Author: Rick Norgate

In the dynamic world of cybersecurity, the release of Predatar R15: Honey Badger marks a significant milestone in the evolution of the platform. This update is not just an iteration; it’s a leap forward in how businesses can bolster their cyber resilience in an ever-changing threat landscape. With the addition of support for Rubrik and Pure Storage, alongside existing support for IBM Backup, IBM FlashSystem, Veeam, and Cohesity, Predatar has positioned itself as a crucial ally in the fight against cyber threats. This expansion is particularly noteworthy as it heralds a new era of inclusivity, with more integrations set to come in 2024.

Take Control.

The importance of support for a diverse range of data protection platforms cannot be overstated. In the current IT environment, businesses often rely on a combination of primary and secondary data protection platforms. This diversity, while often beneficial for layered security, introduces complexity in managing and monitoring these systems. Predatar R15: Honey Badger addresses this challenge head-on by providing a single control plane that works across any combination of these platforms. This unification is a game-changer, offering streamlined operations and enhanced visibility.

Bringing in all the metadata and alerts from disparate platforms into one place, Predatar simplifies what would otherwise be an overwhelming flood of information. The volume of data generated by multiple platforms is far too much for human analysts to sort and understand efficiently. Herein lies the brilliance of Predatar’s unique and patented A.I. technology. It meticulously analyses this mass of data, automatically spotting threats and helping customers prioritise which snapshots or backups to test and when. This capability is not just about automation; it’s about empowering businesses with the intelligence to make informed decisions swiftly.

Resilience needs to be Flexible.

Moreover, Predatar’s adaptability is a testament to its future-proof design. Understanding that businesses evolve and technology needs change, the platform ensures that if customers are migrating between data protection platforms, Predatar can seamlessly move with them. This flexibility ensures that investments in Predatar are long-term, providing value that adapts to the changing needs of the business.

Be ready for the 1 in 50 event

Recovery Testing is a pivotal aspect of Predatar’s offering. The traditional annual Disaster Recovery test, while important, is no longer sufficient in the face of modern cyber threats. With cyber crimes occurring with alarming frequency, the need for ongoing recovery testing is paramount. Predatar facilitates this continuous testing accords all supported platforms, ensuring that businesses are not just preparing for the “1 in 10 million event” but are robustly fortified against the “1 in 50 event.”

This approach to recovery testing is crucial. It ensures that organisations are not caught off-guard and that their data recovery strategies are always tested, proven, and ready to be deployed. The capability to regularly test and validate the effectiveness of backups and snapshots across multiple platforms is invaluable, particularly when considering the sophistication and evolving nature of cyber threats today.

When Recovery Testing meets Detection

An additional, often overlooked benefit of proactive recovery testing is its role as a detection tool. By rigorously testing backups and snapshots, organisations can uncover dormant malware that production tools may have missed. This aspect of Predatar’s functionality was dramatically highlighted in a recent case where, within just 11 days of going live with a customer,

 Predatar’s testing detected three Trojan horses in the customer’s backups.

These malicious files had lain undetected for six months, bypassing the production Extended Detection and Response (XDR) tools. This incident not only underscores the stealth and persistence of modern cyber threats but also illustrates the critical importance of Predatar’s recovery testing as a layer of cyber defence.

In essence, Predatar does not merely assist in the recovery process; it acts as an early warning system, identifying threats that have infiltrated the digital environment unnoticed. This proactive detection capability is invaluable, offering an additional layer of security that complements traditional cyber defence mechanisms. By integrating this level of analysis, Predatar ensures that organisations are not only ready to respond to incidents but are also equipped to pre-emptively identify and neutralise threats before they can cause damage.

Be ready for both today and tomorrow

Predatar Release R15: Honey Badger significantly enhances the cyber resilience capabilities of businesses. By integrating support for a broad range of data protection platforms, offering a unified control plane, leveraging advanced A.I. for threat detection and prioritisation, and emphasizing the critical role of ongoing recovery testing,

Predatar is setting a new standard in the industry. This release is not just an update; it’s a bold step forward in ensuring businesses are equipped to face the cyber challenges of today and tomorrow. Through its innovative approach to recovery testing, Predatar is redefining the landscape of cyber resilience, offering businesses a comprehensive solution that not only prepares them for recovery but also provides a proactive mechanism for threat detection.

You can check out more about Predatar R15: Honey Badger here

By Rick Norgate, Predatar Managing Director.

At Predatar, we understand that the heart of any product lies in solving real-world challenges for our customers. This belief steers our innovation roadmap, and it is your invaluable input that fuels our journey toward creating the most effective and cutting-edge solutions in cyber resilience. Today, we’re excited to unveil Predatar R13.1—an update that’s been shaped by listening closely to your needs and challenges. From deep malware scanning of legacy workloads to enhanced M365 alerting and the introduction of the PlayPen sandbox environment, every feature in R13.1 is a direct response to the needs you’ve expressed. Read on to discover how R13.1 empowers your organization to achieve unparalleled recovery assurance.

Deep Malware Scanning for Legacy Workloads with Predatar TimeMachine

Legacy systems can be the Achilles’ heel in your cybersecurity resilience plan, often escaping rigorous testing due to incompatibility issues. Predatar TimeMachine eliminates this gap by enabling effortless scans of virtual machines running on legacy operating systems or outdated EDR tools. These machines are moved seamlessly into our CleanRoom, where they undergo full recovery testing. Predatar then powers down the virtual machine and mounts all data for an offline scan, ensuring:

• Compatibility with Legacy Systems: Our approach ensures that you don’t have to leave older systems out of your resilience testing.
• Conflict Resolution: Avoid clashes with older Antivirus tools that could otherwise compromise your testing process.
• Enhanced Linux Support: Broaden your resilience testing by incorporating Linux machines into your recovery assurance plan.

Swift M365 Alerting for Instant Notifications

Alerting is often the first line of defence in a resilient cybersecurity architecture. The R13.1 update integrates with M365 to send real-time alerts for a variety of triggers such as failed recovery tests and malware detections. Immediate notifications are sent to your IT and SecOps teams, providing crucial advantages:

• Faster Response Times: The quicker your team is alerted, the faster they can act to mitigate risks.
• Enhanced Cybersecurity Resilience: Keep tabs on recoverability or data cleanliness issues as they happen, rather than discovering them after the fact.

Unleash Your Creativity with PlayPen

Innovation shouldn’t have to be a risky endeavour. R13.1 introduces PlayPen, a sandbox environment that lets you test new features and functions without affecting your live setup. Simply transition your live environment into PlayPen mode to perform:

• End-user Training: Use PlayPen as a safe training ground for your team.
• Cutting-Edge Experimentation: Try out new configurations and recovery methods safely.
• Rigorous Testing: Validate new features or disaster recovery plans before making them live, ensuring robust resilience.

PlayPen makes experimentation and testing as simple as a click, allowing you to revert to your live environment without saving changes once your experimentation is complete.

Conclusion

With the launch of R13.1, Predatar not only addresses some of the most critical challenges in data resilience but also opens the door to limitless possibilities. It’s not just an update; it’s a leap toward a future where recovery assurance is more robust, agile, and innovative than ever. Take the first step into this future by exploring Predatar R13.1.

Book a demo session or contact the Predatar team today!

In today’s increasingly interconnected world, cybersecurity remains a paramount concern. Ransomware, a form of malicious software that encrypts a victim’s data until a ransom is paid, continues to plague businesses and individuals alike. It’s crucial for organisations to rapidly detect and respond to these threats. Yet, with the barrage of alerts coming from security, backup and primary storage platform, how can you separate the real signals of cybercrime from the noise? Enter Artificial Intelligence (AI).

Why Combine Alerts Using AI?

1. Efficiency: Manually sifting through countless alerts from various platforms is tedious and error-prone. AI can process vast amounts of data in a fraction of the time, pinpointing potential threats swiftly.

1. Precision: AI can correlate disparate alerts and contextualize them. For instance, an anomaly in primary storage that aligns with a SIEM alert might be a significant threat. AI can recognise these patterns, thus reducing false positives and honing in on real threats.

1. Proactive Defense: By analysing patterns, AI can predict potential ransomware threats before they manifest, ensuring that defences are in place in advance.

Automated Recovery Assurance Tests and Malware Scans

After identifying the potential ransomware threat, the immediate next step is verification and containment. Here, AI can automate the process by:

1. Running Recovery Tests: Before a disaster strikes, it’s crucial to know if our backups and primary snapshots are sound. AI can take potential threat signals and use them to run recovery tests, ensuring that our backup and snapshot recovery mechanisms are robust and ready. This gives you the assurance that should the worst happen you will be able to recover.

1. Malware Scans in Isolation: Using the identified threats, AI can automate malware scans on both primary snapshots and backups. To ensure no further contamination, these scans are run in isolated sandbox environments which IBM and Predatar call a CleanRoom^TM.

Benefits of No Human Intervention

1. Speed: Every second counts in ransomware defense. Automated AI responses ensure immediate action.

1. 24/7 Coverage: Threats don’t stick to business hours. AI provides constant vigilance, ensuring no downtime in defence.

1. Consistency: Automated responses ensure that every alert is treated with the same rigor, reducing the scope of human error.

In conclusion, as ransomware threats evolve, our defense mechanisms must keep pace. The Predatar platform incorporates state of the art AI to streamline alert processing, threat identification, and response testing for IBM customers. The synergy of Predatar AI with both your IBM Defender and existing IBM data protection platforms will ensure a safer digital realm and boost recovery assurance for your organization.

To find out more about the exciting topic of AI and Cyber Threats. Our MD, Rick Norgate will be bringing this to life in session number 2592 ‘Ensuring Unparalleled Data Resiliency with Predatar & IBM Storage Defender’ at IBM TechXchange in Vegas between the 11th and 14th of September. You can register for the event here.

A recent ransomware attack on the large Danish cloud provider, CloudNordic, has resulted in catastrophic data loss for its customers. In a grim online notice, CloudNordic admitted that the ransomware attack rendered them entirely paralyzed. The aftermath? The majority of their customers should consider their data permanently lost. Such devastating events remind us of the growing audacity of cybercriminals and the vulnerabilities inherent in even the most trusted of IT setups.

The infiltration occurred in the early hours of August 18^th 2023. The criminals, in a calculated move, shut down CloudNordic’s systems, erasing both the company’s and its customers’ websites and email platforms. Efforts to restore the data proved futile, as both production data and backups were compromised. Though it might provide some solace, CloudNordic clarified that they found no evidence of any data exfiltration before the encryption. They speculated that the breach occurred while servers were transitioning between data centres. Some servers, pre-infected, were all linked to CloudNordic’s internal network during the transition, granting the hackers all-access.

Given this sobering incident, how can companies who use the cloud to store business data prevent falling prey to similar attacks?

1. Segregated Backup: CloudNordic’s transfer process inadvertently connected their servers to one internal network which then led to the breach. Ensure that different components of your IT environment (like production, backup, and administrative systems) all use isolated networks, separate access controls, and distinct cloud storage accounts. This will ensure backup data remains untouched even if production data is compromised in the cloud.

2. Multi-layered Backup Strategy: CloudNordic’s backups were compromised along with the production data. This can be avoided if companies follow the 3-2-1 rule: keep three copies of your data, on two different mediums, with one stored offsite. Moreover, offline or air-gapped backups can prevent ransomware from accessing and encrypting backup data.

3. Regular Security Audits & Recovery Assurance Testing: Using tools such as Predatar to deliver automated security checks across backup can identify vulnerabilities before they’re exploited. In addition continual automated restore testing and malware scanning provides assurance that, in the event of an attack, your organisation can efficiently restore from backups.

In conclusion, while CloudNordic is now offering a method for their clients to re-establish web and email servers (sans data), it’s a stark reminder that proactive measures are infinitely preferable to reactive solutions. In the rapidly evolving cyber landscape, relying solely on standard backups from a cloud provider can be perilous. Such backups, while convenient, often exist within the same ecosystem as primary data, making them vulnerable to the same threats. Cyberattacks, like ransomware, can simultaneously target both primary and backup data if they’re co-located. Additionally, cloud outages or provider-centric issues could jeopardise both datasets. For optimal security, diversified backup strategies, incorporating offsite and offline measures, are crucial. Simply put, a holistic approach to backups transcends mere convenience—it’s a necessity for robust data protection.

Book a demo here and find out how Predatar and IBM can help your business secure its cloud data.