Month: May 2025

Exciting news! Predatar & Trend Micro have announced a renewed partnership which will see Trend Micro Vision One^TM, the compressive threat defence and detection platform incorporated into Predatar’s latest Cyber Recovery CleanRoom^TM. The new agreement eliminates previous deployment complexities by enabling Predatar to embed the industry-leading Vision One platform directly into their CleanRoom SaaS solution.

The powerful combination of Predatar and Trend Micro gives users recovery confidence by allowing them to proactively validate their ability to recover quickly and safely from backups and snapshots before a crisis hits.

Since launching the original CleanRoom nearly five years ago, Predatar has relied on Trend Micro’s robust Extended Detection & Response (XDR) capabilities to deliver threat detection, analysis and response. However, requiring customers to procure Trend Micro licences separately introduced friction in the buying and onboarding processes.

Predatar’s third-generation CleanRoom changes that. As part of its complete redesign, Predatar’s R&D team explored a range of alternative XDR tools — including other market leading products and open-source options. After extensive testing, Trend Micro remained the clear choice, consistently outperforming competitors across key criteria including detection speed, integration simplicity and overall resilience.

Ian Richardson, CTO at Predatar explains, “The quality of the XDR technology at the heart of Predatar is non-negotiable, but achieving a frictionless experience for our customers is key to the success of CleanRoom 3.”

Through collaboration with the licensing team at Trend Micro, the two companies have reached an agreement that overcomes the procurement challenges created by the unique way Predatar leverages Trend Micro technology.

Predatar’s CleanRoom 3 is now available – shipping with Trend Micro Vision One™, incorporating Trend Micro’s most powerful XDR engine yet. And what’s more, the required licensing is baked in too.

The new agreement has significantly streamlined the procurement and deployment of Predatar’s market-leading Recovery Assurance technology.

Jonathan Lee, Cybersecurity Director at Trend Micro commented: “Predatar’s technology brings a differentiated approach to cyber recovery, and the integration of our platform further enhances its capabilities. This collaboration reflects the strength of our partnership and our shared commitment to overcoming challenges and delivering continuous innovation.”

Learn more about pre-emptive Recovery Assurance

More than 80% of Predatar customers have found malware in their backups that they didn’t previously know was there. Infected backups and unrecoverable files have the potential to seriously impact incident response and could even make a full recovery following a cyber-attack impossible.

Don’t wait for a crisis to find out if you can recover. Find out more about pre-emptive Recovery Assurance with Predatar and Trend Micro at www.predatar.com

A blog from our Managing Director, Rick Norgate

For our global readers, let me set the scene. Marks & Spencer, or M&S, is more than just a retailer in the UK. It’s a national institution. Think tea, crumpets and politely saying sorry when someone bumps into you. It’s part of our cultural fabric.

So when M&S was hit by a major cyber attack over the Easter break, it didn’t just rattle the markets. It rattled the nation. As someone who spends every day thinking about how to make businesses more resilient to exactly this kind of event, I wanted to share some thoughts on what happened, why it happened, and what it tells us about where our defences are falling short.

The timeline

The attack landed over Easter, a public holiday weekend when IT and security teams were stretched thin. Scattered Spider, one of the more notorious ransomware gangs has claimed responsibility.

The attack wiped nearly £1 billion off M&S’s market value, and with some services (including online ordering) still not up and running, the company is reportedly losing around £43 million per week. Despite already paying out a reported £100 million to the attackers via cyber insurance, the company is predicting disruption will continue into July.

How they got in

It’s believed Scattered Spider started with social engineering. Phishing, impersonation, basically exploiting the human layer, which is still the weakest link. This is not unusual. In almost 9 out of 10 successful attacks, the entry point is a person.

Once in, they moved to install ransomware and access Active Directory, locking out admins and, it’s believed, tampering with backups. That’s a logical move. Backups are the safety net. If attackers can take that away, victims are left extremely vulnerable.

But the ransomware wasn’t the start

Most people think ransomware is step one. It’s not. According to Trend Micro over 90% of attacks start with reconnaissance tools such as keystroke loggers, spyware, credential harvesters. These tools are designed to silently gather intelligence about your estate. They can slip past XDR solutions and allow attackers to learn how to go deeper.

And they don’t hang around. The average time from initial breach to the encryption event is now just 14 days. In 2023, it was 100. That acceleration is no accident. Better security tools mean longer dwell times are risky for attackers. So they move quickly, hit hard, and aim to encrypt when your team is least available.

Enter DragonForce

Scattered Spider didn’t build their own ransomware. They used a service from DragonForce who are a dark web group offering ransomware-as-a-service. Think SaaS, but for criminals. DragonForce operates like a business, complete with account managers and affiliate programmes.

Their most popular kit is based on something called LockBit 3.0 which is a leaked builder tool that lets criminals easily customise powerful ransomware that is tailored for each target. It’s modular, it’s configurable and it’s dangerous.

So what if it hits you?

Let’s say LockBit 3.0 is unleashed in your environment. The great news is that fantastic tools exist to help. For example HPE Zerto has real-time encryption detection. IBM has lightening fast encryption awareness built into its FlashSystem storage boxes, while they also offer software based Sensors for virtual workloads.

These are great tools as they close the barn door fast once an encryption event starts. But not before a few horses have already bolted. That’s the nature of reactive defences. They reduce loss, not eliminate it.

So, why not stop it earlier?

Why not test everything, every day?

It sounds obvious, but we all know the reality. Deep scanning production environments for malware every day isn’t feasible. The performance impact on your production systems, the cost, the resources needed, and the disruption. It’s just not practical.

For this reason most XDR tools are configured to scan only new or modified files. That leaves plenty of room for reconnaissance tools to sit quietly, harvesting data while staying under the radar.

What if there was another way?

There is another way. And it doesn’t interfere with your production systems at all.

Your backups. That’s where the value lies. They are a goldmine of information that often sits idle, stored on expensive hardware, doing very little.

With Predatar and Trend Micro you can automate recovery tests of your backup servers in an isolated CleanRoom^TM every single day. Then you can use market leading XDR tools to scan them for malware with no negative impact on production performance. It’s fast, automated and powered by threat intelligence that’s updated multiple times daily.

We’re talking 500,000 new signatures a day, supported by over 450 threat researchers and 1,500 security engineers.

Why does this matter to CISOs?

Because recovery testing has always been a tick-box exercise. What we’re doing is turning it into a proactive security control. We’re detecting threats at stage one. That gives your team the time and space to respond before the damage is done.

And for those still sceptical?

We’ve found malware in 82% of the client estates we monitor. This is malware that their production XDR tools missed. Every one of those clients uses Gartner Magic Quadrant vendors for their production XDR.

And of that 82%, over half were stage one threats. Keyloggers. Spyware. Trojan horses. The kind of tools that groups like Scattered Spider may well have used to start the M&S attack.

Final thoughts

The M&S attack is a case study in how fast, sophisticated and strategic today’s ransomware operations have become. If your cyber resilience strategy only kicks in after encryption has started, it’s already too late.

Your backup is a valuable untapped asset, your second chance to catch what production missed. Learn more about Predatar Recovery Asurance.

Rick Norgate, Managing Director, Predatar

Cybercriminals can take your business down at any time. You need to know that if your organisation is hit by a serious attack, you can restore your critical systems and data – quickly and safely.

At Predatar, it’s our mission to give our customers total recovery confidence. The release of CleanRoom 3, our third-generation Cyber Recovery CleanRoom has made pre-emptive, AI-powered Recovery Assurance technology attainable for more organisations than ever before.

We’ve put all of our learnings from almost 5 years of ground-breaking CleanRoom innovation into CleanRoom 3. It’s a ‘ground up’ design, with one objective in mind… to lower the barriers to adoption for what is quickly becoming an essential technology for operational resilience.

You can learn how we’ve made CleanRoom 3 more flexible, so you can deploy it in more ways on more types of environment than ever before in this blog, or discover how we’ve made it possible to get your CleanRoom up-and-running in under an hour in this blog.

But, not only is CleanRoom 3 faster to deploy and more flexible – read on to find out how we’ve made it a more cost-effective solution than previous iterations… and made it easier to buy too.

Deploy CleanRoom 3 on your existing infrastructure

Predatar, is a subscription-based Recovery Assurance platform. Pricing is based on usage. i.e how much data a customer chooses to validate using Predatar. Some customers use it to continually test all of their backups and snapshots, while others use Predatar only for their business-critical data.

The pricing model is flexible and fair. It has rarely been considered as a barrier to adoption for prospective users. It’s a different story however, when it comes to the infrastructure required to perform the Recovery Assurance processes – until now.

Previous Predatar CleanRooms have required relatively high-spec servers with specific technical attributes. New customers would need to procure expensive hardware or spin-up expensive new Cloud infrastructure before they could set up their CleanRoom. This added a significant cost to the overall solution.

CleanRoom 3 has been designed to run on widely available ‘commodity’ hardware. Not only is this more cost effective to buy, but in many cases, customers already own this readily available and can deploy their CleanRoom on existing infrastructure.

Say good bye third-party licences

Unlike our previous CleanRoom iterations, CleanRoom 3 is a self-contained virtual appliance.
Delivered as an ISO, the new architecture removes the dependency on VMware, meaning Predatar customers are no longer required to purchase VMware licenses.

We’ve also worked closely with our Cyber Security partners to remove the requirement for Predatar customers to purchase third-party licensing for the XDR (Extended Endpoint Detection & Response) capabilities that are built in to Predatar.

For Predatar customers using Cleanroom 3, XDR licensing is baked into their Predatar subscription at no additional cost.

Easy to deploy. Easy to buy.

The combination of hardware flexibility and no third-party licensing makes Predatar significantly more cost-effective than ever before. Speed and simplicity of deployment means new customers can save on upfront deployment costs too.

And not only is Predatar now significantly more cost effective. It’s much easier to buy too. Where once, Predatar customers would need to procure Infrastructure, VMware and XDR licences from different vendors in addition to their Predatar subscription, now a single Predatar subscription is all that is needed.

Get Recovery Confident

To learn more about how CleanRoom 3 is making Recovery Confidence achievable for organisations like yours, join our next webcast.

Sign up today!

With your backups under attack from cybercriminals, you need to know that your data is clean and recoverable before a crisis hits. But the complexity and disjointed nature of modern storage environments can make meaningful data validation almost impossible.

Predatar has been pioneering cyber recovery cleanroom technology for almost five years, and with the release of CleanRoom 3, we’ve changed the game again. Our third-generation CleanRoom has been redesigned from the ground up for simplicity and flexibility.

Because, if you’ve got a complex and disjointed storage environment, the last thing you need is complex and disjointed data resiliency solutions.

Unified Recovery Assurance

Large organisations often have multiple storage and backup technologies in play. It’s not unusual for a large business to store data in the Cloud and on-premise. As well as backups, they might also use immutable snapshots for their most critical data. It’s likely they’ll leverage technologies from Mainframe to VMs and newer technologies like Kubernetes too.   

Holistic resilience is a fundamental principle at Predatar. It’s our ambition to create technology that can validate the cleanliness and recoverability of your critical data, regardless of what it is and how it’s stored.

Predatar already supports proactive recovery testing and advanced malware interrogation across backup and primary storage products – from vendors including IBM, Veeam, Pure, Cohesity and Rubrik – and now with CleanRoom 3, we‘ve made it even more flexible.

Flexible deployment

Until now, a Predatar CleanRoom could only be deployed as a Virtual Machine running on VMware, meaning that only organisations running VMware environments could benefit from Predatar’s unique recovery assurance capabilities.

With the launch of CleanRoom 3, Predatar is no longer VMware-dependent. Predatar customers can now deploy a Cleanroom as a Virtual Machine using other hypervisors too, for example in a Hyper V environment. This will become increasingly important as organisations reconsider their choices following Broadcom’s acquisition of VMware last year and the subsequent price hikes.   

In fact, the new CleanRoom architecture means that for the first time, a CleanRoom can be deployed directly onto bare metal, removing the need for a hypervisor entirely.

Where previously, customers would need to acquire new hardware or cloud infrastructure to deploy a CleanRoom, the new levels of flexibility mean that in many cases new customers are able to build CleanRoom 3 on hardware they already have.

Deployment simplicity

Not only is the operating system built-in, but the EDR (Endpoint Detection & Response) software that Predatar uses for malware interrogation and cleaning is too. Previously, Predatar customers would need to buy VMware and third-party XDR licences, and configure their cleanroom to recognise the licence keys – now it’s all baked in.

CleanRoom 3 is supplied as a single, downloadable ISO image which can be configured via an easy-to-use setup wizard and installed quickly. A Predatar CleanRoom can be up and running in under an hour.

Everyday simplicity

Regardless of whether you’re using Cleanroom 3 or a previous version, you’ll use the same Predatar CRO (Cyber Recovery Orchestrator) software to manage it. That means you’ll benefit from the intuitive GUI and all of the user-friendly features that customers have come to expect from Predatar.

But in addition, CleanRoom 3 leverages continuous updates to ensure the platform remains secure, up-to-date, and optimised without requiring manual intervention. The system continuously downloads updates and enhancements from Predatar’s repositories to ensure that CleanRoom 3 is always equipped with the latest security improvements, malware definitions, and performance optimisations.

By automating the update process, CleanRoom 3 eliminates the need for manual updates by engineers, reducing the risk of human error, saving time, and making day-to-day admin and maintenance easier than ever.

Think again about Cleanrooms

If you think that cyber recovery cleanrooms are complicated and expensive, think again! To find out how a Predatar CleanRoom can make recovery confidence a reality in your organisation, join our next webcast.

Don’t miss this live session: Register now