Backups used to be boring. Not anymore. Regulations like DORA, NIS2, and FISMA have arrived – and things have got a lot more interesting.
For a long time, backup and disaster recovery lived quietly in the background. You knew it was important. You had something in place. Maybe you even tested it…. once a year.But now, governments and regulators are paying attention.
And they’re not just asking if you have backups. They want to know, in detail, how fast you can recover, how clean those backups are and what evidence you have to prove it.
Regulations like NIS2, DORA, and FISMA are leading the charge – and if your business touches critical infrastructure, finance, healthcare (or even just supplies companies that do) this matters to you.
Let’s take a look at what’s changing and how you can stay ahead.
So, what are these regulations actually saying?
NIS2 (The EU’s Network & Information Security Directive) This one landed in October 2024 and has recently dramatically expanded who it applies to. Suddenly, mid-sized companies are on the hook for proving they can respond to and recover from a cyberattack. The key point is that regulators want evidence that your recovery plans work. Not assumptions. Not best efforts. Actual proof.
DORA (Digital Operational Resilience Act) This one’s aimed at financial services, but if you sell into that world (or work with a firm that does), you’re likely affected too. DORA demands frequent, real-world testing of recovery systems, not just theoretical policies.
Think ransomware simulations, timed recoveries, and clean-room validations.
FISMA (US Federal Information Security Modernization Act) Updated to reflect today’s threat landscape, FISMA now requires integrity checks on restored systems. In other words, can you prove your backup isn’t infected before putting it back into production?
Why this matters and what’s at risk?
Let’s cut to the chase. Failing to comply doesn’t just mean a slap on the wrist. It means you face:
Hefty fines
Lost business, especially if your customers need you to meet their own compliance needs
Reputational damage if recovery from an attack takes days (or worse, reintroduces malware)
We’ve seen this play out. More than once. And it’s no longer just a security issue, it’s a board-level conversation.
Recovery Assurance: Your compliance ace in the hole
At Predatar, we believe that the most overlooked part of cybersecurity is what happens after an attack.
That’s where Recovery Assurance comes in. It gives you the confidence—not just that you have backups, but that they actually work, are malware-free and can get you back up and running when it counts.
Even better, it gives you the audit-ready evidence regulators are asking for.
Let’s map that out:
Regulation
What they want
What Predatar does
NIS2
Proof of working recovery strategy
Automated risk-based recovery testing
DORA
Simulated attack recoveries
CleanRoom testing + recovery scoring
FISMA
Clean, validated backups
Threat scanning + evidence trails
No guesswork. No scrambling when an auditor shows up. Just scheduled, reliable, and reportable testing that proves you’re ready.
What should you do next?
If any of this has your attention, here are some practical steps:
Find out which regulations apply to you (or your biggest customers).
Review how often you test your backups and how real those tests are.
Ask yourself: could we prove we’re compliant if asked tomorrow?
Let’s talk. We make this process simple.
Wrapping it up
Regulators aren’t just looking for cybersecurity best practices anymore. They want real-world readiness. The ability to recover, quickly and cleanly, with proof to back it up.
That’s where Recovery Assurance fits in. And that’s where Predatar can help.
If you’d like to see how Predatar supports customers navigating these changes, get in touch today, and if you know some that needs a nudge, don’t forget to share this post with them.
Cybercriminals are innovative, agile, and tenacious. Most medium and large enterprises are not. Ransomware gangs have significantly changed the way they operate in the last 12 to 18 months. But, have you significantly changed your approach to detection and response for ransomware events in your organisation? No, didn’t think so.
How it begins
Some things haven’t changed. Most ransomware attacks still start the way they always have. Someone clicks a phishing link. A password gets reused. A system goes unpatched. In fact, the top three breach methods remain the same:
– 78% start with human error: Including phishing, stolen credentials, compromised employees or social engineering
– 11 % come from misconfigured or unpatched systems: Including system integration points such as poorly developed APIs
– Only 3 % involve zero-day exploits
Then: Quiet, patient, and hidden in plain sight
Attackers haven’t changed the way they get in, but they have changed what they do once they’re inside. Two years ago, attackers took their time. Once they had access, they’d quietly explore. Their approach was known as ‘living off the land,’ using the tools and credentials already inside your environment to avoid detection. They would:
– Use PowerShell to run commands without downloading new tools
– Use Remote Desktop Protocols to move around your environment
– Set up scheduled tasks to ensure that access privileges remained in place
– Exploit default admin accounts to hide in plain sight
All the time, they would be quietly seeding their ransomware scripts across systems, often spreading them into backups unnoticed. The longer they stayed, the more control they gained, and the more chaos they would cause when they finally ‘pulled the trigger’ on the attack.
Two years ago, the average ‘dwell time’ was well over 100 days.
Now: Fast, automated and clinical
This approach no longer works. Security technology has improved significantly. Businesses are investing more than ever in tools like:
– EDR (Endpoint Detection and Response) – XDR (Extended Detection and Response) – SIEM platforms with real-time alerting
These tools detect behaviour patterns, track lateral movement, and raise alerts much earlier than they did before. To stay ahead, attackers have flipped the playbook.
Now they use automated reconnaissance tools (used in 91% of modern breaches). These tools scan entire environments in hours, logging keystrokes, showing attackers where backups are stored, how security policies are configured, and which systems hold the keys.
From breach to boom can now take less than 14 days.
What attackers target first
Once they’re in, attackers don’t waste any time. Their priorities are usually the same:
– Active Directory: to escalate access and move freely – Backup systems: to delete copies, corrupt data or block recovery – Security tools: to modify policies, disable alerts and whitelist malware
They time the final attack – often referred to as the “boom moment” – for when your team is least ready. Think long weekends and public holidays.
Why your security tools aren’t catching everything
Here’s the part that often gets missed. Production security tools aren’t typically configured to scan every file on every system, every day. Doing this would kill the performance of production systems and seriously impact your business’s ability to operate.
Instead, they typically scan files when: – They’re created – They’re modified – Occasionally, when they’re accessed.
This means if malware slips past the perimeter defences, it can go completely undetected. So what’s the answer?
The answer (and probably some malware) is in your backups.
The team at Predatar has realised something very powerful. Your backups are much more than a last line of defence, they can be the frontline in threat detection. Your backups are a copy of all of your data, and while it’s not practical to continuously scan your production systems every day – you can scan your backups.
The Predatar Recovery Assurance platform continuously moves backups into an isolated CleanRoom, where it uses best-in-class integrated security tools from Trend Micro to interrogate every file for signs of malware, with no negative impact on production systems.
Today, businesses around the world are using Predatar to validate the recoverability and cleanliness of their data 24×7, and the findings are truly worrying.
In the last year alone, Predatar has discovered malware in more than 80% of its users backups. That includes:
– Active ransomware strains: complete with embedded ransom notes – Encrypted data from attacks: that customers did not realise was in progress – And in over 50 percent of cases: reconnaissance tools that help attackers map environments and identify weak points
What does this mean for you? Let’s start with the good news. With Predatar, you can perform in-depth security scanning in your backup environment that simply isn’t possible on production systems. The bad news? Well, you probably already have malware hiding in your data.
Data resilience is now a priority for storage and backup teams. They need certainty that the data they’re responsible for hasn’t been compromised. They need to know that when it’s needed, it can be used for a clean and fast recovery. They need to know there is no risk of reinfecting production systems following a cyberattack.
The Predatar Recovery Assurance platform and Veeam SureBackup have both been designed to solve these challenges. Because Predatar works with Veeam Backup & Replication, the question we regularly get asked is ‘Which one is right for my business?’
For many Veeam customers, SureBackup is a great choice – especially as it’s included at no additional cost within some Veeam subscriptions. However, for lots of Veeam customers, Predataris the best option. For example, Predatar’s speed, automation capabilities, and advanced reporting makes it an ideal choice for highly regulated organisations that need to achieve recovery validation at scale, and prove compliance. Businesses using multiple backup products may also find that Predatar is a better fit for them.
This article will help you understand the differences between these two solutions, and make the right choice for you.
Access to Veeam SureBackup and Predatar
When it comes to accessing SureBackup, things are a little complicated. It’s only available as part of some – but not all – Veeam subscription packages. It’s not available as a standalone product, so if it’s not part of your subscription, you will need to upgrade your Veeam plan to use it.
You can find out which Veeam subscription plans include SureBackup here.
It’s also important to know that in order to unlock ALL of the power of Veeam SureBackup, user will also need Veeam ONE and Veeam Recovery Orchestration subscriptions.
When it comes to Predatar, it’s much simpler. Predatar is available as a standalone subscription platform. It is available to all Veeam Backup & Replication users, regardless of their subscription package.
Core functionality
At a high level, Veeam SureBackup and Predatar are built to achieve the same goal: to validate the recoverability and cleanliness of backups. The differences lie in how they do it, their scalability, and in the scope of the backup platforms and file types each one supports.
Backup application support
Veeam SureBackup is built into Veeam Backup & Replication and is designed to validate both VMware and Hyper-V VMs (Virtual Machines). It works well on-prem or in hybrid setups, but not when Veeam runs entirely in the cloud.
By contrast, Predatar is an independent, vendor-agnostic platform providing broader support. In addition to validating Veeam backups, Predatar can also validate backups from:
• IBM Storage Protect, • IBM Defender Data Protect, • Cohesity Data Protect, • Rubrik Security Cloud.
Additionally, Predatar can validate immutable snapshots on IBM FlashSystems and Pure Storage boxes. This makes Predatar a great fit for businesses with two or more backup and storage technologies in their stack.
Workload support
Veeam SureBackup supports Windows and Linux VMs. Predatar goes further, not just validating Windows and Linux virtual machines but also Windows and Linux bare metal servers, SQL databases, and AIX workloads too.
Automation and AI
Veeam SureBackup provides the ability to run automated workflows for recovery testing and antivirus scanning that significantly reduce time, complexity, and manual effort. However, the ‘out of the box’ workflows are relatively basic, and can only triggered based on pre-defined schedules. While the schedules are easy to configure by the user, more advanced automations are only possible with Veeam Recovery Orchestrator (a separate product), or with custom scripting via PowerShell.
Predatar’s built-in automations are more advanced and highly customisable via an easy-to-use interface featuring dropdown options and simple toggle switches. In addition to pre-defined schedules, Predatar automations can be triggered by threat alerts, failed backup runs, SIEM notifications and more.
One of the most impressive aspects of the Predatar platform is the underlying Aurora AI engine. Aurora continually monitors thousands of signals across your backup environment and external intelligence sources to apply a real-time risk score to every node in your environment. Aurora will trigger and prioritise automated testing of workloads at high-risk with no human intervention required.
Veeam’s Isolated lab vs Predatar CleanRoom
Veeam SureBackup uses Isolated Labs. Predatar uses a CleanRoom. So, what’s the difference?
The purpose and general principle are the same: both are safe, segregated environments where backups can be tested for recoverability and potential infections — without any risk to the performance or integrity of production systems.
Veeam’s Isolated Labs run inside on-premise hypervisors and require a Proxy appliance, virtual switch configuration, and access to production backups. When a recovery test is triggered, SureBackup will immediately spin-up an Isolated lab on a VM. Once the workflow is complete the lab will vanish.
Predatar CleanRooms are permanent, always-on environments, which can be deployed on bare metal, hypervisors, or in the cloud – in a just a few hours. CleanRooms are designed to continually run recovery tests and malware interrogation 24x7x365.
Threat intelligence
SureBackup uses ClamAV, an open-source antivirus engine, to detect known infection signatures hiding in your backups. Predatar includesTrend Micro Vision One – recognised by Gartner as a ‘Leader’ in XDR platforms – at no additional cost.
Vision One updates four times daily with up to half a million new malware and ransomware definitions. It brings the insight of over 1,600 threat researchers directly into your backup validation. The strength of this collaboration with Predatar and Trend Micro has meant that Predatar has found malware or in more than 80% of its customers backups that their production security tools had missed.
Speed and performance
In controlled lab conditions, Predatar was tested alongside Veeam SureBackup to evaluate the success and performance of recoverability and cleanliness validation for backup data.
Each solution was tasked with testing 100 virtual machines (including both Windows and Linux), ranging from 100 GB to 500 GB. Some VMs were deliberately infected with sample malware to simulate a realistic threat scenario.
While both products successfully detected the infections, Predatar completed the tests in just 41 minutes, compared to 3.5 hours for Veeam SureBackup.
Trust and Credibility
Did you know, Predatar is a Veeam Ready Partner? For many Veeam customers, Predatar may be a brand they’re not yet familiar with. But Predatar has been creating backup intelligence and automation tools for over 10 years, and has been pioneering Cyber Recovery CleanRoom technology for nearly five years.
In 2024, after rigorous validation by Veeam, Predatar was awarded Veeam Ready status. Today, Veeam users around the world are using Predatar every day, to proactively prove their recoverability.
Veeam SureBackup focuses on technical backup and recovery metrics and feeds them directly into Veeam ONE. This is particularly convenient for storage and backup administrators already leveraging Veeam ONE for dashboards and reporting.
Predatar’s reporting is designed for compliance teams as well as backup teams. Out of the box, reports align with NIS2 and other commonly used frameworks, giving you proof of cyber recovery confidence not just technical success.
Conclusion
Veeam SureBackup is a solid option for many Veeam Backup & Replication users — especially small to medium sized businesses with Veeam Universal Licences (VUL).
Predatar offers a more robust and comprehensive solution, organisation handles large volumes of data, wants to test more than virtual machines, operates a multi-vendor environment, or runs 100% in the cloud, Predatar is likely to be the better choice. It delivers deeper automation, broader workload support, and reporting that stands up to the toughest audits.
Want to dig deeper?
Take a look at our Veeam SureBackup and Predatar comparison table and FAQs here. They will help you evaluate both solutions and choose the one that’s right for your organisation.
Keep us honest: At Predatar, we make every effort to ensure our content is accurate. If you believe anything in this blog is misleading, incorrect, or out-of-date, please let us know.
Celerity’s acquisition of Silverstring kick-starts a new era for Predatar.
It takes almost 10 days to trek to Everest Base Camp.It’s a difficult journey. The risks of altitude sickness, injury, and physical exhaustion mean that a quarter of adventurers who set out on the journey don’t even make it that far.
As we stand at the foot of our own Everest, we’re allowing ourselves a few moments to reflect on the achievement of getting here – to our own metaphorical base camp – before the adventure gets really interesting.
So how did we get here?
A pioneer was born
The Predatar story started more than a decade ago. Silverstring Limited was – and still is – an innovative Managed Service Provider (MSP) delivering backup and recovery services for enterprises with complex storage environments. Rewind 10 years, and the business was struggling with the challenges of growth. The service delivery team was drowning in repetitive reporting and admin tasks. As the business grew, so did the tasks.
Founder and CEO, Alistair Mackenzie, recognised that automation was the answer. The engineers at Silverstring set about building a tool that would streamline the manual and time-consuming jobs that were impacting productivity. The platform that would soon become known as Predatar was born. User-friendly, flexible, intuitive, in the cloud – the platform was ahead of its time.
It quickly became clear that other MSPs and backup teams inside large organisations could benefit from the pioneering technology that Alistair and his team had built. In 2017, Predatar Limited was born: a SaaS business created under the wing of Silverstring Holdings, to take the product to the world.
The first steps on the journey
Just like the trek to base camp, many start-ups don’t make it. But Predatar has had a big advantage: a strong, knowledgeable, and dedicated companion and guide. Silverstring has been our Sherpa in the early stages of the Predatar journey. Without Silverstring leading the way, those first treacherous climbs wouldn’t have been possible.
In the beginning, Predatar Limited had a great product and big ambitions, but no customers and no revenue. Silverstring helped us take our first steps. With the financial support of an established and profitable business, we recruited the best people. We got stronger.
Silverstring’s knowledge of the market and insights from its customers drove our innovation roadmap and our product development. We got smarter.
Silverstring helped us find our first customers. Our strides got bigger.
A fork in the path
When we started out, customers told us that they were lacking confidence in their backups. Complicated and opaque technology meant they didn’t have visibility of backup success rates or backup run failures. Predatar fixed this for them.
But then the world changed. Suddenly, our customers were asking different questions. The big one – the one that was now keeping them awake at night:
Will our backups be recoverable in a cyberattack?
The Predatar team did what we do best. We innovated. By leveraging our deep technical knowledge in automation for backup and recovery – and by partnering with Trend Micro, a world leader in cyber security technology – we developed the world’s first proactive cyber recovery cleanroom, and software that automates the continuous validation of backups, to prove they are always recoverable and free from malware.
The decision to pivot from a backup and recovery management platform to one that is focused on cyber recovery assurance has been a defining moment in our journey. It was a game changer. We’ve built a product that isn’t just a nice-to-have for businesses – It’s a necessity for operational resilience.
Going our separate ways
So here we are. Our journey to base camp has taken eight years. The role that Silverstring has played in getting us here is without doubt. But it’s time to go our separate ways.
Silverstring, our companion and guide, will go on to have many more adventures – and the next one starts today, as they join the Celerity family. Backed by major capital investor BGF, Celerity Limited is on its own big expedition, and the Silverstring team will bring their unrivalled expertise in backup and recovery assurance services to complement the extensive cyber security and infrastructure capabilities of Celerity. Together, they will reach new heights.
With renewed focus, energy, and investment from the sale of Silverstring Limited, Predatar will continue under the ownership and direction of Alistair Mackenzie.
Our Everest
We’ve already defied the odds to get this far. We’ve created truly a unique technology with patents in the USA, Europe, and the UK.
Last year, our Annual Recurring Revenue (ARR) grew by 100%, and the number of businesses using Predatar more than doubled. Today, we’ve got more than 100 customers across North America, Latin America, Europe, Middle East, Africa, and Australia.
For Predatar, our Everest is scale. We want every business in the world to know the potential of Predatar’s recovery assurance technology for their operations. It’s a big goal for an independent start-up from Oxford, UK – but we’ve never been short of ambition.
Big tech vendors and ambitious startups alike have seen our technology. They’ve seen the opportunity. And they want to catch us. We must stay ahead.
With the summit looming large on the horizon, we’re more than ready to tackle the challenge – and we’ll do it our way. The Predatar way. We will be more agile, more focused, and more daring than ever before.
Every day, we will go further than the last. We’ll move faster. We’ll climb higher. We will remember the journey we have been on. But we won’t look down.
Keep track of our journey
Stay in the loop with all the latest news from Predatar. Get market insights, product news, and practical advice for operational resiliency delivered directly to your inbox. Subscribe to news
