cleanrooms a standard feature in IT datacenters, reducing risk and boosting recovery confidence.

This short video explains how a Predatar CleanRoom in your DataCentre or in the Cloud will continually validate backups for recoverability and cleanliness:

4. AI Dominates Backup and Recovery 

The competition among vendors will increasingly revolve around artificial intelligence. AI-powered tools will automate backup administration, from anomaly detection to error remediation, dramatically reducing manual intervention and enabling IT teams to focus on strategic tasks.

5. Recovery Automation Embedded in SIEM and SOAR 

Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms will integrate recovery automation workflows and runbooks directly. This will enable SOC teams to respond to incidents with rapid, automated recovery processes, reducing downtime and improving overall resilience.

Conclusion 

As the boundaries between backup, recovery, and cybersecurity blur, organisations must prepare for a future where backup is at the heart of their security strategy. This convergence will drive innovation, reshape roles, and reinforce the critical link between resilience and security in enterprise IT.

Kick-start your convergence

Predatar’s AI-powered Recovery Risk report is a great way to get started. Quickly get insights into the performance of your backup environment from a security perspective, and see practical recommendations to improve your data resilience.

Learn more about
Predatar recovery assurance

12 December 2024

Backup Shake-Up: Cohesity & Veritas Merge

Why the Cohesity & Veritas Merger Will Kick-Start Other Big Moves in the Market

This week’s completion of the big merger between two of the major players in the backup and recovery space, Cohesity and Veritas, has sparked debate. Advocates argue that this move will accelerate innovation and deliver greater value to customers. Critics, on the other hand, foresee financial and organisational challenges leading to customer disruption as product portfolios are inevitably streamlined.

The truth lies somewhere in between. In the short term, legal and financial hurdles will delay noticeable market changes. And yes, customer impact will vary. Some will enjoy competitive pricing, new features, and faster innovation. Others, however, will face the expense and disruption of transitioning to alternative backup solutions.

Yet, this shake-up is ultimately necessary. The backup market has long been in need of transformation, and this merger is likely to be the catalyst.

Why Does the Backup Market Need to Change?

The backup and recovery market is overly fragmented and complex, leaving customers frustrated. With a mix of long established vendors (e.g. IBM, HPE, Dell, Veritas, and Commvault) and newer cloud-native players like Druva, Rubrik, and Cohesity, there’s no single solution that fully meets diverse organisational needs.

Instead of competition driving value, the market forces buyers into lengthy and costly evaluations to identify the right combination of products. Many organisations bring in large consultancy firms for advice, further adding to the expense. Yet, even after all the due diligence, implementation often reveals gaps between expectations and reality, leaving buyers feeling let down, exposed, and significantly out of pocket.

Why More Mergers and Acquisitions Will Follow

This merger positions Cohesity and Veritas to deliver a more comprehensive solution. Other vendors now face a choice: either remain specialised and force customers to integrate multiple products, or combine forces to offer a unified proposition. Those who choose to go it alone may find it increasingly difficult to compete with the simplicity of a ‘one stop shop’ model.

While another merger of this scale may not happen immediately, we expect to see a wave of smaller mergers and acquisitions in the near future. These moves will likely blur the lines between backup, recovery, and security, as vendors aim to offer integrated platforms addressing multiple organisational challenges.

Good to Know

Whether you are already a Predatar customer, or you’re exploring recovery assurance solutions, it’s worth knowing that Predatar supports multiple backup and recovery technologies.

With all the twists and turns that are coming in the market, you can’t be certain which backup and storage products you’ll be using tomorrow, but you can have confidence that your recovery will be assured with Predatar.

Learn more about
Predatar recovery assurance

05 December 2024

IBM Asks; Are We Really Winning the Cyber AI Race?

At this year’s Control24 summit, we had the pleasure of hosting Martin Borrett, an IBM Distinguished Engineer and IBM Security’s Technical Director for UK&I.

Martin delivered a fascinating keynote, titled ‘AI for Security and Security for AI: Opportunity or Threat?‘ It was one of the highlights of the event, touching on how artificial intelligence is transforming security practices and the tough questions we need to ask as we dive deeper into AI’s capabilities.

Martin’s presentation sparked a new way of thinking about AI in the context of security, and demonstrated that IBM is lifting the curtain on the usual ‘AI will save us’ narrative.

So back to the big question… Is AI an opportunity or a threat? Of course, the reality is that it is both. And that’s exactly the point we’re unpacking in this article.

The Benefits: AI as Our Best Defence?

Martin shared data from IBM’s latest Cost of a Data Breach report, underscoring the financial toll of data breaches, which now sits at an average of nearly $5 million per incident. However, organisations that have invested in AI-driven security saved an impressive $2.2 million on average per breach, thanks to faster detection, triage, and resolution times.

These are big numbers, and they explain why so many companies are increasingly turning to AI to support cyber security operations.

But just as AI helps us manage increasingly sophisticated threats, there’s a flipside we can’t ignore.

The Other Side: Are Cybercriminals Catching Up?

Martin touched on something many are reluctant to discuss. Cyber adversaries are experimenting with AI too. While they haven’t adopted it on a large scale yet, the rise of AI-driven phishing campaigns and retooling efforts are signs that attackers are laying the groundwork for an AI arms race.

Martin said, acknowledging the ongoing battle between defenders and adversaries. “For now, the good guys are slightly ahead. But we can’t be complacent.”

In cybersecurity, assuming that we’ll stay one step ahead can be dangerous. Cybercriminals have always been quick to adopt technology, and as the tools they use become more accessible, we’re likely to see AI-driven attacks gain traction. So, the big question becomes: are we truly ahead, or just a step away from an AI-powered wave of cyber threats?

Securing AI: The Hidden Risk

Martin didn’t just talk about using AI to boost security; he pointed out that AI itself is a new risk. As more organisations adopt generative AI models, the integrity of these systems becomes a critical concern. Martin’s advice? Treat AI like any other sensitive asset and secure it from data poisoning, model theft, and unauthorised manipulation.

“As we think about securing AI, it’s important that we consider how to protect the data, the model, and the usage,” he said.

The problem is, these are vulnerabilities many organisations haven’t even begun to address. As companies roll out AI-powered systems, it’s easy to focus on the benefits without fully understanding the risks.

The Takeaway: A Proactive Stance

Martin’s session at Control24 was a wake-up call. Yes, AI has massive potential to boost security and streamline incident response, but it’s a tool—not a silver bullet. As he so rightly pointed out, “AI is both an opportunity and a threat.” And if we aren’t securing it with the same rigour we apply to other systems, we may be inviting new risks into our defences.

So, as we embrace AI, let’s ask ourselves: are we prepared for the new threats it could bring? Because in this game of cat and mouse, we can’t afford to be reactive. We need to think ahead, secure our models, and always stay one step ahead—not just of the attackers, but of our own assumptions. If you want to find out Predatar is using AI to boost Recovery Assurance contact us here.

Learn more about
Predatar recovery assurance

03 December 2024

Cyber Vault vs Cyber Recovery Cleanroom: What’s The Difference?

The emerging cyber resiliency marketplace is evolving fast, and there’s lots of new terms to get to grips with. As a market-leader in cyber recovery cleanroom tech, we often get asked… “What’s the difference between a cyber recovery cleanroom and a cyber vault?” These two terms often get confused, and while they share some similarities, they are fundamentally different.

This article will explain:

  1. What each of these terms mean
  2. How they are different
  3. Which one you need

Before we dive in, it’s worth noting that this article focuses on the concepts and high-level technology. It doesn’t dig into, or promote any technology vendor’s solutions specifically.

What is a Cyber Vault?

A cyber vault is a highly secure, isolated environment designed to protect critical data from cyber threats such as ransomware, insider attacks, and other malicious activities. Its primary purpose is to ensure that organisations have a safe repository for their most sensitive or valuable data, which can be restored in the event of a breach or data corruption.

Think of it like a bank vault. Once your valuables are locked away they can’t be accessed by unauthorised parties. Anything you lock away will remain completely untouched and unchanged until you choose to access it.

To be classed as a cyber vault, a solution should have the following features or characteristics:

• Isolation and Air-Gapping:
The cyber vault should be either physically or logically separated from the primary network, ensuring attackers cannot directly access it during a cyberattack. A physical air gap could be created by backing up a copy of your data to tape media and storing the tape in a vault, literally! If using connected storage, the access should be restricted by network segmentation.

Immutable Backups:
Data stored in the vault should be immutable, meaning it cannot be altered or deleted once written, safeguarding it from tampering.

Multi-Factor Authentication (MFA) and Encryption:
Strict access controls and data encryption are essential to protect the vault from unauthorised access.

Here’s the next common question:
Does a cyber vault give me cyber resilience?

The answer:
Not quite.

While immutable backups are a crucial component of cyber resiliency, they do not protect you from all possible events.

Immutable backups are safe from modification once stored, meaning they can’t be tampered with or encrypted by malicious actors once they are stored in your cyber vault. But they don’t protect against an initial infection.

If your primary systems are compromised before a backup is made, your backups will almost certainly become compromised too. This is particularly concerning for ransomware attacks, where the attack might go unnoticed for long periods. Essentially, undetected malware will be replicated into your vault, with the risk of reinfecting your systems if you need to run a restore from your vaulted data.

Restoring from immutable backups can also be a complex process, especially if recovery processes aren’t regularly tested. Some organisations struggle with recovering from an immutable backups due to lack of familiarity with the specific tools or processes required. Therefore, the use of immutable storage may be restricted to a subset of data – usually the most critical assets.

What is a Cyber Recovery Cleanroom?

A cyber recovery cleanroom is also a secure, isolated environment – but its main purpose is to validate the cleanliness and recoverability of backup systems (including immutable snapshots) with the goal of minimising downtime during a data loss incident.

There are a variety of cyber recovery cleanroom solutions on the market and the prevailing trend shifts the emphasis from post-crisis recovery to proactive, automated, daily validation to help prevent attacks, and not just remediate the impacts. This means that a cleanroom is no longer a reactive ‘just in case’ investment – your cleanroom is a proactive weapon for both defence and response.

Unlike a cyber vault, where the whole purpose is that the data remains unchanged, data in your cleanroom is active. Your cleanroom is a location to run validation processes and in some cases, malware removal processes too.

For a deeper-dive, check-out this Guide to Cyber Recovery Cleanrooms.

Which Do You Need, A Cyber Vault or a Cyber Recovery Cleanroom?

It shouldn’t be an either/or decision. Both technologies deliver different benefits, and the most robust solutions for cyber resilience should incorporate the characteristics of both cyber vaults and cyber recovery cleanrooms. This customer story explains how a large utilities operator have deployed a cyber recovery cleanroom alongside their cyber vault solution.

For ultimate resiliency, mature organisations build secure storage and backup platforms that incorporate these 5 fundamentals:

  1. Keeping multiple copies of data (preferably three or more)
  2. Keeping an air-gapped copy of data
  3. Encrypting your most sensitive data
  4. Employing immutable copies to prevent corruption of data
  5. Using orchestration to recovery test and scan backup copies

For more information on the 5 fundamentals of cyber resilience check out the Recovery Gap eBook.

Start Your Journey to Greater Resiliency

If you want to boost cyber resilience in your organisation, a Recovery Risk Report is a great place to start. It’s an automated, AI-powered reporting tool, designed to quickly highlight vulnerabilities and uncover recovery risks in your backup environment without the need for costly, intrusive consultancy.

Learn more about
Predatar recovery assurance