Book demo
31 January 2025

R17.4: Viper. More Control. More Resilience.

Predatar R17.4: Viper is here, bringing even greater control over recovery testing, automation, and visibility. This is our fifth Viper release, with two more scheduled before we move to R18: Black Widow where something big is coming. But first, let’s talk about what’s new.

Take Control of Recovery Readiness

Recovery testing isn’t just a box-ticking exercise, it’s quickly become the foundation of cyber resilience. That’s why we’ve enhanced our data collection routines for Veeam & Rubrik to ensure the Recovery Risk Report and Aurora AI give end users deeper insights and more granular control over recovery testing and anomaly detection. Now, you can see exactly where risks lie before they become problems.

Smarter, Seamless Test Automation

Setting up recovery tests across multiple platforms can be a headache. In R17.4: Viper, newly added test schedules now automatically push to Veeam, IBM SPP, Rubrik, and Cohesity, making it easier to ensure tests are always running as planned. Less manual work, fewer missed tests, more confidence in recoverability.

Better Visibility Into CleanRoom Recovery

When something goes wrong in recovery, you need answers fast. We’ve introduced enhanced activity logging for CleanRoom tasks, giving users the ability to track progress and drill into failures in real-time. That means faster root cause analysis and quicker resolution when you need it most.

With two more Viper releases to go, we’re not slowing down. And with R18: Black Widow, we’re planning something big. Stay tuned and check out the full details of R17.4 here.

Learn more about
Predatar recovery assurance

30 January 2025

Is There a Role for Agentic AI in Cyber Recovery and Cleanroom Orchestration?

Agentic AI systems are gaining attention as a potential game-changer for overstretched security and infrastructure operations teams tasked with maintaining cyber resilience. But what exactly is meant by ‘agentic’ in this context?

Let’s start with a definition:
Agentic (adjective): Able to express agency or control on one’s own behalf or on the behalf of another.

Put simply, agentic AI is Artificial Intelligence that is able to make its own decisions. Think of any AI or robotics themed movie and there is probably an agentic machine at the heart of story. I,Robot, The Terminator, or our favourite… Short Circuit. Yes, Johnny 5 is alive, and is undeniable proof that agentic technology can be positive force in the world 😂.

Today, most AI is non-agentic. It’s generally used as a reactive tool and aims to deliver a specific type of output defined by a user or programmer. A human is setting the problem, and defining the type of solution required.

Agentic AI on the other hand, will independently plan and take day-to-day actions towards long-term objectives, adapt dynamically to changing environments, and interact with the world – without requiring constant human intervention.

Clearly, we’re not predicting that humanoids will be running the world – or your storage, but the core principles of agentic AI will prove to be invaluable for boosting and maintaining data resiliency. Storage and backup operations represent a fertile ground for its application. With less than 1% of backup data validated annually for efficacy and cleanliness, the need for smarter tools to address time constraints is undeniable.

This article explores the incremental steps on the path to fully autonomous, agentic, cyber recovery orchestration.

Step 1: Scheduled Recovery Automation

The journey begins with basic automation. Scheduled recovery testing and malware scanning can be proactively added to daily operations. At this stage:

  • Human operators maintain full control over what gets recovered, when, and how to respond to detection events or failed restores.
  • Automation reduces manual effort but doesn’t replace human decision-making.

This foundational step builds confidence in automation while freeing up valuable time for other critical tasks.

Step 2: Self-Directed or AI-Driven Recovery Automation

The next phase involves introducing systems that respond autonomously to detected anomalies. Here’s how it works:

  • The system uses behaviour monitoring or integrates with third-party APIs, such as storage SaaS control planes or SIEM tools to detect potential threats.
  • Affected systems are recovered into isolated cleanroom environments and tested for malware.
  • Over time, AI algorithms refine themselves to reduce false positives, lightening the workload for human operators.

Even at this stage, humans retain control over final actions, ensuring trust and oversight remain intact. While highly efficient, this level doesn’t yet meet the threshold of ‘agentic’ autonomy.

Step 3: Fully Agentic Cyber Recovery Automation

In the final stage, systems achieve full agentic capabilities, executing complex, multi-step tasks and making independent decisions. Examples include:

  • Removing malware from infected production systems as well as the backups.
  • Isolating compromised systems in a secure vault.
  • Applying software patches to remediate vulnerabilities across the network.

These advanced capabilities could raise concerns among operators about relinquishing control. However, the trade-off is significant: reducing repetitive work and accelerating the response to evolving threats.

Pros and Cons for Storage and Backup Professionals

The rise of agentic AI in cyber recovery presents both opportunities and challenges.

Pros:

  1. Enhanced Oversight: By automating repetitive tasks, professionals can focus on strategic initiatives.
  2. Improved Efficiency: Faster recovery processes minimise downtime and mitigate the impact of ransomware and other cyber threats.
  3. Adaptive Learning: AI-driven tools continuously learn from new threats, improving accuracy and reducing false alarms.

Cons:

  1. Potential for Edge Cases: Systems might encounter scenarios unfamiliar to the AI but recognisable to experienced operators, leading to potential vulnerabilities.
  2. Training Requirements: Storage administrators may need to adapt to managing and refining AI systems, adding a layer of complexity to their job description.
  3. Loss of Direct Control: Trust in autonomous systems requires cultural and procedural shifts, which may not come easily.

Conclusion: A Welcome Development

For many organisations, the processes governing backup and recovery have remained largely unchanged for decades, even as threats have evolved dramatically. Agentic AI offers a way to modernise these systems, addressing the growing cyber resiliency challenge with tools that are both efficient and adaptive.

While the shift to full autonomy will require careful implementation and oversight, agentic AI systems promise to revolutionise cyber recovery, empowering teams to stay ahead of threats and enabling a more resilient future. For now, incremental adoption—starting with scheduled automation and progressing towards self-directed systems—is the key to building trust and demonstrating the value of these transformative technologies.

Start Your Journey to Agentic AI in Cyber Recovery Today

Organisations around the world have already introduced scheduled and AI-powered cyber recovery automation for backups and snapshots with the Predatar Recovery Assurance platform. Starting your journey to resilience with automation and AI is easier than you think.

Watch this video to Discover Predatar in less than 2 minutes.

Learn more about
Predatar recovery assurance

23 January 2025

5 reasons the Cyber Recovery Cleanroom market is growing fast.

As cyber threats grow more sophisticated by the day, organisations are under pressure to protect their critical assets. Cyber recovery cleanroom technology has emerged as a powerful tool in this fight, offering a secure, isolated environment to test and validate restore operations and/or carry them out after a breach.

Cleanroom Technology isn’t a niche solution anymore. It’s on the cusp of widespread adoption, poised to leap from an ’emerging market’ to the ‘high-growth’ phase on the adoption curve.

This article explores five key accelerators fuelling the rapid uptake of cyber recovery cleanroom technology, and explains why you should consider deploying one in your organisation.

If you’re looking for a deeper dive into the tech, check out this Guide to Cyber Recovery Cleanrooms.

Understanding the Adoption Curve

The adoption curve is a well-known framework for understanding how technologies evolve in the marketplace. Typically, it includes phases such as the innovation/emerging market stage, the high-growth phase, and eventually, maturity and saturation.

Technology adoption curve showing phases: emerging, high-growth, and mature markets over time.

Currently, cyber recovery cleanroom technology sits at the tipping point between the emerging and high-growth phases. While early adopters have tested and proven its effectiveness, the broader market is just beginning to recognise its value. The transition to high-growth is often catalysed by external drivers that validate the technology’s relevance and practicality. In the case of cleanroom technology, five accelerators are acting as the spark.

The 5 Accelerators Driving Rapid Adoption

1. Growing Use Cases and Proof Points

One of the most compelling drivers of adoption is the growing body of use cases and proof points demonstrating the effectiveness of new technologies. Across all industries (but especially highly regulated ones such as finance, utilities and healthcare), organisations have leveraged cleanrooms to help avoid or improve their recovery from potentially debilitating ransomware attacks and data breaches.

Take, for instance, a national utilities operator in Austria which successfully identified and removed malware in its backup system before an attack could take place, thanks to its cleanroom-based recovery strategy. Or a US healthcare provider that safeguarded patient data by isolating and neutralising malware using recovery assurance software technology from Predatar.

These success stories are building trust and confidence in the technology by proving its value in real-world scenarios. The standout proof point is that Predatar’s Cyber Recovery Cleanroom technology has helped to identify malicious files in over 75% of all deployments, despite customers having existing cyber security scanning tool in place.

The diversity of use cases also highlights the flexibility of cleanroom technology. Initially it was designed as a safe place to recover data into after an attack, but it’s the new use cases which will help the technology cross the chasm from emerging to high growth market.

Value was added when the technology was put to work as a proactive recovery testing tool which appealed to business continuity and disaster recovery managers.

In early 2024, we saw the adoption of the technology by Managed Service Providers (MSPs) who added recovery assurance software as part of their managed backup and disaster recovery services.

Finally, we started to see the technology incorporated as part of mobile emergency cleanrooms as well as cyber vault solutions.

As more organisations share their success stories, the perception of cleanroom technology is shifting from an experimental tool to a proven necessity.

2. Increasing Platform and Workload Support

Another critical accelerator is the increasing platform and workload support now available for cleanroom technology. In its early days, cleanroom adoption was hindered by limited compatibility with existing IT environments. Today, however, the technology has evolved to seamlessly integrate with a wide range of platforms, from on-premises data centres to hybrid and cloud environments.

This expanded compatibility allows organisations to deploy cleanroom solutions without overhauling their infrastructure. Whether managing legacy systems, modern hypervisor workloads, or a mix of both – cleanrooms can now accommodate diverse environments.

An early pioneer of recovery orchestration technology, Veeam Software, offered recovery testing as a feature of its enterprise backup solution, but its support was limited to VMware workloads only. For large enterprises, cyber recovery cleanrooms need to support more than just VMware – other popular hypervisors such as Microsoft’s Hyper-V and Nutanix’s AHV are required. Support for UNIX platforms such as AIX which often house the most critical business applications are non-negotiable for many organisations too.

We believe cyber recovery cleanrooms are primarily a security technology, not a storage one. The largest security companies including Palo Alto, CrowdStrike and Fortinet are server and storage vendor agnostic. For the acceleration of cleanroom adoption, multi-vendor support is a prerequisite since security officers want to invest in tools which support a range of different server, storage and network vendors.

Additionally, many cleanroom solutions now offer integrations with popular cybersecurity tools, SIEM and SOAR platforms. These advancements simplify deployment and ensure that cleanrooms can connect into existing security ecosystems. As compatibility and support continue to improve, the barriers to adoption are quickly falling away.

3. Reduced Cost and Complexity

Adoption of the automobile in the early twentieth century accelerated dramatically as the price of the Ford Model T fell from $780 in 1910 (equivalent to $25,506 in 2023) to $290 in 1924 (equivalent to $5,156 in 2023) [Wikipedia].

One of the biggest challenges to cyber recovery cleanroom adoption has been its perceived cost and complexity. Early implementations required significant investment in hardware, software, and services, making it an option primarily for large enterprises. In addition, the hardware technology was proprietary, a good example being the Dell Cyber Recovery Vault – a highly successful (if expensive) solution targeted at large enterprises.

Today, advancements in technology are driving down cost and complexity, making cyber recovery cleanrooms more accessible to organisations of all sizes. At Predatar, we have seen the average time for implementation reduce from 20 days for Predatar’s first generation Cleanroom (1.0) to just 2 hours for Cleanroom 3.0. And by utilising commoditised infrastructure, cleanrooms are becoming affordable for all.

For further reading on the business value of Cyber Recovery Cleanrooms we recommend this Guide to Building a Business Case for Cyber Recovery Assurance.

Automation and orchestration have played a significant role in this transformation. Modern cleanroom solutions often come with preconfigured templates, automated workflows, and user-friendly interfaces with integrated AI chatbots, that reduce the need for specialised expertise. This democratisation of technology has opened the door for mid-sized businesses and small enterprises to adopt cleanroom strategies.

Furthermore, as competition in the market increases, providers are offering more affordable pricing models, including pay-as-you-go and SaaS subscription options.

4. Increasing Regulation and Awareness of Cybercrime

The regulatory landscape is another powerful driver of cleanroom adoption. Whilst no regulation explicitly demands the use of cyber recovery cleanrooms, the direction of travel is clearly towards proving recoverability, in addition to the current focus of threat detection and mitigation. Nowhere is this more apparent than in the European Union, with DORA and NIS2 coming into force in 2024 and 2025.

For a country-by-country view on where each country stands on NIS2, this blog is very useful.

At the same time, the rising prevalence of cybercrime is driving awareness and urgency. According to QBE Insurance , the number of disruptive and destructive global cyber-attacks taking place each year has doubled from 2020 to 2024. The cost to UnitedHealth Group of its subsidiary’s Change Healthcare cyber-attack has risen to $2.457 billion, according to the Group’s Q3 2024 earnings report.

And remember, recovery assurance is not just about protecting businesses from human-driven cyber-crime but also plain old accidents and acts of nature. In the second half of 2024, in the largest IT outage in history, Fortune 500 companies alone suffered more than $5 billion in direct losses because of the CrowdStrike outage.

As I write this, 2025 has already witnessed the costliest wildfire in US history, with losses expected to exceed $135 billion. The risk premium will continue to rise as growing losses from traditional disasters are compounded by cybercriminals targeting organisations of all sizes, across all geographies and verticals – causing widespread damage. This growing threat landscape is compelling organisations to invest in solutions that can mitigate the impact and ensure business continuity.

Cleanroom technology, with its ability to isolate and neutralise threats while facilitating rapid recovery is emerging as a cornerstone of compliance and resilience strategies. As regulatory pressure and cybercrime awareness continue to grow, the demand for cyber recovery cleanroom technology is set to accelerate.

5. Focus from Major Tech Vendors

The involvement of major IT vendors is perhaps the strongest signal that cleanroom technology is moving into the high-growth phase. When industry leaders invest in, acquire, and promote a new technology, it validates its importance and potential.

In recent years, we’ve seen significant activity from major vendors in the cleanroom space. Some have launched dedicated cleanroom solutions as part of their cyber resilience portfolios, while others have formed strategic partnerships with specialist providers. These moves not only enhance the credibility of the technology but also expand its reach through established sales channels and customer bases.

Here are a few examples. In 2024 Commvault launched the Commvault Cloud Cleanroom Recovery, a secure Microsoft Azure cloud environment to help recover an environment post attack. IBM continued to advance its Storage Defender solution, a multi-vendor cyber solution spanning both primary and secondary storage, with options to add cyber recovery cleanrooms. HPE has made significant strides in establishing market presence with its HPE GreenLake Cyber Resilience Vault, a new air-gapped solution offering ‘superfast’ recovery.

Moreover, major vendors are investing in R&D to further enhance cleanroom capabilities. From AI-driven threat detection to advanced automation, these innovations are making cleanroom technology even more robust and appealing. The focus from IT giants is a clear indicator that cleanrooms are no longer a niche solution—they’re a critical component of modern cybersecurity strategies.

The Road Ahead: From Emerging to High-Growth Market

The convergence of these five accelerators is creating a perfect storm for the adoption of cyber recovery cleanroom technology. As use cases multiply, compatibility improves, costs decrease, regulations tighten, and major vendors double down, the conditions are ripe for rapid growth.

In the coming months, we can expect to see cleanroom technology move firmly into the high-growth phase of the adoption curve. Organisations that act now to explore and implement cleanroom solutions will be well-positioned to stay ahead of cyber threats and regulatory requirements. Those that delay may find themselves at the mercy of rising insurance premiums and damaging losses.

Conclusion: Recommendations for adopting Cyber Recovery Cleanrooms

Cyber recovery cleanrooms are rapidly transitioning from niche tools to essential components of cybersecurity strategies. To capitalise on this momentum, organisations should:

  1. Prioritise Proactive Implementation: Don’t wait for a breach or regulatory pressure to take action. Implement cleanroom solutions early to build resilience and validate recovery processes. Start with a pilot project to demonstrate value before scaling.
  2. Invest in Compatibility and Training: Ensure your cleanroom solutions integrate seamlessly with existing IT environments and security ecosystems. Equip teams with the necessary training to maximise effectiveness, leveraging vendor support and automation tools for simplicity.
  3. Collaborate with Leading Providers: Partner with vendors offering proven, multi-platform solutions and a focus on continuous improvement. Opt for partners who demonstrate commitment to innovation, regulatory compliance, and flexibility to meet your organisation’s unique needs.

By addressing these areas, organisations can position themselves at the forefront of cyber resilience, safeguarding operations while adapting to the evolving threat landscape.

Learn more about Predatar’s unique Cyber Recovery Assurance capabilities at www.predatar.com

Learn more about
Predatar recovery assurance

14 January 2025

6 ways Disaster Recovery testing is evolving – and why it needs to.

Disaster Recovery testing, or DR testing has been a cornerstone of business continuity for more than 3 decades. While the need for validating recoverability has never been greater, the way that DR testing is done hasn’t kept pace with new technology or the evolving risk landscape.

It’s an inconvenient truth that the simulated scenarios of DR tests no longer reflect real-world threats. Whether they choose to acknowledge it or not – most IT professionals already know it.

Rubrik’s EMEA CTO Harpinder Singh Powar recently discussed the role of DR testing at Predatar’s annual user summit. He states,

“The value of DR testing has dramatically diminished, and for many organisations the practice has become little more than a tick-box exercise.” 

DR testing has the potential to once again become a powerful tool for business continuity. And what’s more, it has a big role to play in the fight against cybercrime. DR testing must evolve. And here’s the exciting part – the evolution is already underway. New approaches to DR testing will help organisations rise from the metaphorical flames of any disaster – and even help to avoid them.

What is Disaster Recovery testing (aka DR testing)?


Disaster Recovery testing is the process of validating an organisation’s disaster recovery plan (DRP) to ensure that IT systems, data, applications, and infrastructure can be effectively restored after a disaster or disruption.

Typically, most organisations execute DR tests on a quarterly, or annual basis. During these tests specific elements of the DRP will be tested, for example failover mechanisms or backup restores.

Why does Disaster Recovery testing need to evolve?

Resource challenges:
IT systems are getting bigger and more complex by the day. At the same time, there is an ongoing global shortage of skilled technical people. DR testing is already time-consuming and resource intensive. This is only getting worse with more edge devices, Internet of Things 4.0 (IoT 4.0), and big data models for AI.

Under-resourced IT teams are struggling to keep up with basic scheduled DR testing, let alone expand the scope to reflect the new data landscape. 
 
The threat landscape:
As the name suggests, Disaster Recovery testing is all about how an organisation will respond in a disaster. It’s always wise to plan for the worst-case scenario, and historically the worst-case scenario was something like a fire or flood taking out your data centre. Following 9/11, terror attacks became a very real concern too.

Fast forward 20 years. Today the biggest threat is a very different beast. Where once the odds of a ‘disaster’ striking were perhaps 1 in a million, now it’s closer to 1 in 50. The big threat is cyber attacks.

Where ‘traditional’ disasters have tended to be indiscriminate and hit suddenly, cyber attacks are often super-targeted, and are executed over an extended period. They silently spread across networks to cause maximum disruption. Disaster Recovery wasn’t built to deal with this new type of scenario.

How is Disaster Recovery Testing changing?

1. Continuous DR testing

Few people would disagree that increasing the frequency of testing is a good thing to do. But cost, complexity and resource limitations mean that most organisations only run DR tests periodically – typically, on a quarterly, or annual basis. What’s more, these tests only check a very small subset of the data the organisation stores (less than 1% on average).

DR testing is a perfect use case for automation. Organisations that deploy automated DR testing workflows can run continuous recovery tests, 24/7 – with no additional burden on busy IT teams, and no disruption to day-to-day IT systems and operations.

This new approach to testing means that organisations can validate the recoverability of all of their data every few weeks. The most critical systems can be checked every few days.

2. AI-powered DR testing

Artificial intelligence is changing the world, and it’s got a significant role to play in the future of DR testing. AI is already being put to work in many organisations to identify data with the highest likelihood of recovery failure. These potential ‘problem’ workloads can then be prioritised for testing – boosting the chances of finding and fixing issues. This approach will ultimately increase the efficacy of recoveries. AI can also be used to detect signs of a cyberattack by spotting tell-tale patterns of nefarious behaviour in your data. This will enable IT and security teams to act early – before the issue escalates into a crisis.

The third and final application of AI for DR testing we want to highlight is AI-generated scenarios. By understanding the complex data patterns of real-world disaster scenarios, and how the responses play out, AI will be able to test drive DR plans against realistic scenarios and automatically optimise the response for maximum success.

3. DR testing with integrated security tools

In most modern cyber attacks, malicious files are present within the victim’s IT network for weeks – sometimes months – before the attack is activated. Traditional DR methods won’t detect this dormant malware. As a result, a DR test might produce a successful result for recoverability of an infected workload, even though the data could become encrypted and rendered useless as part of a cyber attack.

It’s an eye-opening fact that Predatar has uncovered hidden malware in more than 70% of its customer environments within just a few weeks of deployment. In most cases the malware had been present for several months, and had the potential to cause significant disruption if left undetected.  

By integrating cyber security tools such as Endpoint Detection & Response (EDR) and Extended Endpoint Detection & Response (XDR) into DR testing procedures, organisations can validate the cleanliness of their data and remove malware before it can cause damage.

What’s more, by integrating DR testing with SIEM and SOC platforms, DR testing can become more responsive to the real-world threats that cyber security teams are managing every day.

4. DR testing as a proactive threat detection weapon

We’ve just highlighted how a new generation of DR testing capabilities will uncover hidden threats and vulnerabilities within stored data. In some cases, the DR test will be the first alert of a potential issue within an organisation.

Integration with SOC and SIEM platforms not only means IT teams can receive intelligence from security teams,  they can provide intelligence to security teams too. DR testing has the potential to be an early warning system for prevailing cyber attacks. In the new world of DR testing, backups are elevated from reactive insurance policy to a proactive threat intelligence tool.

5. Joined-up DR testing

Today, DR tests are often compartmentalised, with tests executed on a systems-by-system basis. In a real-world scenario, bringing back one system at a time is far from optimal. Your business’s most critical applications may have dependencies across multiple systems. By using unified recovery environments and recovery orchestration applications, businesses can build and test recovery plans to restore data from different systems in an optimised sequence. This will enable them to get the most vital systems up and running faster. By minimising operational downtime, IT teams can and reduce the impacts of a cyber incident or other data loss event.

6. DR testing for compliance

the business case for efficiency and cyber resilience are compelling drivers for change. But it’s regulations that are really accelerating the innovation and adoption of new DR testing practices. A new wave of operational resilience regulations is being introduced around the world – FISMA, DORA, HIPAA, PRA and NIS2 to name a few. Not to mention more stringent requirements from cyber insurance too. The need to provide evidence of recoverability is rapidly becoming essential.

As you evolve your DR testing processes and toolsets, be sure to evaluate your reporting capabilities too. In the new world of DR testing, spreadsheets and hand-cranked reports will be a thing of the past. Most modern applications include easy-to-use, configurable dashboards and reporting features. These tools are designed specifically to boost visibility, save time and provide the evidence that regulators and auditors need.

In Conclusion

Disaster Recovery testing needs to evolve to meet the operational resilience challenges facing organisations today. Automation, Artificial Intelligence and integration with security applications will provide the biggest wins. The future of DR testing is closer than you think. Predatar’s Recovery Assurance platform is a practical way to get started with AI-powered, automated recovery testing and malware scanning for backups and snapshots.

Find out more about the world’s most innovative Recovery Assurance platform at www.predatar.com or book a demo now.



  

Learn more about
Predatar recovery assurance

09 January 2025

Is Your AIX Environment Safe from Ransomware?

AIX systems are often the IT backbone of medium and large enterprises. They power everything from critical financial systems to supply chain operations to industrial controls. Uptime is non-negotiable. However, while organisations have invested heavily in safeguarding virtualised environments and primary storage snapshots, AIX has often been left behind.

This isn’t an oversight, it’s due to technical hurdles. The proprietary nature of AIX systems combined with their complexity, has made it difficult to perform recovery testing at scale. As a result, many businesses have no choice but to simply hope that their AIX backups will work when disaster strikes.

The AIX myth.

You’ve probably heard this one…

The often-accepted logic suggests that ransomware gangs are most interested in hitting the most widely used platforms like Windows and VMware, and that AIX simply doesn’t have the footprint to be worthwhile for attackers. While there is sense in the logic, it’s not that black and white.

While AIX might not be as prevalent as Windows or VMware; for the businesses that rely on it, AIX often holds the crown jewels of their data. Take down the AIX, and many organisations will be left totally unable to operate. Retail businesses will be unable to transact. Hospitals will be unable to access patients’ medical records. Production lines will grind to a halt.

Attackers want to cause maximum disruption in order to increase the size and likelihood of a ransom payout. When it comes to targets, AIX is a bullseye.

This isn’t just theoretical. There’s a growing trend of ransomware groups creating variants or modules to reach into UNIX-based systems, including AIX. Ransomware families like DarkRadiation and RansomEXX have already been engineered to strike Linux environments, meaning an AIX variant is just a tweak away. And given the potential payout from infiltrating the kind of critical data managed on AIX, it’s only a matter of time before ransomware gangs prioritise this OS.

More than just a good practice

AIX systems tend to be found in industries with high-value, business-critical data like finance, healthcare, and manufacturing. It’s no coincidence that these are the 3 industries most targeted by ransomware attacks, and no coincidence that these are amongst the most highly regulated industries.

With a raft of operational resilience regulations coming into force around the world (DORA, FISMA, PRA, and NIS2 to name a few), proof of effective recovery from AIX is becoming more than just good practice. For lots of organisations – it’ll be mandatory.

IBM and Trend Micro: Fortifying AIX and SAP Environments on Power

IBM’s collaboration with Trend Micro to bring Trend Vision One™ to Power servers reinforces the critical point… AIX isn’t immune to ransomware or cyber threats. Trend Vision One’s SAP Scanner, integrated with SAP NetWeaver and SAP HANA, actively scans for hidden threats, showing IBM’s commitment to securing these high-value environments. If AIX were untouchable, this level of security wouldn’t be necessary. For organisations relying on AIX for sensitive data, IBM’s partnership with Trend Micro validates the importance of a robust, proactive approach to cyber resilience.

Predatar’s Approach to Validating AIX Cyber Resilience

At Predatar, we’ve also taken up the challenge. Our latest product release, R17.3 Viper, brings Predatar’s full Recovery Assurance capability to AIX workloads. Customers heavily invested in IBM storage tech can now validate the cleanliness and recoverability of their Storage Protect/Plus VMs, their FlashSystem Safeguarded Copies and their AIX backups with a single Predatar licence and one Predatar CleanRoom.

AIX customers with multi vendor storage environments benefit from this release too. Predatar supports Veeam, Rubrik and Cohesity backups, and immutable Pure Storage snapshots too.

Our approach leverages the power of Predatar’s Aurora™ AI, to continuously monitor and test backup environments, flagging potential threats and validating recovery workflows. In a world where ransomware attacks are increasingly sophisticated, it’s more important than ever to know that your backups are not just complete – but clean and secure.

The Importance of Scanning Backups

When ransomware strikes, it doesn’t always attack production data first. Sometimes it sneaks into backup data, hiding until an attempted recovery brings the infection back into the environment. Scanning backups of AIX is about making sure that in the worst-case scenario, when an organisation is recovering, it’s truly safe. A comprehensive scan can prevent re-infection, validate the security of recovery copies, and ultimately serve as the final line of defence against sophisticated ransomware strategies.

In short, for those organisations relying on AIX to protect their most valuable data, the stakes are too high to overlook cyber resilience.

Final Thoughts

The risk of ransomware is real and it’s growing. Cybercriminals will increasingly focus on big, critical targets, including AIX environments. By leveraging solutions like Predatar and IBM’s and Trend Micro’s Trend Vision One, organisations can gain confidence in their ability to detect, prevent, and recover from ransomware threats targeting AIX.

Protect your AIX systems like the crown jewels, because to a ransomware gang, that’s exactly what they are.

Visit the Predatar website to find out how Predatar can give you recovery confidence.

Learn more about
Predatar recovery assurance

03 January 2025

Predatar R17.3: AIX support has arrived!

Predatar never stops evolving. Over the past 18 months the platform has become truly vendor-agnostic with support for many of the biggest backup and storage solutions on the market. Our roadmap is driven by the changing needs of our customers and the days of businesses relying on a single vendor for backup and recovery are fading fast. As organisations adopt a broad range of solutions to address their challenges, managing and securing data across multiple systems has become more complex than ever.

Predatar has embraced this shift, evolving to give businesses a single, unified view of their recoverability and cyber resilience. Through AI-powered analysis, automated recovery testing, and deep malware scanning of backups, we’ve provided tools that not only simplify this complexity but help organisations continuously verify their readiness to recover from cyber attacks. By listening to our customers and innovating based on their feedback, we’ve ensured Predatar stays ahead in addressing the challenges of a multi-vendor world.

Building on the IBM Legacy

For those that have known about Predatar for a while, you’ll know it all started with IBM. Today our platform supports a wide range of storage vendors, but IBM remains a powerhouse in the data protection space and recent developments show they’re on an exciting journey that complements our own.

Predatar R17.3 introduces a major milestone for IBM users: full support for recovery testing and malware scanning of AIX workloads protected by IBM Storage Protect. This completes our IBM integration story, adding to our existing support for IBM Safe Guarded Copies, Storage Protect Plus, Data Protect, and FlashSystem. For organisations heavily invested in IBM, this means a seamless, end-to-end solution for testing, verifying, and enhancing resilience across critical workloads.

We’re also closely watching IBM’s progress and there’s a lot to be excited about. Over the last 18 months, they’ve accelerated the pace of innovation. From their Data Resiliency Dashboard enhancements and simplified updates to Splunk integration, to governance improvements, IBM is delivering tools that help businesses to strengthen their recovery posture. Features like ransomware detection sensors and MFA security enhancements demonstrate their commitment to evolving in line with their customers’ needs.

Our team is particularly excited by IBM’s developments of their Storage Defender platform. By introducing integrations with other storage vendor’s solutions, it’s clear that IBM is also embracing the reality of a multi-vendor world. This approach aligns with our own mission to help organisations protect and recover their data, no matter how complex their environments become.

A Shared Vision for Resilience

Predatar R17.3: Viper is more than a product release; it’s a testament to our commitment to helping businesses thrive in a multi-vendor world. By continuously enhancing our platform and staying aligned with the latest advancements from partners, we’re ensuring that resilience isn’t just a possibility but a certainty for our customers. Check out R17.3:Viper here.

Learn more about
Predatar recovery assurance