Author: Ben Hodge

Earlier this year, Predatar launched CleanRoom 3. Our third-generation Cyber Recovery CleanRoom has been redesigned from the ground up – to make our unique Recovery Assurance technology accessible to more organisations than ever before.

In our recent webcast, ‘Recovery Assurance for All‘, Ian Richardson (Predatar CTO) and Rick Norgate (Predatar Managing Director) explain how we’ve broken down some of the biggest barriers to the adoption of this important technology. If you missed it, don’t worry – we’ve pulled out some of the key questions and answers from the session in this blog

Watch the webcast in full on YouTube
[25 mins]

What is a CleanRoom? And what does it do?

Ben: We’ve been using the term ‘CleanRoom’ at Predatar for a few years now, and recently we’ve been hearing it used more and more by cybersecurity experts, major tech vendors, and in the industry press. Rick, what is a CleanRoom? And what does it do?

Rick: That’s a great question. When we talk about CleanRooms, we’re specifically referring to Cyber Recovery CleanRooms. You might also hear them referred to in the industry as Isolated Recovery Environments. Essentially, it’s an isolated environment that you can use to perform recovery testing and malware scanning.

There is often some confusion around the term ‘CleanRoom’. When you look at how some technology vendors are using it in the market, and you dig into what they mean by ‘CleanRoom’, they’re generally referring to a tool that’s used post-attack to conduct forensic analysis. Imagine an organisation gets attacked – they’ll need to recover workloads somewhere to check they are clean and haven’t been compromised before they begin restoration.

At Predatar, when we talk about a CleanRoom, we’re actually referring to a proactive tool. The overarching concept is the same, but a Predatar CleanRoom is used to test your backups for recoverability, and then scan them for malware on a proactive basis – that’s the key difference when we talk about CleanRooms in the context of Predatar.

What is the role of a CleanRoom within a Recovery Assurance solution?

Ben: We talk about Predatar as a Recovery Assurance platform. So, Ian, can you explain what the role of a CleanRoom is within that overall solution?

Ian: Predatar is built on two core components. The first is CRO (Cyber Recovery Orchestration) software. This is the AI and automation engine at the heart of the solution. It pulls metadata from your backup applications into the platform. When users access their CRO interface via a browser, they can manage how they want their recoveries to work. They can trigger them manually, or set up rules for automation – which is where the real power of Predatar lies.

Users can choose whether they want to trigger workflows based on a signal of activity (like some sort of anomaly), on a predefined schedule, or both. The goal is to prove recoverability every single day, not just when a disaster strikes.

The second component is the CleanRoom. The CleanRoom is essentially a secure, isolated recovery environment where you can test and validate your recoveries without risk to your production environment. This is where users recover their workloads to. Following a successful recovery, Predatar runs a full malware scan – all without the risk of reintroducing potentially compromised data back into your live systems. This is how Predatar can give organisations confidence that if they ever need to recover for real, their data is clean, usable and safe.

---

---

So, to recap: the CRO automates and proves recoverability, then the CleanRoom provides a safe space to validate that recovery before putting anything back into production. Together, they close the loop on Recovery Assurance.

Can you give a real-world example of a Recovery Assurance use case?

Ben: Now, we’ve talked about the concept of Recovery Assurance. Rick, can you give us an example of a real-world use case?

Rick: Sure, I can do that. There’s a highly relevant and high-profile example in the UK at the moment. Marks & Spencer (M&S) is one of the biggest retailers in the UK. It’s been around for as long as I can remember – on every high street, in every town – in petrol stations, in airports – everywhere.

M&S was attacked last month by a group called Scattered Spider. The attack took place over the Easter break. We’re seeing more and more cyberattacks occurring during holiday periods, when IT and security staff are more likely to be out of the office, impacting the speed at which they can respond to and contain an attack.

So, back to M&S. They’ve already paid out to the ransomware group via their insurance company but have been unable to recover fully. They’re currently losing around £43 million per week.

Now, what’s really interesting about this attack – and this is fairly common – is that the ransomware gang originally gained access to M&S’s systems via social engineering. Once they had compromised employee accounts and gained access to the network, they didn’t immediately install ransomware. They spent time observing, learning, and escalating their access. Then, once they had reached all the systems they wanted to, they deployed ransomware to create maximum disruption.

So, how can Predatar help? First off, when this ransomware gang first accessed the Marks & Spencer environment, they likely installed reconnaissance tools like keyloggers and spyware to learn as much about the environment as possible. Often, these tools can be used discreetly, without triggering perimeter alarms or anomaly detection – which are usually designed to spot encryption and exfiltration events.

This is where Predatar can help. By running proactive recovery testing and carrying out full malware scans on workloads, Predatar has a high chance of picking up the criminals’ surveillance tools.

Predatar has found malware in 80% of our customers’ backup environments that they didn’t previously know was there – and much of that is made up of tools like key loggers and spyware.

---

---

Secondly, Predatar can also help once a malicious encryption event begins. Predatar has anomaly detection built in, which will trigger when workloads start to become encrypted. This acts as an early warning system to raise the alarm during an active attack.

How is Predatar different from other cyber resilience solutions?

Ben: That’s a great example, Rick. But there are lots of technologies on the market offering cyber resilience right now. Ian, perhaps you can tell us what makes Predatar different?

Ian: That’s a great question, and it’s one we hear a lot. There are plenty of technologies out there that claim to offer cyber resilience, but there are a few key ways in which Predatar really stands out.

First and foremost, Predatar is unified. A lot of the options on the market today come directly from backup and storage vendors. The big catch here is that they’re built to work only within their own technology ecosystem and stack. So, if you don’t want to be locked into a specific vendor, or you’re running a mix of technologies, Predatar is a great choice.

Predatar is agnostic to the technology stack. So, whether you’re using IBM, Rubrik, Cohesity – we can integrate with and orchestrate recoveries across all of them. And it’s not just about the products – we support multiple workloads on those platforms too: physical, virtual, snapshots from a storage subsystem – you name it. Instead of siloed tools for each backup platform or application, Predatar gives you one solution that works across many. It’s centralised, consistent, and scalable.

The second big difference is around speed and simplicity. When it comes to setting up things like CleanRooms, many of the products on the market today are more like DIY kits. They come with a reference architecture, some automation scripts, and then it’s up to you to pull it all together using your own resources. That might be fine for a huge enterprise with dedicated teams, but for most organisations, it’s a slow, complex, and costly project.

Predatar takes a completely different approach. We’ve productised the solution. We can deploy a fully functional CleanRoom environment – integrated with orchestration, automation, validation, and reporting – in just a matter of hours, not weeks. No complex integrations, no need to hire teams to build it out – just straightforward deployment and value from day one.

So, in summary, it’s one platform that brings together multiple backup products, supports a wide range of workloads, and makes recovery validation fast, simple, and accessible to any organisation.

Ben: Rick before we move on have you got anything you’d like to add with regard to what’s different about Predatar?

Rick: I think Ian’s covered that really well – as he always does. But there’s one thing worth adding. It’s important to say that Predatar is a proven technology. We’ve been doing recovery testing for the best part of 12 years, and we brought our first CleanRoom to market almost five years ago. Today, Predatar CleanRooms are in use all around the world. We’ve got customers in pretty much every geography using Predatar every day. We’ve got numerous customer case studies, and as I mentioned earlier, 80% of our customers have found malware in their environments that their primary XDR tools didn’t detect.

This proves that even if you have the very best XDR tools at the front end, malware can still get through. The more layers of defence you have, the better.

What was the big idea behind CleanRoom 3?

Ben: Okay, I think we’ve now got a good overview of Recovery Assurance, CleanRooms, and Predatar. So, let’s focus more specifically on CleanRoom 3. Rick, can you explain where the idea came from – and what was wrong with CleanRoom 2?

Rick: The first thing to say, Ben, is that there was nothing wrong with CleanRoom 2. And in some instances, CleanRoom 2 will still be the best option. The inspiration for CleanRoom 3 came from our customers and some of the channel partners we work with.

The concept of CleanRooms is resonating across the market, but we were getting feedback that the complexity of scoping and deploying the solution was causing friction. Customers didn’t want to buy lots of third-party products to make it work. With CleanRoom 2, for example, you needed Windows licences, SQL licences, VMware licences, and your own XDR licences too. That just adds complexity, increases cost, and slows down implementation.

With CleanRoom 3, the two guiding principles were:
[1] we wanted to make CleanRooms as easy and quick to deploy as possible, and
[2] we wanted to remove any dependency on third-party licences.

How did Predatar make the CleanRoom 3 concept a reality?

Ben: So, as Predatar’s CTO, Ian, I guess it fell to you and your team to put the concept into action and make Predatar’s third-generation CleanRoom a reality. Can you talk us through how you achieved it?

Ian: Yes, I’m excited to walk you through what’s new, because this is where we’ve really made big strides – not just from a technical perspective, but also in terms of making CleanRooms much more accessible and scalable for our customers. Let me break it down into a few key areas.

Firstly, we’ve removed the dependency on third-party software and licensing. In earlier iterations of our CleanRoom, there were certain third-party tools and licences – especially VMware – that we had to rely on. That added complexity, cost, and friction for our customers.

With CleanRoom 3, we’ve designed the entire environment to be natively driven by the Predatar portal. That means no additional licensing requirements and no extra software stacks that customers need to purchase, maintain, or configure. Everything is powered and controlled natively through Predatar. So, we’ve massively simplified the stack, making it cleaner and quicker to deploy, while also removing those hidden blockers around licence management and support overheads.

Secondly, we no longer require new hardware or cloud infrastructure. This is one of the most powerful changes in CleanRoom 3. It eliminates the need for customers to stand up new infrastructure – whether that’s physical servers or spinning up a collection of virtual machines. Instead, CleanRoom 3 lets you deploy into your existing environment exactly how you want – whether that be on bare metal or virtualised through VMware or Hyper-V.

For customers, this means no new hardware requirements, no additional software contracts, and no need to carve out or maintain separate infrastructure. You just deploy it however you need for your environment – and then we bring the CleanRoom to life on top of it: completely isolated, fully secure, and built for Recovery Assurance.

Thirdly, the deployment is now faster than ever – and this is an area where we’ve really pushed ourselves, because we knew that one of the biggest barriers to cyber recovery solutions was time to value. With CleanRoom 3, we’ve built a fully automated deployment process. What used to take weeks – from provisioning to configuration and validation – now takes just a few hours.

This is thanks to a new wizard within the Predatar portal, which generates an ISO image specifically for your environment – complete with all the networking and configuration embedded within it. This allows customers to run their unique ISO image on any system they choose, whether it’s a virtual machine or a bare-metal server.

The process is as simple as connecting the system to the ISO image, booting from it, and sitting back while everything is configured for you. We’ve essentially removed the DIY complexity and replaced it with a push-button deployment experience.

Now, CleanRoom projects don’t take weeks. A customer can stand one up in the morning, run test jobs that afternoon, and start building true recovery confidence immediately.

To sum it up: CleanRoom 3 is all about removing friction.

Key takeaways

CleanRoom 3 is another big stride forward for Predatar and for Recovery Assurance technology as a whole. Here’s three key takeaways from the webcast:

#1.
If you’re not using any sort of proactive Recovery Assurance today there’s a high chance that there’s malware in your backups already …just like 80% of Predatar customers before they deployed our solution.

#2
Predatar is the only vendor agnostic pre-emptive Recovery Assurance platform available

#3
CleanRoom 3 has made Recovery Assurance more attainable for lots of organisations. It’s more cost- effective, more flexible, and easier to deploy.

If you want to know more about how Predatar’s Recovery Assurance platform can benefit your organisation, visit www.predatar.com

Article Author: Rick Norgate.

I’ve been mildly obsessed with Geoff Manaugh’s book, A Burglar’s Guide to the City for a while. It’s one of those rare reads that permanently shifts your perspective. This book is not about cyber crime, it’s not even really about traditional crime. It’s about how we understand and navigate the systems we inhabit every day. And it’s a book, I think every CISO should read.

At its core the book argues that burglars are the ultimate super-users of urban environments. They don’t merely move through cities, they manipulate them. Walls become doors, rooftops turn into pathways and manholes become secret entrances. The criminals Manaugh describes don’t smash through front doors with guns – they meticulously uncover hidden routes that others miss.

One of the most compelling stories in the book focusses on the infamous Hole in the Ground Gang. In the mid-1980s, employees at a First Interstate Bank in Hollywood began hearing unsettling noises including what sounded like metallic scraping and muffled drilling from beneath the vault floor. The power flickered unexpectedly, telephones disconnected randomly, and at one point the alarm system spontaneously kicked in late at night, terrifying a lone bank manager. Authorities, when notified, investigated and dismissed it as rats.

But rats don’t drive Suzuki 4×4’s through sewer tunnels beneath the streets of West Hollywood.

The Hole in the Ground Gang were no ordinary thieves. They understood LA at an almost geological level. They had intricate knowledge of the city’s hidden infrastructure including storm drains, underground rivers, sewer lines, and forgotten passageways. They accessed maps that showed subterranean routes leading directly under the bank vault. Slowly, quietly, and meticulously, they excavated their tunnels, exploiting unseen pathways until they reached their target, slipping away with over $2.5 million worth of cash and valuables, undetected.

They weren’t caught, and now the statute of limitations has expired. Reflecting on their audacity decades later, even the lead investigator confessed to Manaugh he’d love to meet them over a beer, purely to learn exactly how they’d done it.

The gang’s secret? Deep knowledge. They treated the urban landscape not as obstacles but as opportunities, uncovering vulnerabilities everyone else overlooked.

That’s exactly how today’s most sophisticated cybercriminals operate.

Digital attackers don’t typically hammer against your firewall, they quietly navigate forgotten tunnels in your IT landscape. They leverage misconfigured backup systems, exploit outdated login credentials and silently traverse hidden, neglected digital infrastructure. Their advantage lies in their superior understanding of systems sometimes better than the businesses that own them.

To fight back effectively, defenders need similar insight. This is exactly why we developed Predatar’s Recovery Risk Report. Much like uncovering the Hole in the Ground Gang’s subterranean maps, the Recovery Risk Report exposes hidden risks in your backup and recovery estate. It helps you visualise the hidden pathways and blind spots cybercriminals are likely to exploit.

By illuminating these overlooked entry points such as forgotten servers, unpatched backup servers, and vulnerable data copies, it empowers your team to proactively seal them off, dramatically reducing your cyber risk exposure. It also identifies opportunities to strengthen your recovery processes, giving you clarity and control over the infrastructure you depend on most during a recovery.

Think of the Recovery Risk Report as your digital equivalent of those storm-drain maps, empowering you to spot vulnerabilities before attackers do. Because when it comes to protecting your business, understanding the hidden logic of your backup estate isn’t just helpful, it’s essential.

Apply for a free Recovery Risk Report.

Every month we’re giving one Predatar News subscriber a Free Recovery Risk Report (worth $999). Learn more and apply here. If you’re not already on the Predatar mailing lists, you can join the sign up now to stay up-to-date with the latest product news, industry insights… and now, it seems, book reviews too.

Exciting news! Predatar & Trend Micro have announced a renewed partnership which will see Trend Micro Vision One^TM, the compressive threat defence and detection platform incorporated into Predatar’s latest Cyber Recovery CleanRoom^TM. The new agreement eliminates previous deployment complexities by enabling Predatar to embed the industry-leading Vision One platform directly into their CleanRoom SaaS solution.

The powerful combination of Predatar and Trend Micro gives users recovery confidence by allowing them to proactively validate their ability to recover quickly and safely from backups and snapshots before a crisis hits.

Since launching the original CleanRoom nearly five years ago, Predatar has relied on Trend Micro’s robust Extended Detection & Response (XDR) capabilities to deliver threat detection, analysis and response. However, requiring customers to procure Trend Micro licences separately introduced friction in the buying and onboarding processes.

Predatar’s third-generation CleanRoom changes that. As part of its complete redesign, Predatar’s R&D team explored a range of alternative XDR tools — including other market leading products and open-source options. After extensive testing, Trend Micro remained the clear choice, consistently outperforming competitors across key criteria including detection speed, integration simplicity and overall resilience.

Ian Richardson, CTO at Predatar explains, “The quality of the XDR technology at the heart of Predatar is non-negotiable, but achieving a frictionless experience for our customers is key to the success of CleanRoom 3.”

Through collaboration with the licensing team at Trend Micro, the two companies have reached an agreement that overcomes the procurement challenges created by the unique way Predatar leverages Trend Micro technology.

Predatar’s CleanRoom 3 is now available – shipping with Trend Micro Vision One™, incorporating Trend Micro’s most powerful XDR engine yet. And what’s more, the required licensing is baked in too.

The new agreement has significantly streamlined the procurement and deployment of Predatar’s market-leading Recovery Assurance technology.

Jonathan Lee, Cybersecurity Director at Trend Micro commented: “Predatar’s technology brings a differentiated approach to cyber recovery, and the integration of our platform further enhances its capabilities. This collaboration reflects the strength of our partnership and our shared commitment to overcoming challenges and delivering continuous innovation.”

Learn more about pre-emptive Recovery Assurance

More than 80% of Predatar customers have found malware in their backups that they didn’t previously know was there. Infected backups and unrecoverable files have the potential to seriously impact incident response and could even make a full recovery following a cyber-attack impossible.

Don’t wait for a crisis to find out if you can recover. Find out more about pre-emptive Recovery Assurance with Predatar and Trend Micro at www.predatar.com

A blog from our Managing Director, Rick Norgate

For our global readers, let me set the scene. Marks & Spencer, or M&S, is more than just a retailer in the UK. It’s a national institution. Think tea, crumpets and politely saying sorry when someone bumps into you. It’s part of our cultural fabric.

So when M&S was hit by a major cyber attack over the Easter break, it didn’t just rattle the markets. It rattled the nation. As someone who spends every day thinking about how to make businesses more resilient to exactly this kind of event, I wanted to share some thoughts on what happened, why it happened, and what it tells us about where our defences are falling short.

The timeline

The attack landed over Easter, a public holiday weekend when IT and security teams were stretched thin. Scattered Spider, one of the more notorious ransomware gangs has claimed responsibility.

The attack wiped nearly £1 billion off M&S’s market value, and with some services (including online ordering) still not up and running, the company is reportedly losing around £43 million per week. Despite already paying out a reported £100 million to the attackers via cyber insurance, the company is predicting disruption will continue into July.

How they got in

It’s believed Scattered Spider started with social engineering. Phishing, impersonation, basically exploiting the human layer, which is still the weakest link. This is not unusual. In almost 9 out of 10 successful attacks, the entry point is a person.

Once in, they moved to install ransomware and access Active Directory, locking out admins and, it’s believed, tampering with backups. That’s a logical move. Backups are the safety net. If attackers can take that away, victims are left extremely vulnerable.

But the ransomware wasn’t the start

Most people think ransomware is step one. It’s not. According to Trend Micro over 90% of attacks start with reconnaissance tools such as keystroke loggers, spyware, credential harvesters. These tools are designed to silently gather intelligence about your estate. They can slip past XDR solutions and allow attackers to learn how to go deeper.

And they don’t hang around. The average time from initial breach to the encryption event is now just 14 days. In 2023, it was 100. That acceleration is no accident. Better security tools mean longer dwell times are risky for attackers. So they move quickly, hit hard, and aim to encrypt when your team is least available.

Enter DragonForce

Scattered Spider didn’t build their own ransomware. They used a service from DragonForce who are a dark web group offering ransomware-as-a-service. Think SaaS, but for criminals. DragonForce operates like a business, complete with account managers and affiliate programmes.

Their most popular kit is based on something called LockBit 3.0 which is a leaked builder tool that lets criminals easily customise powerful ransomware that is tailored for each target. It’s modular, it’s configurable and it’s dangerous.

So what if it hits you?

Let’s say LockBit 3.0 is unleashed in your environment. The great news is that fantastic tools exist to help. For example HPE Zerto has real-time encryption detection. IBM has lightening fast encryption awareness built into its FlashSystem storage boxes, while they also offer software based Sensors for virtual workloads.

These are great tools as they close the barn door fast once an encryption event starts. But not before a few horses have already bolted. That’s the nature of reactive defences. They reduce loss, not eliminate it.

So, why not stop it earlier?

Why not test everything, every day?

It sounds obvious, but we all know the reality. Deep scanning production environments for malware every day isn’t feasible. The performance impact on your production systems, the cost, the resources needed, and the disruption. It’s just not practical.

For this reason most XDR tools are configured to scan only new or modified files. That leaves plenty of room for reconnaissance tools to sit quietly, harvesting data while staying under the radar.

What if there was another way?

There is another way. And it doesn’t interfere with your production systems at all.

Your backups. That’s where the value lies. They are a goldmine of information that often sits idle, stored on expensive hardware, doing very little.

With Predatar and Trend Micro you can automate recovery tests of your backup servers in an isolated CleanRoom^TM every single day. Then you can use market leading XDR tools to scan them for malware with no negative impact on production performance. It’s fast, automated and powered by threat intelligence that’s updated multiple times daily.

We’re talking 500,000 new signatures a day, supported by over 450 threat researchers and 1,500 security engineers.

Why does this matter to CISOs?

Because recovery testing has always been a tick-box exercise. What we’re doing is turning it into a proactive security control. We’re detecting threats at stage one. That gives your team the time and space to respond before the damage is done.

And for those still sceptical?

We’ve found malware in 82% of the client estates we monitor. This is malware that their production XDR tools missed. Every one of those clients uses Gartner Magic Quadrant vendors for their production XDR.

And of that 82%, over half were stage one threats. Keyloggers. Spyware. Trojan horses. The kind of tools that groups like Scattered Spider may well have used to start the M&S attack.

Final thoughts

The M&S attack is a case study in how fast, sophisticated and strategic today’s ransomware operations have become. If your cyber resilience strategy only kicks in after encryption has started, it’s already too late.

Your backup is a valuable untapped asset, your second chance to catch what production missed. Learn more about Predatar Recovery Asurance.

Rick Norgate, Managing Director, Predatar

Cybercriminals can take your business down at any time. You need to know that if your organisation is hit by a serious attack, you can restore your critical systems and data – quickly and safely.

At Predatar, it’s our mission to give our customers total recovery confidence. The release of CleanRoom 3, our third-generation Cyber Recovery CleanRoom has made pre-emptive, AI-powered Recovery Assurance technology attainable for more organisations than ever before.

We’ve put all of our learnings from almost 5 years of ground-breaking CleanRoom innovation into CleanRoom 3. It’s a ‘ground up’ design, with one objective in mind… to lower the barriers to adoption for what is quickly becoming an essential technology for operational resilience.

You can learn how we’ve made CleanRoom 3 more flexible, so you can deploy it in more ways on more types of environment than ever before in this blog, or discover how we’ve made it possible to get your CleanRoom up-and-running in under an hour in this blog.

But, not only is CleanRoom 3 faster to deploy and more flexible – read on to find out how we’ve made it a more cost-effective solution than previous iterations… and made it easier to buy too.

Deploy CleanRoom 3 on your existing infrastructure

Predatar, is a subscription-based Recovery Assurance platform. Pricing is based on usage. i.e how much data a customer chooses to validate using Predatar. Some customers use it to continually test all of their backups and snapshots, while others use Predatar only for their business-critical data.

The pricing model is flexible and fair. It has rarely been considered as a barrier to adoption for prospective users. It’s a different story however, when it comes to the infrastructure required to perform the Recovery Assurance processes – until now.

Previous Predatar CleanRooms have required relatively high-spec servers with specific technical attributes. New customers would need to procure expensive hardware or spin-up expensive new Cloud infrastructure before they could set up their CleanRoom. This added a significant cost to the overall solution.

CleanRoom 3 has been designed to run on widely available ‘commodity’ hardware. Not only is this more cost effective to buy, but in many cases, customers already own this readily available and can deploy their CleanRoom on existing infrastructure.

Say good bye third-party licences

Unlike our previous CleanRoom iterations, CleanRoom 3 is a self-contained virtual appliance.
Delivered as an ISO, the new architecture removes the dependency on VMware, meaning Predatar customers are no longer required to purchase VMware licenses.

We’ve also worked closely with our Cyber Security partners to remove the requirement for Predatar customers to purchase third-party licensing for the XDR (Extended Endpoint Detection & Response) capabilities that are built in to Predatar.

For Predatar customers using Cleanroom 3, XDR licensing is baked into their Predatar subscription at no additional cost.

Easy to deploy. Easy to buy.

The combination of hardware flexibility and no third-party licensing makes Predatar significantly more cost-effective than ever before. Speed and simplicity of deployment means new customers can save on upfront deployment costs too.

And not only is Predatar now significantly more cost effective. It’s much easier to buy too. Where once, Predatar customers would need to procure Infrastructure, VMware and XDR licences from different vendors in addition to their Predatar subscription, now a single Predatar subscription is all that is needed.

Get Recovery Confident

To learn more about how CleanRoom 3 is making Recovery Confidence achievable for organisations like yours, join our next webcast.

Sign up today!

With your backups under attack from cybercriminals, you need to know that your data is clean and recoverable before a crisis hits. But the complexity and disjointed nature of modern storage environments can make meaningful data validation almost impossible.

Predatar has been pioneering cyber recovery cleanroom technology for almost five years, and with the release of CleanRoom 3, we’ve changed the game again. Our third-generation CleanRoom has been redesigned from the ground up for simplicity and flexibility.

Because, if you’ve got a complex and disjointed storage environment, the last thing you need is complex and disjointed data resiliency solutions.

Unified Recovery Assurance

Large organisations often have multiple storage and backup technologies in play. It’s not unusual for a large business to store data in the Cloud and on-premise. As well as backups, they might also use immutable snapshots for their most critical data. It’s likely they’ll leverage technologies from Mainframe to VMs and newer technologies like Kubernetes too.   

Holistic resilience is a fundamental principle at Predatar. It’s our ambition to create technology that can validate the cleanliness and recoverability of your critical data, regardless of what it is and how it’s stored.

Predatar already supports proactive recovery testing and advanced malware interrogation across backup and primary storage products – from vendors including IBM, Veeam, Pure, Cohesity and Rubrik – and now with CleanRoom 3, we‘ve made it even more flexible.

Flexible deployment

Until now, a Predatar CleanRoom could only be deployed as a Virtual Machine running on VMware, meaning that only organisations running VMware environments could benefit from Predatar’s unique recovery assurance capabilities.

With the launch of CleanRoom 3, Predatar is no longer VMware-dependent. Predatar customers can now deploy a Cleanroom as a Virtual Machine using other hypervisors too, for example in a Hyper V environment. This will become increasingly important as organisations reconsider their choices following Broadcom’s acquisition of VMware last year and the subsequent price hikes.   

In fact, the new CleanRoom architecture means that for the first time, a CleanRoom can be deployed directly onto bare metal, removing the need for a hypervisor entirely.

Where previously, customers would need to acquire new hardware or cloud infrastructure to deploy a CleanRoom, the new levels of flexibility mean that in many cases new customers are able to build CleanRoom 3 on hardware they already have.

Deployment simplicity

Not only is the operating system built-in, but the EDR (Endpoint Detection & Response) software that Predatar uses for malware interrogation and cleaning is too. Previously, Predatar customers would need to buy VMware and third-party XDR licences, and configure their cleanroom to recognise the licence keys – now it’s all baked in.

CleanRoom 3 is supplied as a single, downloadable ISO image which can be configured via an easy-to-use setup wizard and installed quickly. A Predatar CleanRoom can be up and running in under an hour.

Everyday simplicity

Regardless of whether you’re using Cleanroom 3 or a previous version, you’ll use the same Predatar CRO (Cyber Recovery Orchestrator) software to manage it. That means you’ll benefit from the intuitive GUI and all of the user-friendly features that customers have come to expect from Predatar.

But in addition, CleanRoom 3 leverages continuous updates to ensure the platform remains secure, up-to-date, and optimised without requiring manual intervention. The system continuously downloads updates and enhancements from Predatar’s repositories to ensure that CleanRoom 3 is always equipped with the latest security improvements, malware definitions, and performance optimisations.

By automating the update process, CleanRoom 3 eliminates the need for manual updates by engineers, reducing the risk of human error, saving time, and making day-to-day admin and maintenance easier than ever.

Think again about Cleanrooms

If you think that cyber recovery cleanrooms are complicated and expensive, think again! To find out how a Predatar CleanRoom can make recovery confidence a reality in your organisation, join our next webcast.

Don’t miss this live session: Register now

Oliver Parpart’s journey to leading two strategic growth initiatives at CANCOM GmbH is anything but conventional. With a rich background in project delivery, Oliver brings a deeply consultative and empathetic approach to client engagement — an approach shaped by years of hands-on experience ensuring IT service delivery success.

Unlike many leaders from a sales background, his method is not about pushing products but about deeply understanding a client’s environment and project delivery challenges. This ability to listen and ask good questions before prescribing solutions sets his team apart in a market dominated by large and competitive System Houses.

This client-first mentality has also influenced the strategic direction of his business unit, which focuses on two major growth initiatives: CANCOM’s DevOps practice and its Cyber Resilience practice.

As cybersecurity threats evolve rapidly, CANCOM is positioning itself as a trusted partner that can not only sell and integrate good technology but also deliver real business outcomes in a scalable, cost-effective way. At the heart of this approach is CANCOM’s Backup Assurance as a Service (BAaaS), a comprehensive, vendor-agnostic cyber resilience platform powered by Predatar.

Why Predatar?

CANCOM has a broad portfolio of backup and storage solutions. However, the complexity of modern enterprise IT landscapes demands a more unified approach to cyber resilience. This is where Predatar’s independence becomes a strategic advantage. Unlike vendor-specific solutions that often create silos, Predatar enables CANCOM to deliver a horizontal cyber resilience service that spans multiple technologies. This means customers can optimize costs, reduce complexity, and proactively defend against increasingly sophisticated cyber threats.

With BAaaS, CANCOM can rapidly elevate a client’s cyber resilience capabilities, deploying advanced security measures in a matter of weeks rather than months. This speed and efficiency are critical in the German and Austrian markets, where there is a shortage of highly skilled cybersecurity professionals. By leveraging Predatar’s automation and intelligence-driven platform, CANCOM can fill this gap, ensuring clients remain protected without the burden of hiring scarce in-house expertise.

Overcoming Internal Challenges to Scale the Service

Despite the strong market demand for cyber resilience services, CANCOM faces an internal challenge: ensuring its vast sales force of over 300 professionals across Germany—and 5,600 employees across Europe—are equipped to sell and support this new offering. Historically, CANCOM’s regional offices have had their own vendor preferences, making a unified approach difficult to implement.

To address this, CANCOM has developed strategic competencies that are independent of its vendor resale model. This allows the company to scale its BAaaS offering across its entire enterprise while improving margin performance and revenue predictability. Additionally, the sales enablement strategy includes a structured playbook and digital sales room templates via the Seismic platform, ensuring that all sales professionals can effectively communicate the value of CANCOM’s cyber resilience services.

Incubating BAaaS for Long-Term Success

To ensure the successful rollout of BAaaS, CANCOM made a considered decision to incubate the service within its Professional Services division, rather than placing it under the IBM resale business. This approach allows for tight control over initial deployments, ensuring quality and consistency. Over time, as adoption grows, the service will transition into CANCOM’s managed cyber and security services practice, enabling it to scale across a broader customer base.

The Future of Cyber Resilience at CANCOM

Cyber threats continue to evolve, and businesses need to be just as agile in their defences. With its consultative approach, deep technical expertise, and enhanced use of Predatar, CANCOM is well-positioned to deliver enterprise-grade cyber resilience at scale. The company’s ability to unify multiple backup and security technologies into a single, cohesive service offering is a game-changer for customers looking to simplify and strengthen their defences. By tackling internal and external challenges head-on, Oliver Parpart and his team are not just building another service — they are shaping the future of cyber resilience in Europe. Through strategic partnerships, an innovative delivery model, and a relentless focus on client success, CANCOM is proving that cybersecurity is not just about technology — it’s about trust, expertise, and execution at scale.

Start Your Journey To Resilience with an APEX Partner

CANCOM is a Predatar’s APEX partner, one of an elite group of expert service providers hand-picked for their customer-centricity, and their ability to deliver world-class cyber resiliency services powered by Predatar. To kick start your cyber resiliency project, contact the team at CANCOM or find an APEX Partner near you.

Bringing automated, AI-powered recovery testing and advanced malware hunting to your existing storage estate has never been easier.

At Predatar, we’ve launched our third-generation cleanroom. Not only is CleanRoom 3 the most advanced cyber recovery cleanroom on the market, it’s also easy to deploy and easy to manage.

Our new CleanRoom has been re-designed from the ground up with one objective – to make adoption of recovery assurance technology achievable to more organisations than ever before.

Until now, complexity has been a real barrier to adoption. This short article explains how we’ve simplified deployment and management of cleanroom technology.

What is a Cyber Recovery Cleanroom?

Before we talk about how Predatar is making cleanroom technology quick and easy to deploy, let’s recap on what cleanrooms are, and why your organisation needs one.

The truth is, there is a significant risk that your backups and immutable snapshots contain malware or other recovery issues. This will jeopardise your incident response, and severely impact your ability to restore business-critical IT systems following a cyberattack, or any other data-loss event.

A cleanroom is a secure, isolated environment where your IT team can validate the integrity and recoverability of the data your organisation will rely on for recovery – before a crisis hits.

4 years of CleanRoom implementations

CleanRoom 1: The original

Built for IBM Storage Protect backup environments, Predatar’s first generation Cyber Recovery Cleanroom was a game-changer. Previously, Cleanrooms (or Isolated Recovery Environments as they were commonly referred to at the time) were little more than a concept – often just an architectural design or blueprint, which could be deployed as a reactive tool for validating data in a crisis scenario.

When Predatar launched CleanRoom 1 in 2021, it was the first ‘productised’ cyber recovery cleanroom solution available. Not only did this make proactive cyber recovery testing a reality for IBM backup customers, but Predatar’s user-friendly software layer made day-to-day operation easy.

The difficult bit was deployment. Every storage estate is different, and every CleanRoom implementation needed a tailored design. A typical deployment would require 10-15 days of implementation services from highly skilled Predatar engineers. What’s more, each CleanRoom deployment would require new hardware or cloud infrastructure to be purchased and configured – sometimes adding weeks or months to the deployment depending on hardware availability.

CleanRoom 2: Multi-vendor support and faster deployments

The release of CleanRoom 2 in 2023 was another huge step forward. By extending support beyond IBM backup products to Cohesity, Veeam and Rubrik, and later adding capabilities to validate Immutable Snapshots on IBM FlashSystem and Pure Storage, Predatar had opened up the possibilities of recovery assurance to many more organisations.  

Other enhancements followed, including integrations with leading SIEM (Security Information and Event Management) platforms, AI-powered reporting, and more.

Despite CleanRoom 2 delivering greatly enhanced capabilities, the Predatar R&D team managed to significantly simplify deployments. Now a Predatar implementation could be completed in 3-5 days by an experienced Predatar Engineer, or one of Predatar’s APEX partners.

CleanRoom 3: Recovery Assurance For All

Our 3rd-generation CleanRoom marks another big leap forward. CleanRoom 3 has been designed to make Recovery Assurance technology accessible to more organisations than ever before, by breaking down the barriers to adoption. The cost and complexity of deployment has been one of those barriers.

Cleanroom 3 can be deployed on existing infrastructure, in less than one day, without the need for extensive training.

Here’s what’s changed…

New: ISO-based deployment

The most significant change, is that CleanRoom 3 is delivered as a self-contained virtual appliance. Users configure their cleanroom via a step-by-step setup wizard, before downloading a self-contained ISO image.

The ISO includes all the required components, pre-configured using the inputs from the wizard. Assuming the technical pre-reqs and minimum requirements are met, the ISO image can simply be installed on existing hardware or Cloud Infrastructure, and can be up and running in as little as 2 hours.

New: No third-party licences

Previously, Predatar customers would need to purchase VMware and third-party XDR (Extended Endpoint Detection & Response) licences for the CleanRoom. Not only did this add cost and administrative work, but it also added complexity to the setup, as the CleanRoom would need to be configured to recognise the licence keys for the third-party products.

With CleanRoom 3, the need for third-party licences has gone away. CleanRoom 3 doesn’t require VMware and the XDR licensing is now baked-in to your Predatar subscription.

New: Automated updates

CleanRoom 3.0 leverages continuous updates to ensure the platform remains secure, up-to-date, and optimised without requiring manual intervention. The system continuously downloads updates and enhancements from Predatar’s Git repository. This ensures that CleanRoom 3.0 is always equipped with the latest security improvements, malware definitions, and performance optimisations.

By automating the update process, CleanRoom 3.0 eliminates the need for manual updates by engineers, reducing the risk of human error, saving time, and ensuring that the system is always running the most current version.

Time to think again about CleanRooms?

If you think that achieving recovery assurance for your organisation is complicated, think again. With CleanRoom 3 from Predatar, you can bring automated, AI-powered recovery testing and malware interrogation to your existing storage environment in a matter of days.

Get started now. Find out more about Predatar, or book a demo.

At Predatar, we’ve just launched CleanRoom 3. Not only is our third-generation CleanRoom the most advanced cyber recovery cleanroom on the market, but it’s also the most accessible.

We believe that every organisation that relies on data can benefit from pre-emptive cyber recovery in a cleanroom. That’s why CleanRoom 3 has been redesigned from the ground up to make adoption of this important technology achievable for more businesses than ever before.

This short article highlights 3 reasons your organisation needs one.

What is a Cyber Recovery Cleanroom?

Before we talk about why you need a Cyber Recovery CleanRoom, let’s quickly cover what they are. A cleanroom is a secure environment where IT teams and/or cybersecurity teams can validate the integrity and recoverability of the data their business stores to ensure a clean and safe recovery.

If you are already familiar with the concept of cleanrooms, you might think that they’re only used in high-stakes, post-attack scenarios – but things have changed. Predatar has been leading the way with technology that enables continuous, pre-emptive data validation.

To take a deeper dive into cleanroom technology, read this article: A Guide to Cyber Recovery CleanRooms

Why do you need a Cyber Recovery Cleanroom?

The simple truth is there is only one reason you need a cyber recovery cleanroom, and that’s resilience. You might call it data resilience, cyber resilience, or more broadly – operational resilience. A cleanroom enables you to be ready to bounce back from a cyberattack (or any other data loss event).

But with so many new products and technologies promising to boost resilience, let’s dig in to why a cleanroom is a must-have component in your resiliency toolset.

 

Reason 1: You probably have malware in your backups

Few organisations would question the vital role backup & recovery plays for operational resilience. Backups are often recognised at the last line of defence against data loss events, including cyber attacks. Yet, surprisingly few organisations have steps in place to routinely check their backup data for viruses.

Here’s an eye-opening stat for you.

Predatar has discovered malware in the backups of 80% of its customers – that’s malware that had previously not been detected, and in some cases had the potential to cause serious damage.

Typically, Predatar customers are medium and large enterprises with extensive IT systems and robust cyber security capabilities, but even with best-in-class security tools such as firewalls, antivirus, EDR and XDR, malware can – and clearly does – still get into backups.

You can learn more about how malware infiltrates backups, the damage it can cause, and why immutability doesn’t solve the problem in this article: You probably have Malware in your backups

Implementing a cyber recovery cleanroom is the only way to continually interrogate and clean your data without impacting the performance of your production and backup systems, and crucially without putting your data at risk.

Reason 2: Downtime hurts

You could take a reactive approach to cyber recovery. This is common practice for cyber incident response in many organisations today.  With this approach, following containment of a cyber-attack, security and IT teams will work together to carry out forensic analysis of data as part of the data recovery process.

The big problem here is time. With business-critical systems offline, your organisation’s ability to function will be severely impacted. In fact, it’s common for businesses to go completely ‘dark’ following a serious data breach.

When systems are offline, every minute counts. But according to IBM’s most recent Cost of a Data Breach Report, 75% of businesses that had experienced an attack, took more than 100 days to fully recover. The same study reports that the average cost of a cyber attack to a business is now a massive $4.88 million(USD).

With a reactive approach to cyber recovery, the first step is often to procure the hardware and configure the tools required to analyse data at huge scale. This task alone can take weeks before validation at scale can even begin.
  
Once the process is underway, the next challenge is dealing with any infections or unrecoverable files that are discovered while in the middle of a high-pressure, high-stakes situation.

With a proactive approach, utilising a cyber recovery cleanroom for pre-emptive recovery assurance, when a crisis hits you’ll already know that your data is clean and recoverable. Of course, in a cyber incident scenario we strongly recommend re-validating all data before restoring it, but the great news is:

1. You will already have the hardware and tools configured: Essentially, your cleanroom can be utilised for post-attack validation .
2. The likelihood of finding issues with the data is vastly reduced: It will have been validated recently as part of a proactive validation cycle.

Reason 3: New regulations are coming

Not only is it good practice to test-drive your incident response – It’s quickly becoming a regulatory necessity.

A raft of regulatory frameworks is coming into force around the world with an emphasis on operational resilience – DORA (European Union), HIPPA (United States), FISMA (United States), PRA (United Kingdom) to name a few.

While today, these regulations mainly focus on finance, healthcare, and government organisations – it’s only a matter of time until regulators in other industries follow suit.

The direction of travel is clear. It will no longer be adequate for regulated organisations to have a plan, they will need to demonstrate the effectiveness of those plans.

Proactive cyber recovery in a cleanroom is a cost-effective way to continually demonstrate the effectiveness of data recovery plans.    

Recovery Assurance For All

Learn more about how Predatar has lowered the barriers to adoption and made pre-emptive, AI-powered Cyber Recovery a reality for more or businesses than ever before. Read the article: Recovery Assurance For All… with CleanRoom 3

 

Predatar’s third-generation Cyber Recovery Cleanroom is here. Redesigned from the ground up, CleanRoom 3 is making Recovery Assurance achievable for more organisations than ever before.

Cyber Recovery Cleanrooms – sometimes referred to as Isolated Recovery Environments – have been gaining traction as an important technology for operational resilience.

Big storage vendors including IBM, HPE, Dell and Commvault have introduced cleanroom technology to their portfolios, either as products or reference architectures – but despite the importance of the technology, market adoption has been relatively slow.

Predatar Founder & CEO, Alistair Mackenzie explains: “Most organisations understand they need to boost data resiliency. Cleanrooms have a big role to play, but until now, the technology has been seen as costly and complicated.”

Cyber Recovery Cleanroom Pioneers

Predatar has been ahead of the pack in this area. Since launching our first Cleanroom more than 3 years ago we’ve continued to innovate relentlessly to create the most advanced Recovery Assurance platform on the market today.

With the launch of our third-generation cyber recovery cleanroom, Predatar has significantly lowered the barriers to adoption. CleanRoom 3 is easier and more cost-effective to buy, it supports more storage configurations than ever before, and it can be deployed quickly.

Fewer Licences. Lower Cost.

Previously, customers needed to purchase licences for the hypervisors and third-party XDR (Extended Detection & Response) software that’s embedded in the Predatar platform. With CleanRoom 3 this requirement has gone away.

Not only does this make it much easier to procure the solution, but it’s more cost-effective too.

Now, one Predatar subscription covers all your licensing needs for automated recovery testing and deep malware scanning across Veeam, Rubrik, Cohesity, and IBM backups – and your IBM and Pure immutable snapshots too.

More Flexible.

Where most cleanrooms require customers to purchase new hardware or acquire new cloud infrastructure, CleanRoom 3 has been designed to run on a broad range of commodity hardware, meaning that in many cases customers will have the ability to use technology they already have in their data centre.

What’s more, our third-generation CleanRoom has more deployment options. Now customers have the option to build their CleanRoom as a Virtual Machine or deploy it on Bare Metal.

Quick and Easy to Deploy.

One of the biggest changes we’ve introduced in CleanRoom 3 is a completely new deployment method. All of the config is done via a step-by-step setup wizard. This generates an ISO file which can be downloaded and easily installed on the host environment.

Ian Richardson, CTO at Predatar explains “We’ve made the setup really user-friendly. Thanks to the new ISO-based deployment, a CleanRoom can be deployed in around 2 hours, without the need for extensive training or highly specialist skills.”  

How is Predatar Different?

CleanRoom 3 has been designed to make the benefits of Recovery Assurance achievable for more organisations, but the fundamental principles of Predatar remain the same. Our Recovery Assurance platform stands out in the marketplace in three important ways.

1. Predatar provides pre-emptive recovery testing: Using automation and AI, to continually validate the recoverability of critical backups and snapshots before a crisis hits.
   _
   
2. Predatar goes beyond anomaly detection: Where most alternative solutions identify signs of possible malware using anomaly detection methods, Predatar goes further – actually restoring suspect workloads, before running a full antivirus scan to verify the infection, and where necessary, cleaning the workload too.
   –
   
3. Predatar supports multiple backup and storage technologies including Veeam, Cohesity, Rubrik, IBM Storage Protect, IBM FlashSystems, and Pure Storage, so customers can validate different workloads in one Cleanroom with a single Predatar licence.

Talk to the Recovery Assurance Experts

To learn more about how Predatar can boost resilience in your organisation, contact our team or find a Predatar expert partner near you.