Author: Ben Hodge

As the dust particles settle on the epic finale of Stranger Things, we can’t help but see some parallels between Hawkins and a typical enterprise storage and backup environment. Bet you’ve been thinking the same thing, right?

Your Hawkins

The world that everyone interacts with, every day. The data your employees rely on lives here, the applications they use are run from here, the systems your customers use to access your products and services are here too. Your production storage is your Hawkins.

Your digital citizens go about there everyday lives, safe in the knowledge there are people and systems designed to keep things running smoothly and to make sure the world is safe. Think of business continuity teams as the local government, and your cyber security team as Hawkins Police Department.

The Upside Down

Just like the Upside Down is a mirror of Hawkins, there’s a mirror of your production data. It’s right there, just out of sight and beyond the reach of your citizens. It’s your backup environment. A constantly evolving replica of your data world.

Almost every business has an ‘Upside Down’ and if you’re lucky, yours is free from evil. But ‘lucky’ is exactly the right word – because Predatar has uncovered malware in the backups of more than 90% of its users.

The unsettling reality is that your backups are very likely to be infected. Left unchecked, just like the Mind Flayer’s tendrils, the infection will spread. Silently, turning your backup environment into a deeply dangerous world.

The Abyss

Just like the Upside Down in Stranger Things is a bridge to access – and ultimately – to destroy the real world by plunging it into the Abyss, cybercriminals are infecting your backups as a part of a bigger, more sinister plan. They want to take your entire organisation offline and make recovery impossible.

This is the Abyss – a world of chaos and total operational paralysis.

Staying away from the Abyss

Here are 3 takeaways from Stranger Things to help you keep your organisation’s ‘Hawkins’ safe, and avoid plunging into the Abyss.


Fight evil at the source
Fighting demidogs, possessed humans, Vecna, or even the Mind Flayer itself in Hawkins was never going to be enough. Just like the heroes of Stranger Things, you’ll need to get tooled-up and go hunting in the Upside Down.

Danger comes from all angles
The Mind Flayer took on many forms, but there were other threats at play too. Dr Brenner, the Russians, and the US Government all put the safety of Hawkins at risk.

Don’t be fooled into thinking that cybercrime is the only risk to your operational resilience. Untested software updates, hardware failures, human error, natural disasters, and more can put your resilience at risk.

You need super-powers
There is at least a dozen heroes in Stranger Things. Most don’t have any superhuman abilities. We love these characters, but lets be clear – Ultimate victory against the forces of evil simply wouldn’t have been possible without Eleven.

You need to get yourself some superpowers.

What next?

Become the Eleven of resilience with Predatar – Your operational resilience superpower. Predatar hunts down and eliminates signs of danger including malware and unrecoverable workloads in your backups and snapshots before they become a real world nightmare.

Watch the video to learn more, book a demo, or send us a message.

The new Predatar Black Widow release adds support for Zerto-replicated workloads to extend recovery assurance across even more of our customers’ storage and backup environments.

Businesses need recovery confidence — They need to know that they can quickly and safely restore critical systems after incidents like ransomware attacks, data-centre outages, or any other unforseen issue. That’s our mission – to give customers total recovery confidence.

We’ve made epic strides over the last few years, but with storage environments growing ever-more complex and disjointed it’s not an easy goal to achieve. That’s why expanding platform support is essential.

Predatar already supports leading backup and storage vendors including IBM, Veeam, Rubrik, Cohesity, and Pure — and with R18 Black Widow, Zerto is now included too, taking our customer’s even closer to total recovery confidence.

Why Zerto?

Innovation at Predatar is driven by our customers. Zerto support has been one of the most frequent requests in the last 12 months – and it makes perfect sense.

Just like Predatar, Zerto is complementary to traditional backup. And just like Predatar, it’s a popular choice for organisations that take resilience seriously and understand the need for fast, safe data recovery.

Many existing Predatar customers that are already benefiting from automated recovery testing and malware scanning for their backups – are also using Zerto for continuous replication of their most critical data. Now, these customers can also validate the data they replicate with Zerto in their Predatar CleanRoom. No need for a new Predatar licence or a separate CleanRoom.

Zerto and the rise of cloud vaults

The concept of vaults, particularly as a method for protecting data from cyber-attacks has been around for a few years now, but it’s really been gaining traction in the last couple of years. Leading storage and cloud providers have productised the concept and made it easy to spin up a secure vault in the Cloud.

The Cloud vault market will continue to grow, and for businesses that are deploying vaults, Zerto is a strong choice. Zerto’s unrivalled recovery speed means that if/when an organisation needs to retrieve data from their vault – the disruption is minimised. This is useful in any scenario, but in the event of a major outage, the benefit will be huge. That’s why Zerto is built in to the HPE Cyber Resiliency Vault.

Many HPE customers are also choosing to add Predatar to their Cyber Resilience Vault. Here’s why…

What Zerto and vaults don’t do

A vault makes sure that cybercriminals can’t compromise or encrypt your data once it’s locked away. Zerto makes sure you can get the data back, fast, if you need to. But what if your data was already infected before it was replicated to your vault?

This isn’t a hypothetical question. Predatar has uncovered malware in the backups and snapshots of more than 90% of its customers. If malware is left undetected inside your vault it will seriously impact your ability to recover quickly and can even lead to reinfection of your production systems following a cyberattack.

Learn more about Predatar for Zerto

To find out more about how Predatar can give you confidence that your Zerto replicated workloads are recoverable and safe, take a look at the R18 Black Widow release page.

What’s next?

The R18.0 Black Widow release isn’t all about Zerto. It lays the groundwork for some big UI and usability updates early next year. And of course, support for more backup and storage products are the pipeline too. Sign-up for Predatar news here to stay in the loop.

Do you really need both?

At first glance, it’s easy to think that Predatar’s capabilities are the same as the resiliency features that are available natively inside Rubrik Cloud Data Management.

You might hear both Rubrik and Predatar talking about things like Threat Hunting, Cyber Recovery, and Clean Rooms. So why would Rubrik customers consider adding Predatar Recover Assurance?   

This article will answer that question by focussing on 3 key areas:

1. Cost and feature availability
2. Automated recovery testing
3. Vendor and workload support

Core Functionality

Before we dig into the details, it’s important to recognise that when looking at Rubrik and Predatar, it’s not an ‘apples for apples’ comparison. Rubrik aims to be an all-in-one backup and resiliency platform. Predatar, on the other hand, doesn’t do the backup management bit. Predatar is designed to work with leading backup products, including Rubrik, to give customers unprecedented recovery confidence.

Predatar’s core purpose is to prove that all of your backups, whether they’re managed in Rubrik or another backup product, are always recoverable and free from infection. So if the worst happens, you know you’re good.

1. Cost and feature availability

When weighing up the options for boosting resilience in your backup environment, it’s important to know that many of Rubrik’s resiliency features are only available with a Rubrik Enterprise Edition License.

Rubrik customers on the top subscription tier – Enterprise Edition – will benefit from one of the most comprehensive cyber resiliency toolsets on the market with features including data classification, advanced threat hunting powered by Google’s Mandient threat intelligence, SIEM integrations and Cyber Recovery Simulation.

However, Rubrik customers with Foundation Edition or Business Edition licenses will likely find that the resiliency features that are available to them are pretty basic.

Check out our features comparison and FAQ for more detail.

Upgrading your Rubrik Subscription:

For lower-tier Rubrik customers with a need to boost resilience, upgrading your subscription is the obvious option. While we can’t say exactly what the cost of upgrading your Rubrik subscription would be (your price will be specific to your organisation and dependent on several factors), a Foundation Edition customer should expect to pay something in ballpark of an additional 40-50% to switch to an Enterprise Edition licence.

In most cases, the cost to add the Predatar Recovery Assurance platform to you existing Rubrik backup will be significantly lower. What’s more, Predatar doesn’t have complicated subscription tiers. Your Predatar price is based on the size of your backup environment, and all of our features (even the really cool ones) are available to all of our Recovery Assurance customers.

If you’re a Rubrik customer, a Predatar subscription is a great way to add features like enterprise grade anomaly detection, and threat hunting (powered by Trend Micro Vision One) to your backup estate. Not to mention our totally unique automated recovery testing and deep malware interrogation. Let’s talk about that now…

2. Automated recovery testing and deep malware interrogation

Continuous, pre-emptive testing in a CleanRoom environment is what really sets Predatar apart. Predatar is all about proving that your data is recoverable, proving that it can be recovered quickly, and proving it’s free from malware. So, if the worst happens – like a natural disaster, cybercrime incident, or another type of IT outage – you know you’re recovery will be effective.

When it comes to Recovery Assurance, there is no other product on the market that does it as thoroughly, or as easily as Predatar does.

Predatar customers don’t wait for a cyberattack, or even for a threat alert to validate their data is recoverable and clean. They do it every day.

With out-of-the-box automations that can be set-up with a few clicks, Predatar can be up and running in under an hour. Once live, it’s always-on, continually recovering your backups into the CleanRoom, powering them on, and interrogating them for malware – 24 hours a day, 7 days a week.

The result?… Predatar has found malware in the backups or snapshots of more that 90% of its customers. The reality is, regardless of which backup product you use, you probably have malware hiding in backups. If you use immutable snapshots, you might have malware in those too. We’ll talk about multi-vendor and multi-workload support in just a minute.

What about Rubrik Cyber Recovery Simulation?

Rubrik customers looking to achieve a similar capability to Predatar’s automated Recovery Assurance can use Rubrik’s Cyber Recovery Simulation (Enterprise Edition licence required) as a starting point. While this does enable users to validate backups for recoverability, integrity, and cleanliness in an isolated sandbox, there is no out-of-the box automation. Users must manually select the workloads they want to test. Automation is only be possible with custom scripting using Powershell modules or third-party tools like Ansible or Terraform. You’re going to need specialist skills in-house to build and maintain these workflows.

So, what is Rubrik’s Clean Room Recovery in the Cloud?

It’s easy to see why there is a common misconception that Rubrik’s Clean Room Recovery, created in partnership with Google, provides the same capability as Predatar’s CleanRoom. But there is a very significant difference.

The Rubrik/Google CleanRoom is a reactive tool. In a cyber incident, every second counts. This Clean Room solution is designed to ensure that Rubrik customers can restore data into a safe, secure, location in the cloud immediately when an attack is detected – and quickly begin forensic analysis – using Google’s Mandiant threat intelligence tools.

Predatar flips this model. Your Predatar CleanRoom is always-on, continually validating the integrity, recoverability and cleanliness of your data. And if the worst does happen – you can switch your CleanRoom to ‘Response mode’ and use it for post-attack analysis too.

3. Vendor and Workload Support

Backup application support:

Rubrik’s threat detection and resiliency capabilities are designed exclusively for, and are built into the Rubrik platform. This is great from a simplicity point of view, particularly if your organisation is ‘all-in’ on Rubrik. For Rubrik customers that don’t have important data or critical IT systems backed-up using other backup platforms, Rubrik’s own resiliency features may be adequate.

For organisations with more than one backup solution in play, Predatar is a strong choice. Predatar is vendor-agnostic. It works with backup platforms including Veeam, IBM Storage Protect, IBM Defender Data Protect, Cohesity – and of course, Rubrik too.

Additionally, Both Predatar and Rubrik can also be used to boost data resilience on some primary storage platforms too. Both can be used with Pure Storage, while Predatar also supports IBM FlashSystems.

For organisations with complex storage environments, Predatar provides a standardised approach to recovery assurance and across different systems. There’s also the added benefit of a centralised user interface for management and reporting.

Workload Support:

Rubrik’s resiliency features focus primarily on virtualised workloads, however it does provide integrations for files servers, M365, and Oracle workloads too.

Predatar supports full validation of Windows and Linux VMs, physical servers, AIX workloads and SQL databases too. If your organisation has important data and systems running on these workloads, you should consider deploying Predatar to continuously validate they are clean and recoverable.

Final Thoughts

While Rubrik’s cyber resilience features are arguably the most innovative and robust of the big backup vendors, many of them are reserved for their top-tier customers only. Additionally, they can only be used for the workloads in your Rubrik cluster. You should consider adding Predatar if:

#1. You have business critical data backed-up on platforms other than Rubrik.

#2. You want the benefits of advance resiliency features, but you’re not a Rubrik Enterprise customer.

#3. You have a requirement to prove your ability to recovery quickly, cleanly, and completely.

#4. You simply want the piece of mind that comes from continuous, pre-emptive Recovery Assurance.

Want to dig deeper?

Take a look at our Rubrik & Predatar features comparison table and FAQs.

It’s easy to get started with Predatar

A Predatar Recovery Assurance Platform can be deployed and configured for your Rubrik environment in under an hour. Contact our team here, send us an email at hello@predatar.com or book a demo to start your journey to recovery confidence.

Keep us honest:
At Predatar, we make every effort to ensure our content is accurate. If you believe anything in this blog is misleading, incorrect, or out-of-date, please let us know.

Ransomware files were found hiding just out of sight in the backups of a European insurance company. They had been there, undetected, for almost 2 years.

On a quiet Friday afternoon in November, a small team from a major European insurance company were reviewing the results of a routine recovery test. They had recently introduced Predatar as part of a broader effort to strengthen their cyber resilience. Until then, they had relied heavily on their annual disaster recovery exercise as evidence that their environment could be recovered if needed. It was a long-established practice, familiar and predictable, but it had not kept pace with the reality of modern cyber threats.

Traditional disaster recovery procedures are built for outages and physical disruption. They focus on restoring services by failing over from one site to another. This approach works when the threat is external to the data. It does not work for ransomware. By the time an organisation triggers a failover from Site A to Site B, the ransomware has usually already replicated itself across both. Cyberattacks require a completely different mindset. Recovery must prove that the data itself is clean, safe and fit to return to production.

This was the reason the company had failed its recent cyber resilience audit. They had no reliable way to perform regular recovery testing. The engineering effort required to stand up clean environments, restore data, analyse behaviour and run malware scans was far beyond what their teams could sustain manually. In practical terms, they had no means of validating the integrity of their backups.

When they evaluated their options, Predatar stood out. It worked across all major backup and storage technologies, including the Veeam and IBM FlashSystem platforms already in place. It provided automated cleanroom validation at a scale that would have been unrealistic to achieve manually. Most importantly, it allowed the company to begin performing daily recovery tests, something that had previously been impossible.

They began with a small but critical subset of their systems, referred to internally as their Minimum Viable Company. These were the essential servers they would need to restore first in the event of a cyberattack in order to re-establish a basic, functioning version of the business. The early results were consistent, reliable and easy to interpret. They quickly took the decision to expand the testing to all backups and all servers.

Only a week after the full rollout, an automated recovery test inside the isolated CleanRoom surfaced something unexpected. Within a restored workload, Predatar identified encrypted files and a ransomware note. The files were not new, but they were remnants of a previous incident.

The company investigated and confirmed that they had suffered a ransomware attack two years earlier. A specialist incident response provider had managed the remediation at the time. However, this particular server had not been included in the cleanup. As a result, the encrypted files and the ransom note had remained unnoticed in production for almost two years.

The location of the server was also significant. It hosted the organisation’s SIEM and wider SecOps platform. Despite being a central point for security monitoring, neither the platform nor the additional security tools running on it had detected the remnants of the old attack.

The finding prompted a broader realisation. If this evidence of ransomware had remained hidden on a highly visible system, similar issues could easily exist elsewhere without detection. The value of continuous recovery testing became immediately clear. It provided visibility not only into whether data could be restored, but whether that data was genuinely safe.

Predatar’s ongoing analysis has shown that hidden malware is present in the backup data of the vast majority of organisations, with discoveries in more than ninety per cent of customer environments worldwide. This does not reflect a failure of security teams. It reflects the sophistication of attackers, the complexity of modern infrastructure and the limitations of relying on a single set of tools to identify every threat.

For the insurance company, continuous recovery testing is now a fundamental part of their cyber strategy. They have moved from annual exercises to daily assurance. They can verify the integrity of their backups with confidence. And they have a far clearer understanding of what it takes to recover safely in a world where cyberattacks often unfold long before they are detected.

Hunt down and eliminate recovery threats in your backups and snapshots.

To discover how you can start pre-emptive recovery testing in an easy to deploy Recovery Assurance CleanRoom, watch this short explainer video or contact the Predatar team.

Author: Alistair Mackenzie.

Within a year of the Berlin Wall coming down, two former East German soldiers set about building a new business. Fuelled by the optimism of the era and a passion for technology, ADICOM^© was born. 35 years later, it’s one of the most innovative storage and backup businesses in Germany, leading the way with ground-breaking recovery assurance services.

This week I took some time out to reconnect with two people that continue to drive the ADICOM_^© business forward every day. Chris Hogrefe [IT System Specialist] and Ralf Brummack [Chief Marketing Officer] told me the story behind ADICOM_^© and explained how they have embraced the bold optimism of the founders.

The Story Begins

Frank Lasinski and Peter Schulz met during their time in the military. They shared an interest in technology and studied computer science during this time. By the time Germany was reunified in 1990, the pair had become firm friends. Within a year of the Berlin Wall coming down, they had left the army to set up their own technology business in the south of Berlin.

In the early years, ADICOM_^© was a technology broker, specialising in reconditioning and selling the big IBM enterprise systems of the day – like Mainframe and AS/400.

More skills. More recognition. More customers

As the team grew, so did its expertise. The company’s ambitions grew too. By 1995, ADICOM_^© was recognised as a leading expert in IBM technology and became an authorised IBM Business Partner in Germany, authorized for AS/400, IBM Storage, IBM INTEL based servers and IBM Printing systems.

The team began reselling new IBM systems to medium and large enterprises in Berlin and beyond, expanding their capabilities to incorporate IBM AIX and Power systems.

Ralf Brummack explained: “Frank and Peter have always been quick to recognise new opportunities and move fast. They encourage us to do the same. We’re proud to be early adopters of innovative technologies that we know will make a difference to our customers.” 

When IBM moved into the backup software space with the acquisition of Tivoli, including TSM (Tivoli Storage Manager), ADICOM_^© was right there.

As well as reselling TSM (later renamed as IBM Storage Protect) ADICOM_^© launched managed backup and recovery services with TSM under the hood. Led by Chris Hogrefe, ADICOM_^©’s backup service offerings have proven to be popular with existing ADICOM_^© customers and have helped the business attract new clients too.

Evolution with Predatar

Backup sales and services were a great driver for growth at ADICOM_^© for more than a decade, but times have changed. “You can no longer grow a business selling backup products and services” Chris explains. “Today everyone has a backup solution in place, and for big businesses, moving to a different one is really hard and, in most cases, too expensive.”

Always looking for the next evolution, Chris was actively searching for ways to move ADICOM_^©’s backup services forward – to add more value for customers, and more differentiation in the marketplace. When he discovered Predatar at IBM Storage Expert event in Augsburg (Germany) in 2022 he knew it would be the beginning of something exciting.

Following an intensive hands-on technical bootcamp with the Predatar Team in UK, Chris and his team wasted no time in building the ADICOM_^© Data Resiliency Service (ADRS).

Data Resiliency with ADICOM^©

ADRS, powered by Predatar is available to businesses that use IBM Storage Protect or IBM Defender Data Protect backup software. Additionally, ADICOM_^© can also deliver this unique service for Veeam users too.

With ADRS, ADICOM_^© will take care of the day-to-day maintenance of your backup environment, ensure that all of your backup runs are successful, and fix any problems. But the real differentiation comes in ADICOM_^©’s ability to run continual recovery tests and malware interrogation. This capability is achieved with the Predatar Recovery Assurance platform and gives ADICOM_^© customers complete confidence in their ability to recover quickly, cleanly and completely in the event of a cyber incident.

What’s next for ADICOM^© ?

35 years on, the original founders of ADICOM_^©, Frank Lasinski and Peter Schulz remain active in their leadership of the business, and it’s clear from my conversations with Ralf and Chris that their bold approach to innovation, their passion for technology and their optimism for the future has become infused into culture at ADICOM_^©.

When I asked, “what’s next for ADICOM_^©?” the answer was simple. Chris explained “We’ll keep on innovating with a very clear focus. We want to be the best at what we do. We want to offer the very best storage and recovery solutions to tackle the challenges facing businesses in Germany today.”  

Boost your data resiliency with ADICOM^© 

If boosting resiliency in your business is a priority, you can find out more about ADICOM_^© at www.adicom.group or email the team at consulting@adicom-group.de 

Find an APEX partner near you.

The Predatar APEX program is a global network of service providers with elite data resiliency capabilities. Find an APEX partner in your region here.  

At Predatar, we’re getting into the spooky season by watching some of our favourite scary movies. Here are five lessons from the original 1996 Scream movie to help you avoid a digital bloodbath.

⚠️ Warning! This blog contains spoilers. But seriously, if you haven’t seen Scream, where have you been for the last 29 years?

Locking the door isn’t enough

Countless times in this classic slasher movie, a door is locked to keep the killer out – but moments later, he’s inside, knife in hand, ready to strike. If you’ve seen Scream, you’ll know how he does it, but that’s not really important here. The point is this:

If someone really wants to get inside, they will.

Cybercriminals are just as determined, creative, and motivated. You might think your IT perimeter is locked down with leading enterprise cybersecurity tools, but the evidence tells us these defences are far from infallible – especially when you consider that over half of ransomware attackers use compromised login credentials to gain access to critical systems.

Hackers don’t hack anymore. They log in.

Lesson #1: Prepare for the breach. You need to know exactly how you’ll respond when the bad guys get in – because we all know that running up the stairs in a panic never ends well.

Anyone can be next

Just as certain industry sectors are at high risk from ransomware attacks, the Ghostface slasher in Scream has a “type”. Most of his victims are teenage girls (and their boyfriends), but there are a few exceptions. Principal Himbry of Woodsboro High School, for example, meets a particularly messy end when he’s stabbed in his office and left hanging from the football goalposts.

Does his murder drive the plot? Not really. But it adds tension, and reminds us that the attacker is calling the shots. He’s unpredictable. Anyone could be next.

When it comes to ransomware, the same is true. While industries such as manufacturing, financial services, healthcare, and utilities are at highest risk, the reality is that any organisation can be hit.

Lesson #2: Don’t be complacent. Face up to the fact that your organisation could be a target.

Attackers do their homework

In the opening (and, in our opinion, the most intense) scene, the phone rings. The sinister voice on the other end walks Casey through a sequence of ‘games’, culminating in the gruesome deaths of her and her boyfriend, Steve. The double murder takes just minutes to play out – but it’s been planned impeccably.

The attacker knows everything about the victim and her home. He knows the floor plan. He knows where the exits and light switches are. He even knows how she’ll react to certain triggers.

Just eleven minutes after Casey first picks up the phone, her disembowelled body is hanging from a tree while her boyfriend sits duct-taped to a deckchair, his vital organs exposed. But here’s the thing, for that attack to run like clockwork, there had to be weeks of surveillance and planning.

That’s the modus operandi for ransomware attackers, too. They conduct detailed reconnaissance before executing a clinical and devastating attack.

In more than 90% of ransomware incidents, surveillance tools such as keyloggers and infostealers have been found inside victims’ systems. If you can catch attackers in this reconnaissance phase, you can stop an attack before it begins.

Lesson #3: Assume you’re already under surveillance. Look for the digital clues of hacker reconnaissance in your IT environment – every day.

The odds are against you

For the masked slasher, each murder is a game – but it’s a game he’s designed himself, so the odds are stacked in his favour. This is best illustrated when he tells Sidney,

“I ask a question… Get it wrong, you die. Get it right, you die.”

All too often, ransomware attacks are lose–lose situations too. Paying the ransom doesn’t guarantee anything. Of the organisations that pay, only 8% get all of their data back.

Worse still, double extortion is now commonplace. Even if you’re “lucky” enough to have your data decrypted after paying a ransom (which typically costs more than $1 million USD), the attackers may deliver a second ransom demand – threatening to publish your sensitive data on the dark web.

But – big spoiler alert –Sidney doesn’t die. She outsmarts the attackers. She refuses to play their game. And you can too.

The best way to survive a ransomware attack is to stop the game before it begins. Thanks to Predatar’s recovery-driven threat detection, you can detect and prevent attacks before they start.

Lesson #4: Think differently. Outsmart the attackers with new and innovative solutions.

Timing is everything

The attacks in Sidney’s and Casey’s homes take place when their parents are out — they’re home alone. Of course, this isn’t a coincidence; it’s an integral part of the killer’s plan.

Ghostface strikes at carefully chosen moments to maximise his chances of success and minimise the risk of intervention.

Cybercriminals do the same. It’s no coincidence that there’s a spike in reported cyberattacks during public holidays, when most organisations are shut down or operating with skeleton staff (Halloween pun not intended).

A rapid response to an active cyberattack dramatically reduces its impact. In a cyber crisis, every minute counts. But when your staff – including IT and security teams – are offline, those response times are significantly extended.

Lesson #5: Act now. The biggest holiday season of the year is just weeks away, but it’s not too late to stop an attack with pre-emptive, recovery-driven threat detection.

Join the next Predatar Webcast – and avoid a digital bloodbath

Join the next Predatar webcast to:

• Hear about a real world use-case where hacker’s surveillance tools were uncovered inside a customer’s storage environment thanks to pre-emptive data validation.
• Discover how automated recovery testing and malware interrogation in a CleanRoom can stop cyberattacks, before damage is done.
• Learn how you can deploy your own Recovery Assurance CleanRoom quickly and easily.

---

Learn More and Register Now

Why STORServer and Predatar Are Building the Future of Resilience Together.

All too often, companies stick to what’s easy. They take the path of least resistance. But the history of STORServer is different. For more than 30 years, the company has built its reputation on saying “yes” to the hard problems – tackling the complex, stubborn challenges that other vendors would rather avoid. Why? To make life simpler for their customers.

That ethos has shaped STORServer into what it is today: a trusted partner to organizations that depend on backup and recovery not just as a compliance checkbox, but as the lifeline of their business. And it’s why the company’s partnership with Predatar feels less like a transaction and more like a shared mission.

Built on a Big Idea: Simplifying Backup

When STORServer was founded in Colorado in the mid-1990s, backup was overwhelming for most IT teams in a small and mid-sized business. Dropping in massive, complex systems was a recipe for frustration.

STORServer’s solution was radical in its simplicity: deliver pre-configured appliances that worked out of the box, with built-in tools and responsive support. Customers could finally stop wrestling with backup and start trusting it.

That commitment to simplicity, backed by deep technical expertise, became STORServer’s DNA. It’s a mindset that Predatar shares, as both companies look to simplify one of today’s hardest challenges in IT: building cyber resilience.

Legacy Matters. But So Does Innovation

One of the most powerful examples of STORServer’s “yes” mindset is its ongoing support for legacy systems like VMS. While many backup vendors have walked away from supporting those environments, STORServer still invests in building and maintaining tools to protect them.

As Scott Jangro, STORServer’s Head of Operations, put it:

“Supporting those legacy systems is important for us. We’re still actively developing VMS backup clients so customers can work those systems into their overall strategy.”

At the same time, STORServer isn’t standing still. With Predatar, the company is now applying its proven appliance model to cyber resilience, creating clean room recovery appliances that make one of today’s most complex challenges—bouncing back after a cyberattack—far more manageable.

A Meeting of Minds: Fresh Perspectives and Deep Roots

STORServer’s story is not just about technology, but about people. After decades of leadership that began with six founders – three of whom continue to guide the company today – Jangro has stepped in to help to take the business into its next era. His background – spanning SaaS, startups, and product marketing – brings a fresh perspective that complements the deep experience of the long-standing team.

He sees his role as asking the hard questions, just as Predatar’s leaders once did when they challenged traditional views of backup.

“There’s only upside in bringing in a fresh pair of eyes,” Jangro said. “Asking questions, identifying things that maybe haven’t been thought of—that’s how we move forward.”

It’s this balance of deep heritage and fresh energy that makes the Predatar and STORServer partnership so powerful.

Saying Yes Together

At its heart, the partnership between Predatar and STORServer is about giving customers confidence in a world that’s only getting more complex. STORServer’s legacy is built on decades of saying yes to tough backup problems. Predatar exists to tackle the hard new problem of cyber resilience.

Together, they’re offering businesses something unique. STORServer’s new Cleanroom Appliance ships with Predatar’s unique Recovery Assurance capabilities baked-in.

If you’re looking to remove the complexity of cyber resilient backup and recovery in your organisation, ask the team at STORServer if they can help.

I think we all know the answer is yes!

---

Learn more:
Discover STORServer’s cyber-resilient backup appliances, powered by Predatar here or contact the STORServer team today!

Predatar is all about recovery readiness. Our unique Recovery Assurance Software and CleanRoom technology has been designed to validate the recoverability and cleanliness of your data before a crisis hits. But Predatar has an extra superpower. And it’s huge!

This week, Predatar uncovered a live and potentially very serious cyberattack in the early stages – inside a customer’s IT environment. By raising the alarm, the infrastructure and cyber security teams in the target organisation were able to take action – and stop the attack in its tracks.

The Target Organisation

The target of the cyberattack is a local government organisation in Austria. Predatar Recovery Assurance software and a Predatar CleanRoom were deployed around a year ago to continually validate immutable snapshots of their most important business systems – which are running on IBM FlashSystems. If these systems went offline, services that citizens rely on would be seriously disrupted, including public transport, law enforcement, emergency response and more.

What Happened?

During a routine scheduled scan, Predatar uncovered malware inside a snapshot that had not previously been detected anywhere else in the customer’s IT environment.

As usual, Predatar began to clean the malware from the snapshot and immediately raised an alert with both the infrastructure and cyber security teams with the customer organisation.

Further investigation quickly revealed that the malware posed a real and very imminent threat.

The Attack

Thanks to the built in Trend Micro cyber security tools, Predatar had found hacking tools on a virtual machine within a snapshot. The VM didn’t contain business-critical data and was considered by the customer to be a low-priority workload. As a result, it didn’t have the same security protocols as other more critical workloads, and patching best-practices hadn’t been maintained.

The malware that was uncovered included ‘tunnelling’ tools designed to help hackers achieve lateral movement within an IT environment. It quickly became evident to the team investigating the threat that hackers were actively using this unassuming Linux server as a ‘jump box’ to access more critical systems.

Thanks to Predatar, the customer was able to take the compromised system offline, execute forensic analysis of their networks to understand if the hackers had managed to gain access to other systems, and contain the threat.

Boom Avoided

The moment that attackers ‘activate’ a cyberattack is often referred to as ‘The Boom.’ That’s when data becomes encrypted, users are locked out, and systems go offline. But cyberattacks don’t happen instantly. Typically, attackers have access to IT systems for at least 14 days before they activate the attack. During this ‘Pre-Boom’ phase attackers deploy specialised tools to gain access to as many systems as possible, to elevate their privileges, and to lay the groundwork for maximum damage.

By identifying an attack in the ‘Pre-Boom’ phase, Predatar was able to avoid a ‘Boom’ event altogether.

The Predatar Superpower

First and foremost, Predatar is designed to give its users total confidence in their ability to execute a fast, clean and complete recovery. While threat detection is not the primary purpose of Predatar, it’s a extremely valuable superpower! 

Is a ‘Boom’ comming in your organisation?

Join our next webcast, ‘Stop the Boom… Before it Happens‘ to learn more about the timeline of cyberattacks, and how you can stop them before the critical ‘Boom’ moment.

Sign up now

There’s a scene in the movie Shrek, where he explains to Donkey that ogres are like onions, “they have layers” Shrek says. But Donkey doesn’t get it.

He complains that onions smell, they make you cry, and if you leave them out in the sun, “they turn brown and sprout little white hairs.” 

It’s a funny moment, but it’s also a reminder that layers matter. Neglect them, and they go bad. When it comes to cyber resilience, the same is true. 

Cyber Security vs Cyber Resilience

Most businesses and most cybersecurity professionals already understand that Cyber Security needs layers. Nobody relies on just one product to keep attackers out. They invest in firewalls, XDR tools, SIEM platforms, SOAR automation, and more. It’s a defence-in-depth strategy designed to stop even the most persistent and aggressive intrusions. 

But when the conversation shifts to Cyber Resilience, (the ability to recover when an attack does get through) that layered thinking often disappears. Responsibility usually falls to infrastructure or IT operations teams, and here the market is flooded with vendors promising “one solution to fix all your resilience problems.” 

Sadly, much like Shrek, it’s total fantasy. Just as security needs multiple layers to stop people getting in, resilience needs multiple layers to get you back up and running when things go wrong. Recovering from ransomware isn’t the same as recovering from mass deletion, and neither is it the same as protecting against data theft. Each scenario requires different technologies, different approaches, and different ways of proving you can bounce back. 

Resilience is not a single product. It’s an onion. 

Why Layers Matter

Attackers don’t follow a script. They exploit whatever door is left open: 

• Poorly patched systems 

• Compromised credentials 

• Misconfigured remote desktop (RDP) 

• Day-zero vulnerabilities 

• Human error 

And once inside, their goals differ: 

• Data theft (exfiltration): quietly stealing information. 

• Data destruction: wiping files to cripple operations. 

• Encryption and ransom: locking systems down for profit. 

Each of these requires a different kind of detection and a different kind of recovery. That’s why resilience must be layered with overlapping defences that detect, contain, and restore, no matter what form the attack takes. 

IBM Storage Defender: Layers That Flex With You 

This is where IBM Storage Defender stands apart. Rather than selling the fairy tale of one-size-fits-all, IBM builds resilience in modular, flexible layers that can adapt as your risks and priorities change. 

Here’s how those layers work together: 

• File-level anomaly sensors flag unusual behaviour before it spreads. 

• Real-time ransomware detection built into IBM FlashSystem stops encryption attempts mid-attack. 

• Safeguarded immutable copies create untouchable restore points, immune to deletion or corruption. 

• Air-gapped backups provide an offline safety net. 

• Automated recovery workflows slash downtime from days to hours. 

• Centralized dashboards and analytics help teams detect trends and spot vulnerabilities before attackers do. 

And because every business is different, IBM’s Resource Units licensing model makes it easy to pick the layers you need today and shift them as your environment evolves. It’s flexibility by design not a locked-in bundle. 

Predatar: Proving Recoverability

Of course, it’s not enough to have defences; you also need to prove recovery. That’s where Predatar adds another vital layer. 

Predatar goes beyond backup. It proactively hunts for malware hidden in recovery environments to find the kind of threats that may have slipped past your XDR tools. In fact, Predatar has found malware in 86% of customer environments. That’s proof that threats often linger undetected until they’re ready to strike. 

By validating backups, scanning for ransomware, and demonstrating recoverability, Predatar ensures that when you hit restore, you’re restoring safely – and not bringing back the problem that took you down. 

The Onion Lesson

Donkey was right: onions left unattended go bad. The same is true of cyber defences. Leave them neglected, untested, or oversimplified, and you’re handing attackers an opportunity. 

Build layers, and resilience becomes something attackers can’t easily peel away. IBM is one of the few vendors honest enough to say that resilience takes multiple layers, and with Storage Defender plus partners like Predatar, businesses can finally build security that doesn’t just defend, but recovers too. 

So yes, onions may make you cry. But with a multi-layered approach to resilience, it’s the attackers who will be in tears. 

---

Discover Predatar for IBM Storage in 90 Seconds.

It’s never been easier to add a Recovery Assurance CleanRoom to your existing IBM storage environment. Discover how Predatar works in this short video. To find out more, contact your IBM Storage Rep, your IBM Reseller, or contact us directly.

Practical steps you can start using today to build recovery confidence and get compliant.

In a recent blog, we looked at how regulations like NIS2, DORA and FISMA are changing the game for backup and recovery.

You can read it here:
Regulations Crash the Party

The response to the article has been huge. We’ve been receiving a lot of questions asking for more detail. Unsurprisingly, regulatory compliance seems to be high on the list of priorities when it comes to the challenges our readers are facing right now. 

At Predatar, we like to give the people what they want. So, in this blog we’re digging deeper into the topic. We’re moving from the ‘why’ to the ‘how,’ to give you practical advice that will help you prove you can recover effectively – giving you recovery confidence and helping you achieve compliance.

Here’s a practical playbook based on 7 steps you can start using right away. 

#1. Know your obligations 

Begin by understanding exactly which regulations apply to you. This might be direct (because you operate in a regulated sector) or indirect (because you are part of the supply chain for a regulated customer). Write the requirements down, highlight the parts that relate specifically to recovery, and make sure your leadership team and IT teams are looking at the same information. 

#2. Define what “acceptable” downtime looks like 

Your Recovery Time Objective (RTO) should never be a guess. It should reflect the real cost of downtime in your business. Calculate what an outage of critical IT systems will cost your business per hour and multiply this by how many hours a full recovery will take. Is the total acceptable? Can your business tolerate the impact? If not, you’ve got important work to do.

To give some context, The True Cost of Downtime in 2025 Report by Erwood Group has found that for 90% of medium-sized enterprises, the cost of IT downtime is greater than $300,000 (USD) per hour.

#3. Test your backups every single day 

It’s not enough to run a quick restore in a safe lab environment once a year or carry out the occasional data centre failover test. The threats you’re facing today don’t wait for annual tests. Modern ransomware and the reconnaissance tools attackers are using are designed to evade primary security tools without detection. By the time an attack is launched, the malware has probably burrowed deep inside your backups. 

We know this because Predatar has found hidden malware in the backups of 86% of our customers. If you’re only testing infrequently, you’re giving the attackers a head start. Testing daily means you can catch and remove malicious code before it has a chance to cause real damage, and you can be confident that your recovery point is both safe and ready to go when you need it. 

#4. Check the health of your backups 

Before you recover anything, be certain it’s clean. This means scanning for dormant malware and confirming the integrity of the data before it re-enters your production environment. 

#5. Automate the evidence 

Most regulations don’t just want you to be compliant, they want you to prove it. Automate the collection of logs, test results and recovery reports so that when the auditors ask for proof, you can provide it immediately. 

#6. Close the gaps quickly 

If a test shows you are not meeting your RTO, or if your backups fail a malware scan, treat it as an opportunity to improve. It is far better to find and fix weaknesses during a test, rather than in a real crisis. 

#7. Make it part of your routine 

Recovery testing should be part of your regular operational rhythm. Daily testing ensures your team is always ready, and your documentation is always accurate and up to date. Thanks to automation and AI, daily recovery testing and reporting is now easy to achieve.

Why this matters now 

Whether it’s NIS2 in Europe, DORA in financial services, or FISMA in the US, the message is the same. You must be able to recover quickly, cleanly, and with proof. 

Following this playbook is not just about passing compliance checks. It is about building true resilience. It’s the confidence that when the worst happens, you can get back to business without the drama. 

What next?

The Predatar Recovery Assurance platform can do a lot of the heavy lifting. From fully automated recovery testing and malware scanning to automated evidence reporting, Predatar makes it simple to be ready and to prove it.

Watch this short explainer video [90 seconds] to learn more, or visit predatar.com to book a demo.