Month: September 2025

There’s a scene in the movie Shrek, where he explains to Donkey that ogres are like onions, “they have layers” Shrek says. But Donkey doesn’t get it.

He complains that onions smell, they make you cry, and if you leave them out in the sun, “they turn brown and sprout little white hairs.” 

It’s a funny moment, but it’s also a reminder that layers matter. Neglect them, and they go bad. When it comes to cyber resilience, the same is true. 

Cyber Security vs Cyber Resilience

Most businesses and most cybersecurity professionals already understand that Cyber Security needs layers. Nobody relies on just one product to keep attackers out. They invest in firewalls, XDR tools, SIEM platforms, SOAR automation, and more. It’s a defence-in-depth strategy designed to stop even the most persistent and aggressive intrusions. 

But when the conversation shifts to Cyber Resilience, (the ability to recover when an attack does get through) that layered thinking often disappears. Responsibility usually falls to infrastructure or IT operations teams, and here the market is flooded with vendors promising “one solution to fix all your resilience problems.” 

Sadly, much like Shrek, it’s total fantasy. Just as security needs multiple layers to stop people getting in, resilience needs multiple layers to get you back up and running when things go wrong. Recovering from ransomware isn’t the same as recovering from mass deletion, and neither is it the same as protecting against data theft. Each scenario requires different technologies, different approaches, and different ways of proving you can bounce back. 

Resilience is not a single product. It’s an onion. 

Why Layers Matter

Attackers don’t follow a script. They exploit whatever door is left open: 

• Poorly patched systems 

• Compromised credentials 

• Misconfigured remote desktop (RDP) 

• Day-zero vulnerabilities 

• Human error 

And once inside, their goals differ: 

• Data theft (exfiltration): quietly stealing information. 

• Data destruction: wiping files to cripple operations. 

• Encryption and ransom: locking systems down for profit. 

Each of these requires a different kind of detection and a different kind of recovery. That’s why resilience must be layered with overlapping defences that detect, contain, and restore, no matter what form the attack takes. 

IBM Storage Defender: Layers That Flex With You 

This is where IBM Storage Defender stands apart. Rather than selling the fairy tale of one-size-fits-all, IBM builds resilience in modular, flexible layers that can adapt as your risks and priorities change. 

Here’s how those layers work together: 

• File-level anomaly sensors flag unusual behaviour before it spreads. 

• Real-time ransomware detection built into IBM FlashSystem stops encryption attempts mid-attack. 

• Safeguarded immutable copies create untouchable restore points, immune to deletion or corruption. 

• Air-gapped backups provide an offline safety net. 

• Automated recovery workflows slash downtime from days to hours. 

• Centralized dashboards and analytics help teams detect trends and spot vulnerabilities before attackers do. 

And because every business is different, IBM’s Resource Units licensing model makes it easy to pick the layers you need today and shift them as your environment evolves. It’s flexibility by design not a locked-in bundle. 

Predatar: Proving Recoverability

Of course, it’s not enough to have defences; you also need to prove recovery. That’s where Predatar adds another vital layer. 

Predatar goes beyond backup. It proactively hunts for malware hidden in recovery environments to find the kind of threats that may have slipped past your XDR tools. In fact, Predatar has found malware in 86% of customer environments. That’s proof that threats often linger undetected until they’re ready to strike. 

By validating backups, scanning for ransomware, and demonstrating recoverability, Predatar ensures that when you hit restore, you’re restoring safely – and not bringing back the problem that took you down. 

The Onion Lesson

Donkey was right: onions left unattended go bad. The same is true of cyber defences. Leave them neglected, untested, or oversimplified, and you’re handing attackers an opportunity. 

Build layers, and resilience becomes something attackers can’t easily peel away. IBM is one of the few vendors honest enough to say that resilience takes multiple layers, and with Storage Defender plus partners like Predatar, businesses can finally build security that doesn’t just defend, but recovers too. 

So yes, onions may make you cry. But with a multi-layered approach to resilience, it’s the attackers who will be in tears. 

---

Discover Predatar for IBM Storage in 90 Seconds.

It’s never been easier to add a Recovery Assurance CleanRoom to your existing IBM storage environment. Discover how Predatar works in this short video. To find out more, contact your IBM Storage Rep, your IBM Reseller, or contact us directly.

Practical steps you can start using today to build recovery confidence and get compliant.

In a recent blog, we looked at how regulations like NIS2, DORA and FISMA are changing the game for backup and recovery.

You can read it here:
Regulations Crash the Party

The response to the article has been huge. We’ve been receiving a lot of questions asking for more detail. Unsurprisingly, regulatory compliance seems to be high on the list of priorities when it comes to the challenges our readers are facing right now. 

At Predatar, we like to give the people what they want. So, in this blog we’re digging deeper into the topic. We’re moving from the ‘why’ to the ‘how,’ to give you practical advice that will help you prove you can recover effectively – giving you recovery confidence and helping you achieve compliance.

Here’s a practical playbook based on 7 steps you can start using right away. 

#1. Know your obligations 

Begin by understanding exactly which regulations apply to you. This might be direct (because you operate in a regulated sector) or indirect (because you are part of the supply chain for a regulated customer). Write the requirements down, highlight the parts that relate specifically to recovery, and make sure your leadership team and IT teams are looking at the same information. 

#2. Define what “acceptable” downtime looks like 

Your Recovery Time Objective (RTO) should never be a guess. It should reflect the real cost of downtime in your business. Calculate what an outage of critical IT systems will cost your business per hour and multiply this by how many hours a full recovery will take. Is the total acceptable? Can your business tolerate the impact? If not, you’ve got important work to do.

To give some context, The True Cost of Downtime in 2025 Report by Erwood Group has found that for 90% of medium-sized enterprises, the cost of IT downtime is greater than $300,000 (USD) per hour.

#3. Test your backups every single day 

It’s not enough to run a quick restore in a safe lab environment once a year or carry out the occasional data centre failover test. The threats you’re facing today don’t wait for annual tests. Modern ransomware and the reconnaissance tools attackers are using are designed to evade primary security tools without detection. By the time an attack is launched, the malware has probably burrowed deep inside your backups. 

We know this because Predatar has found hidden malware in the backups of 86% of our customers. If you’re only testing infrequently, you’re giving the attackers a head start. Testing daily means you can catch and remove malicious code before it has a chance to cause real damage, and you can be confident that your recovery point is both safe and ready to go when you need it. 

#4. Check the health of your backups 

Before you recover anything, be certain it’s clean. This means scanning for dormant malware and confirming the integrity of the data before it re-enters your production environment. 

#5. Automate the evidence 

Most regulations don’t just want you to be compliant, they want you to prove it. Automate the collection of logs, test results and recovery reports so that when the auditors ask for proof, you can provide it immediately. 

#6. Close the gaps quickly 

If a test shows you are not meeting your RTO, or if your backups fail a malware scan, treat it as an opportunity to improve. It is far better to find and fix weaknesses during a test, rather than in a real crisis. 

#7. Make it part of your routine 

Recovery testing should be part of your regular operational rhythm. Daily testing ensures your team is always ready, and your documentation is always accurate and up to date. Thanks to automation and AI, daily recovery testing and reporting is now easy to achieve.

Why this matters now 

Whether it’s NIS2 in Europe, DORA in financial services, or FISMA in the US, the message is the same. You must be able to recover quickly, cleanly, and with proof. 

Following this playbook is not just about passing compliance checks. It is about building true resilience. It’s the confidence that when the worst happens, you can get back to business without the drama. 

What next?

The Predatar Recovery Assurance platform can do a lot of the heavy lifting. From fully automated recovery testing and malware scanning to automated evidence reporting, Predatar makes it simple to be ready and to prove it.

Watch this short explainer video [90 seconds] to learn more, or visit predatar.com to book a demo.