Month: March 2025

Predatar’s third-generation Cyber Recovery Cleanroom is here. Redesigned from the ground up, CleanRoom 3 is making Recovery Assurance achievable for more organisations than ever before.

Cyber Recovery Cleanrooms – sometimes referred to as Isolated Recovery Environments – have been gaining traction as an important technology for operational resilience.

Big storage vendors including IBM, HPE, Dell and Commvault have introduced cleanroom technology to their portfolios, either as products or reference architectures – but despite the importance of the technology, market adoption has been relatively slow.

Predatar Founder & CEO, Alistair Mackenzie explains: “Most organisations understand they need to boost data resiliency. Cleanrooms have a big role to play, but until now, the technology has been seen as costly and complicated.”

Cyber Recovery Cleanroom Pioneers

Predatar has been ahead of the pack in this area. Since launching our first Cleanroom more than 3 years ago we’ve continued to innovate relentlessly to create the most advanced Recovery Assurance platform on the market today.

With the launch of our third-generation cyber recovery cleanroom, Predatar has significantly lowered the barriers to adoption. CleanRoom 3 is easier and more cost-effective to buy, it supports more storage configurations than ever before, and it can be deployed quickly.

Fewer Licences. Lower Cost.

Previously, customers needed to purchase licences for the hypervisors and third-party XDR (Extended Detection & Response) software that’s embedded in the Predatar platform. With CleanRoom 3 this requirement has gone away.

Not only does this make it much easier to procure the solution, but it’s more cost-effective too.

Now, one Predatar subscription covers all your licensing needs for automated recovery testing and deep malware scanning across Veeam, Rubrik, Cohesity, and IBM backups – and your IBM and Pure immutable snapshots too.

More Flexible.

Where most cleanrooms require customers to purchase new hardware or acquire new cloud infrastructure, CleanRoom 3 has been designed to run on a broad range of commodity hardware, meaning that in many cases customers will have the ability to use technology they already have in their data centre.

What’s more, our third-generation CleanRoom has more deployment options. Now customers have the option to build their CleanRoom as a Virtual Machine or deploy it on Bare Metal.

Quick and Easy to Deploy.

One of the biggest changes we’ve introduced in CleanRoom 3 is a completely new deployment method. All of the config is done via a step-by-step setup wizard. This generates an ISO file which can be downloaded and easily installed on the host environment.

Ian Richardson, CTO at Predatar explains “We’ve made the setup really user-friendly. Thanks to the new ISO-based deployment, a CleanRoom can be deployed in around 2 hours, without the need for extensive training or highly specialist skills.”  

How is Predatar Different?

CleanRoom 3 has been designed to make the benefits of Recovery Assurance achievable for more organisations, but the fundamental principles of Predatar remain the same. Our Recovery Assurance platform stands out in the marketplace in three important ways.

1. Predatar provides pre-emptive recovery testing: Using automation and AI, to continually validate the recoverability of critical backups and snapshots before a crisis hits.
   _
   
2. Predatar goes beyond anomaly detection: Where most alternative solutions identify signs of possible malware using anomaly detection methods, Predatar goes further – actually restoring suspect workloads, before running a full antivirus scan to verify the infection, and where necessary, cleaning the workload too.
   –
   
3. Predatar supports multiple backup and storage technologies including Veeam, Cohesity, Rubrik, IBM Storage Protect, IBM FlashSystems, and Pure Storage, so customers can validate different workloads in one Cleanroom with a single Predatar licence.

Talk to the Recovery Assurance Experts

To learn more about how Predatar can boost resilience in your organisation, contact our team or find a Predatar expert partner near you.

Here’s an alarming statistic for you: At the time of writing this blog, over 80% of Predatar customers have discovered previously undetected malware in their backup data within a month of starting to use Predatar’s Recovery Assurance platform. So, how does it get there? And what can you do to make sure your backups are safe?

Most of Predatar’s customers are medium to large enterprises with expansive IT networks. Every one of these organisations has cyber security technologies in place, including some sort of antivirus product. In most cases it’s market-leading XDR products from vendors like Crowdstrike, Palo Alto, or Microsoft. So, how is malware getting into their backups?

How Does Malware Get into Backups?

1. Replication of zero day viruses

Typically, organisations configure their antivirus technology to run incremental scans on their production systems. Only new data or data that has changed is checked for malware. The reason for this is simple, incremental scans are more efficient – both in terms of time taken and the performance impact to the underlying disk. The reality is that checking all production data, every day, is simply not feasible.

The problem here is zero-day attacks. If a new strain of virus infiltrates your IT network before it’s known to your antivirus vendor, it will slip through the net and hide inside your network. This malware will remain undetected until the data it resides in is altered. At this point, it’s likely the virus definitions in your antivirus tools will have updated, and the malware can be flagged and removed.

But… most organisations create backups every night. So, in this scenario the malware that ‘slipped through’ will have been backed up too. Even if the virus is removed from production systems, very few organisations take the step of proactively checking and cleaning their backups.

2. Planting malware directly into backups

Cyber criminals can – and do – target backups directly. This is a common practice for ransomware gangs, who will encrypt or delete backups as part of a co-ordinated attack. By compromising the backups, they remove their victim’s ability to restore data. This gives them little option but to pay the ransom demands.

In this scenario, the criminals will gain administrator access to their victim’s backup platforms to plant malicious code directly into backup repositories. This approach completely bypasses antivirus protection on production systems.

Access is usually achieved via stolen administrator credentials, or hacking methods such as manipulating OAuth token access. In some cases, criminals will recruit an insider. For example, a Storage Administrator within the target organisation may be offered payment for planting malware in backups.

Why is Malware in Backups a Problem?

Put simply, malware in your backups will put your ability to restore at risk. Whether you need to recover an important file that was accidentally deleted, or mount a large-scale recovery of critical business systems following a cyber attack or other major data loss event – malware in your backups could be a show stopper, leaving you with no way to recover your valuable data.

At best, this will be inconvenient. At worst, business critical systems could be offline for extended periods. In some cases, loss of customer or employee data could lead to regulatory non-compliance, fines and legal action.

Does Immutability Solve the Problem?

Immutability has become a popular method to protect against the problem of malware in backups. While it offers some protection, immutability alone doesn’t solve the problem.

Essentially, immutability means that once data has been written it can’t be altered. Using immutable backups won’t stop undetected malware being replicated into your storage repositories, but it does mean that once it’s there it can’t be activated, and your data is safe from malicious encryption or deletion – while it remains in an immutable state.

The problem comes when an infected immutable backup is recovered. Restoring from an infected backup will introduce the malware to the system you are restoring to, and once the restore has taken place, the data is no longer immutable, and the malware could be activated by the criminals that created it.

How Can You Make Sure Your Backups Are Safe?

The only way to be sure your backups are safe is to check them. Best-practice dictates recovering backups to an isolated recovery environment, also known as a cleanroom, before running antivirus tools to validate them for cleanliness. This method means that if your backups are found to contain malware neither your production or backup systems will be at risk, while you take remedial action.

Today, this approach is generally used as a reactive measure in high-stakes scenarios. When a cyber attack has occurred, organisations will begin the process to validate their backups, starting with their most critical workloads, as part of a large-scale cyber recovery procedure.

What is Proactive Cyber Recovery?

Thanks to automation and artificial intelligence, products like Predatar Recovery Assurance platform can continually validate your backups to ensure they are always recoverable and free from malware. This proactive approach means that you’ll know your backups are safe before a crisis hits.

Only Predatar offers a vendor-agnostic solution that enables you to automate recovery testing and advanced malware interrogation on Veeam, Rubrik, IBM, and Cohesity backups in the same cleanroom. Predatar can also be used to validate immutable IBM and Pure snapshots too.

Want to Become Recovery Confident?

Don’t wait for a crisis to find out if you can recover. Watch this short video to learn more about Predatar and contact our team to start your journey to recovery confidence.

Empalis & Predatar:
A story of Partnership.

Predatar’s APEX partner program is so much more than a traditional reseller channel. It’s built on the foundations of a long-standing, multi-disciplinary collaboration with Empalis Consulting GmbH, and the result is a global community of exceptional collaborators. In this interview, Markus Stumpf, Business Development Manager at Empalis, explains what it takes to be an APEX partner, and why you should talk to one if cyber resilience is a concern in your business.  

Predatar: How did the partnership between Empalis & Predatar first come about?

Markus: It started almost 10 years ago. At the time, we were on the verge of launching our first managed backup and recovery service. Until then, Empalis had focussed on consulting and one-off engineering projects. It was an exciting time, but like any new venture, it was also a bit of risk. Would the service be a success? and if it was, could we scale it?

I met Alistair (Mackenzie, Predatar CEO) by chance at an IBM Storage conference in Las Vegas. He told me about Predatar, and I could instantly see how the automation and reporting features could help us. By automating daily reporting and other repetitive tasks, our service engineers could bring value to more customers.

Predatar: How did this partnership evolve?

Markus: Once we started using Predatar, our team began to see opportunities to enhance the platform further – to deliver even more value for our customers. Since the beginning, the Predatar team has actively looked for feedback, and we were more than happy to share our insights and ideas.

It soon became obvious that we would be great collaborators. We would challenge one another’s ideas and push the boundaries together. Before long, we were having a direct influence on the Predatar product roadmap, and Predatar was helping to shape the future of Empalis too.

Predatar: Can you give an example of how you’ve influenced the innovation of the Predatar Platform?

Markus: There are so many features and functions in Predatar that Empalis has influenced, but let me tell you about one of the more significant collaborations.

Today, Predatar is known for its innovative CleanRoom. In my opinion, it really is the most advanced Cyber Recovery Cleanroom solution available today. But let’s rewind a few years, before Predatar’s CleanRoom was even a spark of an idea.

I met with Alistair (Mackenzie) for a catch-up while he was in Germany on business back in 2019. We met in a small meeting room in Stuttgart. We weren’t intending for the session to be an R&D workshop, but by the time we were done, we’d mapped out the architecture of what would become Predatar’s first generation CleanRoom on a whiteboard.

Predatar: How else have you supported Predatar’s R&D?

Markus: Innovation at Predatar is rapid, but balancing this with rigorous testing has been a challenge for the Predatar team. We’ve been really happy to get hands-on and support with QA and usability testing. We want to get the latest tech to our customers, fast – but not before my team has put it through its paces – so this is a win, win.

Last year, Predatar formalised this process. They now run an Early Access Program (EAP) where Empalis and other APEX partners can test-drive new features. We’ve been putting CleanRoom 3.0 through its paces. Predatar’s third generation of Cyber Recovery Cleanroom will be a game-changer, making Recovery Assurance achievable for many more businesses.

Predatar: How has Predatar shaped Empalis?

Markus: Around 2 years ago we launched Viking Backup Guardian, our flagship managed backup and recovery service with Predatar baked-in. The service provides an immutable copy of customer’s backup data in our cloud, which we proactively verify for recoverability and cleanliness in a Predatar CleanRoom.  

What our customers love about this service is that it takes away the cost and complexity of CleanRoom setup, it’s scalable – so you only pay for what you need, and it’s completely managed. Empalis will deal with all the day-to-day operational stuff.

When we launched Viking, it was totally unique, and even today, with the exception of other Predatar APEX partners, I’m not aware of any MSPs that offer anything similar.

Predatar: Can you explain a bit about the APEX program?

Markus: It’s no secret that Predatar has designed the APEX program with an ambition to replicate the success of the collaborative relationship between Predatar and Empalis. You could say that our partnership has been the blueprint for the program. Today, there are 24 Apex partners globally.

Of course, like any channel program this helps Predatar access markets around the world – but APEX is about so much more. The selection criteria is rigorous. APEX partners must demonstrate they have the vision and capabilities to deliver world-class, value-added services with Predatar under the hood.

Any IBM channel partner can resell Predatar, but only APEX partners are authorised to integrate Predatar into their own products and services.

Predatar: What’s next for Empalis and Predatar?

Markus: We will continue to help more and more customers achieve recovery confidence with the Empalis Viking Guardian service. But when it comes to innovation, anything could happen. Ask me again after our next whiteboard session!

---

To find out how Markus and the team at Empalis can help you manage complexity and boost data resilience in your organisation, contact them here.

Find an APEX partner in your region here.

Are you considering deploying a cyber recovery cleanroom to test your systems’ recoverability from cyber-attacks or other disruptive events?

You’re not alone. The market for recovery assurance solutions, including cleanroom technology, is growing rapidly. Learn more in this article:
5 Reasons the Cyber Recovery Cleanroom Market is Growing Fast.

A common question we hear is; should you build a cleanroom or invest in an off-the-shelf (productised) solution? This article explores the pros and cons of each approach and provides a simple decision tree to help guide your choice.

This discussion assumes that you intend to use a cleanroom for proactive recovery testing rather than solely for post-attack recovery. While productised solutions can expedite deployment after an attack, their primary strength lies in pre-emptive recovery testing and assurance.

Cleanroom customisation

If your environment requires significant customisation, building your own cleanroom might be the best option. A DIY solution allows for precise tailoring to your infrastructure, whereas productised solutions are designed to serve a broad market.

For example, if your workloads include mainframes or iSeries systems that productised solutions do not support, a self-build approach may be your only choice. However, if your environment primarily consists of virtualised workloads—such as VMware, Windows, and Linux file systems—then a productised solution is a viable and often preferable option.

CleanRoom Security

For organisations operating dark sites with no permissible cloud connectivity, a DIY approach may be necessary. Many productised solutions rely on cloud-based control planes for features like AI-driven anomaly detection, and losing this connectivity can limit their effectiveness.

However, an isolated environment comes with trade-offs. Without internet access, you forfeit real-time malware definitions, security updates, and continuous product enhancements—features that productised solutions deliver automatically.

Cleanroom Automation

Productised cleanrooms benefit from advanced workflow automation that optimises resource allocation for recovery testing and malware scanning.

A key component of modern recovery assurance solutions is the use of data lakes and AI/ML models to prioritise anomalies for deeper analysis. The best cleanroom solutions leverage feedback learning to refine anomaly detection and minimise false positives over time.

If you lack in-house data scientists and software engineers, a DIY solution will likely lack the automation and orchestration capabilities of a commercial product.

Cleanroom ease-of-use

If ease of deployment and maintenance is a priority, a productised solution is the clear choice. Here’s why:

• Rapid Deployment – Modern cleanroom software can be deployed in under a day using standard infrastructure.
• Automated Security Patching – Productised solutions can integrate with repositories like GitHub, continuously downloading updates and enhancements to stay ahead of emerging threats.
• Vendor Support & Testing – Purchasing a product means gaining access to enterprise-grade testing, support, and maintenance. Many organisations opt for productised solutions to offload the burden of software development and patching.

Summary & Decision Process

For comparable costs, a productised solution will always provide a more feature-rich and automated cleanroom for supported workloads. Security concerns may restrict the use of some cloud-dependent cleanrooms, but some vendors offer private cloud deployments as an alternative.

As adoption increases and cleanroom solutions become more mainstream, productised offerings will continue to improve while costs decline, making the build-your-own approach increasingly less viable.

By following this structured approach, you can determine the best path forward for implementing a cyber recovery cleanroom tailored to your organisation’s needs.

Learn about Cyber Recovery Cleanrooms from Predatar

Predatar is a leader in Recovery Assurance technology. Our unique CleanRoom solution provides preemptive recovery testing and advanced malware scanning for backups and snapshots from many leading storage vendors including Veeam, Rubrik, IBM, Cohesity and Pure – with support for more technologies on the way.

Learn more at predatar.com.

Complex, multi-vendor storage environments don’t need complex, multi-vendor resiliency tools. In this short blog, we look at the benefits of unified Recovery Assurance with a centralised CleanRoom.

What is Recovery Assurance?

Put simply, Recovery Assurance is the process of validating that IT systems can be successfully restored following a data loss event.

By far, the most common type of significant data loss scenarios today are cyberattacks. That’s why there’s a new breed of Recovery Assurance technologies emerging, designed to verify that backups are recoverable and have not been compromised before they are used to restore production IT systems.

 You can learn more about the different types of solutions in the Recovery Assurance Buyer’s Guide.

What is a Cyber Recovery Cleanroom?

Cyber Recovery Cleanrooms are an integral component of Recovery Assurance, and are quickly becoming seen as an essential tool for cyber resilience. Essentially, a cleanroom is a secure, isolated environment where potentially harmful data can be analysed and validated without putting other IT systems at risk.

Typically, cleanrooms are seen as reactive tools that are only utilised when a large scale recovery is required. Predatar is leading the way with a new generation of pre-emptive cleanroom technology that automates continuous recovery testing and advanced malware scanning on backups and snapshots. This means that when a cyber incident hits, Predatar users already know that their backups (and primary snapshots) are recoverable and free from malware.

What is Unified Recovery Assurance?

Many of the big backup and storage vendors offer data resilience solutions including cleanrooms, anomaly detection and more. In most cases these solutions are designed to work solely with the vendor’s own products. For example, Veeam’s SureBackup solution is designed to validate the recoverability of Virtual Machines backed up with Veeam’s Backup and Replication platform, IBM’s Storage Defender Cleanroom architecture is intended to validate IBM SafeGuarded Copies and IBM Defender Data Protect backups, while Rubrik’s Cyber Recovery toolset is built to orchestrate recoveries on data backed-up in the Rubrik Security Cloud.

Predatar’s Recovery Assurance technology is different. It has been designed to provide data validation across multiple workload types, on both primary storage and backup storage, and is vendor-agnostic. That means that Predatar users can run automated recovery testing and advanced malware scanning across complex storage environments in a single, centralised CleanRoom – with just one Predatar subscription.

What are the benefits of Unified Recovery Assurance?

Benefit 1. Simplicity

Fragmented storage, doesn’t have to mean fragmented recovery. By choosing a unified approach to Recovery Assurance, IT and Security teams can simplify day-to-day management of resiliency and gain  greater observability though a holistic approach to data validation.

As well as daily operations, greater simplicity will really make a difference during incident response too. Coordinating high-stakes recoveries, with complex interdependencies is always going to be stressful, but with a unified Recovery Assurance solution, automated recovery sequences can be pre-defined and tested in preparation for a cyber incident.

Benefit 2. Cost

While some storage and backup vendors include data resilience features within their products, often they are not part of the core licensing/subscription plans. In many cases these features will only be available as upgrade options or to customers on premium plans.

It is worth contacting your backup and storage vendors to understand what tools are available to you, but
for organisations that have multiple storage and backup products in play, achieving resilience across all platforms could quickly become costly. You’ll also need to consider the additional training and resources required to learn, manage, and maintain multiple tools.

Predatar’s unified, vendor-agnostic approach to Recovery Assurance means Predatar customers can achieve parity of resilience across multiple platforms and technologies with a single solution.

Benefit 3. Future-proof

Technologies are always evolving. New storage products come to the market, while others are retired. Trends change. From tape storage, to mainframe, to Virtual Machines, to containers… How you store your data today might not be how you store it tomorrow.

With a unified, vendor-agnostic approach to recovery assurance, organisations can future-proof their investment, safe in the knowledge that if their storage solutions change, their CleanRoom won’t need to.

Predatar’s approach

Predatar is on a mission to give organisations complete recovery confidence. Our unique Recovery Assurance platform uses automation and AI to continually prove that your backups and snapshots are always recoverable and free from hidden malware. Here’s how:

With a single Predatar subscription, and one centralised Predatar CleanRoom, Predatar customers can validate Virtual Machines, Databases and files systems backed-up by Cohesity, IBM Storage Protect/Plus, IBM Storage Defender Data Protect, Rubrik, and Veeam. Immutable snapshots from IBM FlashSystem, and Pure Storage can be checked too.

Find out how Predatar can simplify Recovery Assurance in your organisation. Book a demo today.