Category: Uncategorised

Oliver Parpart’s journey to leading two strategic growth initiatives at CANCOM GmbH is anything but conventional. With a rich background in project delivery, Oliver brings a deeply consultative and empathetic approach to client engagement — an approach shaped by years of hands-on experience ensuring IT service delivery success.

Unlike many leaders from a sales background, his method is not about pushing products but about deeply understanding a client’s environment and project delivery challenges. This ability to listen and ask good questions before prescribing solutions sets his team apart in a market dominated by large and competitive System Houses.

This client-first mentality has also influenced the strategic direction of his business unit, which focuses on two major growth initiatives: CANCOM’s DevOps practice and its Cyber Resilience practice.

As cybersecurity threats evolve rapidly, CANCOM is positioning itself as a trusted partner that can not only sell and integrate good technology but also deliver real business outcomes in a scalable, cost-effective way. At the heart of this approach is CANCOM’s Backup Assurance as a Service (BAaaS), a comprehensive, vendor-agnostic cyber resilience platform powered by Predatar.

Why Predatar?

CANCOM has a broad portfolio of backup and storage solutions. However, the complexity of modern enterprise IT landscapes demands a more unified approach to cyber resilience. This is where Predatar’s independence becomes a strategic advantage. Unlike vendor-specific solutions that often create silos, Predatar enables CANCOM to deliver a horizontal cyber resilience service that spans multiple technologies. This means customers can optimize costs, reduce complexity, and proactively defend against increasingly sophisticated cyber threats.

With BAaaS, CANCOM can rapidly elevate a client’s cyber resilience capabilities, deploying advanced security measures in a matter of weeks rather than months. This speed and efficiency are critical in the German and Austrian markets, where there is a shortage of highly skilled cybersecurity professionals. By leveraging Predatar’s automation and intelligence-driven platform, CANCOM can fill this gap, ensuring clients remain protected without the burden of hiring scarce in-house expertise.

Overcoming Internal Challenges to Scale the Service

Despite the strong market demand for cyber resilience services, CANCOM faces an internal challenge: ensuring its vast sales force of over 300 professionals across Germany—and 5,600 employees across Europe—are equipped to sell and support this new offering. Historically, CANCOM’s regional offices have had their own vendor preferences, making a unified approach difficult to implement.

To address this, CANCOM has developed strategic competencies that are independent of its vendor resale model. This allows the company to scale its BAaaS offering across its entire enterprise while improving margin performance and revenue predictability. Additionally, the sales enablement strategy includes a structured playbook and digital sales room templates via the Seismic platform, ensuring that all sales professionals can effectively communicate the value of CANCOM’s cyber resilience services.

Incubating BAaaS for Long-Term Success

To ensure the successful rollout of BAaaS, CANCOM made a considered decision to incubate the service within its Professional Services division, rather than placing it under the IBM resale business. This approach allows for tight control over initial deployments, ensuring quality and consistency. Over time, as adoption grows, the service will transition into CANCOM’s managed cyber and security services practice, enabling it to scale across a broader customer base.

The Future of Cyber Resilience at CANCOM

Cyber threats continue to evolve, and businesses need to be just as agile in their defences. With its consultative approach, deep technical expertise, and enhanced use of Predatar, CANCOM is well-positioned to deliver enterprise-grade cyber resilience at scale. The company’s ability to unify multiple backup and security technologies into a single, cohesive service offering is a game-changer for customers looking to simplify and strengthen their defences. By tackling internal and external challenges head-on, Oliver Parpart and his team are not just building another service — they are shaping the future of cyber resilience in Europe. Through strategic partnerships, an innovative delivery model, and a relentless focus on client success, CANCOM is proving that cybersecurity is not just about technology — it’s about trust, expertise, and execution at scale.

Start Your Journey To Resilience with an APEX Partner

CANCOM is a Predatar’s APEX partner, one of an elite group of expert service providers hand-picked for their customer-centricity, and their ability to deliver world-class cyber resiliency services powered by Predatar. To kick start your cyber resiliency project, contact the team at CANCOM or find an APEX Partner near you.

Bringing automated, AI-powered recovery testing and advanced malware hunting to your existing storage estate has never been easier.

At Predatar, we’ve launched our third-generation cleanroom. Not only is CleanRoom 3 the most advanced cyber recovery cleanroom on the market, it’s also easy to deploy and easy to manage.

Our new CleanRoom has been re-designed from the ground up with one objective – to make adoption of recovery assurance technology achievable to more organisations than ever before.

Until now, complexity has been a real barrier to adoption. This short article explains how we’ve simplified deployment and management of cleanroom technology.

What is a Cyber Recovery Cleanroom?

Before we talk about how Predatar is making cleanroom technology quick and easy to deploy, let’s recap on what cleanrooms are, and why your organisation needs one.

The truth is, there is a significant risk that your backups and immutable snapshots contain malware or other recovery issues. This will jeopardise your incident response, and severely impact your ability to restore business-critical IT systems following a cyberattack, or any other data-loss event.

A cleanroom is a secure, isolated environment where your IT team can validate the integrity and recoverability of the data your organisation will rely on for recovery – before a crisis hits.

4 years of CleanRoom implementations

CleanRoom 1: The original

Built for IBM Storage Protect backup environments, Predatar’s first generation Cyber Recovery Cleanroom was a game-changer. Previously, Cleanrooms (or Isolated Recovery Environments as they were commonly referred to at the time) were little more than a concept – often just an architectural design or blueprint, which could be deployed as a reactive tool for validating data in a crisis scenario.

When Predatar launched CleanRoom 1 in 2021, it was the first ‘productised’ cyber recovery cleanroom solution available. Not only did this make proactive cyber recovery testing a reality for IBM backup customers, but Predatar’s user-friendly software layer made day-to-day operation easy.

The difficult bit was deployment. Every storage estate is different, and every CleanRoom implementation needed a tailored design. A typical deployment would require 10-15 days of implementation services from highly skilled Predatar engineers. What’s more, each CleanRoom deployment would require new hardware or cloud infrastructure to be purchased and configured – sometimes adding weeks or months to the deployment depending on hardware availability.

CleanRoom 2: Multi-vendor support and faster deployments

The release of CleanRoom 2 in 2023 was another huge step forward. By extending support beyond IBM backup products to Cohesity, Veeam and Rubrik, and later adding capabilities to validate Immutable Snapshots on IBM FlashSystem and Pure Storage, Predatar had opened up the possibilities of recovery assurance to many more organisations.  

Other enhancements followed, including integrations with leading SIEM (Security Information and Event Management) platforms, AI-powered reporting, and more.

Despite CleanRoom 2 delivering greatly enhanced capabilities, the Predatar R&D team managed to significantly simplify deployments. Now a Predatar implementation could be completed in 3-5 days by an experienced Predatar Engineer, or one of Predatar’s APEX partners.

CleanRoom 3: Recovery Assurance For All

Our 3rd-generation CleanRoom marks another big leap forward. CleanRoom 3 has been designed to make Recovery Assurance technology accessible to more organisations than ever before, by breaking down the barriers to adoption. The cost and complexity of deployment has been one of those barriers.

Cleanroom 3 can be deployed on existing infrastructure, in less than one day, without the need for extensive training.

Here’s what’s changed…

New: ISO-based deployment

The most significant change, is that CleanRoom 3 is delivered as a self-contained virtual appliance. Users configure their cleanroom via a step-by-step setup wizard, before downloading a self-contained ISO image.

The ISO includes all the required components, pre-configured using the inputs from the wizard. Assuming the technical pre-reqs and minimum requirements are met, the ISO image can simply be installed on existing hardware or Cloud Infrastructure, and can be up and running in as little as 2 hours.

New: No third-party licences

Previously, Predatar customers would need to purchase VMware and third-party XDR (Extended Endpoint Detection & Response) licences for the CleanRoom. Not only did this add cost and administrative work, but it also added complexity to the setup, as the CleanRoom would need to be configured to recognise the licence keys for the third-party products.

With CleanRoom 3, the need for third-party licences has gone away. CleanRoom 3 doesn’t require VMware and the XDR licensing is now baked-in to your Predatar subscription.

New: Automated updates

CleanRoom 3.0 leverages continuous updates to ensure the platform remains secure, up-to-date, and optimised without requiring manual intervention. The system continuously downloads updates and enhancements from Predatar’s Git repository. This ensures that CleanRoom 3.0 is always equipped with the latest security improvements, malware definitions, and performance optimisations.

By automating the update process, CleanRoom 3.0 eliminates the need for manual updates by engineers, reducing the risk of human error, saving time, and ensuring that the system is always running the most current version.

Time to think again about CleanRooms?

If you think that achieving recovery assurance for your organisation is complicated, think again. With CleanRoom 3 from Predatar, you can bring automated, AI-powered recovery testing and malware interrogation to your existing storage environment in a matter of days.

Get started now. Find out more about Predatar, or book a demo.

At Predatar, we’ve just launched CleanRoom 3. Not only is our third-generation CleanRoom the most advanced cyber recovery cleanroom on the market, but it’s also the most accessible.

We believe that every organisation that relies on data can benefit from pre-emptive cyber recovery in a cleanroom. That’s why CleanRoom 3 has been redesigned from the ground up to make adoption of this important technology achievable for more businesses than ever before.

This short article highlights 3 reasons your organisation needs one.

What is a Cyber Recovery Cleanroom?

Before we talk about why you need a Cyber Recovery CleanRoom, let’s quickly cover what they are. A cleanroom is a secure environment where IT teams and/or cybersecurity teams can validate the integrity and recoverability of the data their business stores to ensure a clean and safe recovery.

If you are already familiar with the concept of cleanrooms, you might think that they’re only used in high-stakes, post-attack scenarios – but things have changed. Predatar has been leading the way with technology that enables continuous, pre-emptive data validation.

To take a deeper dive into cleanroom technology, read this article: A Guide to Cyber Recovery CleanRooms

Why do you need a Cyber Recovery Cleanroom?

The simple truth is there is only one reason you need a cyber recovery cleanroom, and that’s resilience. You might call it data resilience, cyber resilience, or more broadly – operational resilience. A cleanroom enables you to be ready to bounce back from a cyberattack (or any other data loss event).

But with so many new products and technologies promising to boost resilience, let’s dig in to why a cleanroom is a must-have component in your resiliency toolset.

 

Reason 1: You probably have malware in your backups

Few organisations would question the vital role backup & recovery plays for operational resilience. Backups are often recognised at the last line of defence against data loss events, including cyber attacks. Yet, surprisingly few organisations have steps in place to routinely check their backup data for viruses.

Here’s an eye-opening stat for you.

Predatar has discovered malware in the backups of 80% of its customers – that’s malware that had previously not been detected, and in some cases had the potential to cause serious damage.

Typically, Predatar customers are medium and large enterprises with extensive IT systems and robust cyber security capabilities, but even with best-in-class security tools such as firewalls, antivirus, EDR and XDR, malware can – and clearly does – still get into backups.

You can learn more about how malware infiltrates backups, the damage it can cause, and why immutability doesn’t solve the problem in this article: You probably have Malware in your backups

Implementing a cyber recovery cleanroom is the only way to continually interrogate and clean your data without impacting the performance of your production and backup systems, and crucially without putting your data at risk.

Reason 2: Downtime hurts

You could take a reactive approach to cyber recovery. This is common practice for cyber incident response in many organisations today.  With this approach, following containment of a cyber-attack, security and IT teams will work together to carry out forensic analysis of data as part of the data recovery process.

The big problem here is time. With business-critical systems offline, your organisation’s ability to function will be severely impacted. In fact, it’s common for businesses to go completely ‘dark’ following a serious data breach.

When systems are offline, every minute counts. But according to IBM’s most recent Cost of a Data Breach Report, 75% of businesses that had experienced an attack, took more than 100 days to fully recover. The same study reports that the average cost of a cyber attack to a business is now a massive $4.88 million(USD).

With a reactive approach to cyber recovery, the first step is often to procure the hardware and configure the tools required to analyse data at huge scale. This task alone can take weeks before validation at scale can even begin.
  
Once the process is underway, the next challenge is dealing with any infections or unrecoverable files that are discovered while in the middle of a high-pressure, high-stakes situation.

With a proactive approach, utilising a cyber recovery cleanroom for pre-emptive recovery assurance, when a crisis hits you’ll already know that your data is clean and recoverable. Of course, in a cyber incident scenario we strongly recommend re-validating all data before restoring it, but the great news is:

1. You will already have the hardware and tools configured: Essentially, your cleanroom can be utilised for post-attack validation .
2. The likelihood of finding issues with the data is vastly reduced: It will have been validated recently as part of a proactive validation cycle.

Reason 3: New regulations are coming

Not only is it good practice to test-drive your incident response – It’s quickly becoming a regulatory necessity.

A raft of regulatory frameworks is coming into force around the world with an emphasis on operational resilience – DORA (European Union), HIPPA (United States), FISMA (United States), PRA (United Kingdom) to name a few.

While today, these regulations mainly focus on finance, healthcare, and government organisations – it’s only a matter of time until regulators in other industries follow suit.

The direction of travel is clear. It will no longer be adequate for regulated organisations to have a plan, they will need to demonstrate the effectiveness of those plans.

Proactive cyber recovery in a cleanroom is a cost-effective way to continually demonstrate the effectiveness of data recovery plans.    

Recovery Assurance For All

Learn more about how Predatar has lowered the barriers to adoption and made pre-emptive, AI-powered Cyber Recovery a reality for more or businesses than ever before. Read the article: Recovery Assurance For All… with CleanRoom 3

 

Predatar’s third-generation Cyber Recovery Cleanroom is here. Redesigned from the ground up, CleanRoom 3 is making Recovery Assurance achievable for more organisations than ever before.

Cyber Recovery Cleanrooms – sometimes referred to as Isolated Recovery Environments – have been gaining traction as an important technology for operational resilience.

Big storage vendors including IBM, HPE, Dell and Commvault have introduced cleanroom technology to their portfolios, either as products or reference architectures – but despite the importance of the technology, market adoption has been relatively slow.

Predatar Founder & CEO, Alistair Mackenzie explains: “Most organisations understand they need to boost data resiliency. Cleanrooms have a big role to play, but until now, the technology has been seen as costly and complicated.”

Cyber Recovery Cleanroom Pioneers

Predatar has been ahead of the pack in this area. Since launching our first Cleanroom more than 3 years ago we’ve continued to innovate relentlessly to create the most advanced Recovery Assurance platform on the market today.

With the launch of our third-generation cyber recovery cleanroom, Predatar has significantly lowered the barriers to adoption. CleanRoom 3 is easier and more cost-effective to buy, it supports more storage configurations than ever before, and it can be deployed quickly.

Fewer Licences. Lower Cost.

Previously, customers needed to purchase licences for the hypervisors and third-party XDR (Extended Detection & Response) software that’s embedded in the Predatar platform. With CleanRoom 3 this requirement has gone away.

Not only does this make it much easier to procure the solution, but it’s more cost-effective too.

Now, one Predatar subscription covers all your licensing needs for automated recovery testing and deep malware scanning across Veeam, Rubrik, Cohesity, and IBM backups – and your IBM and Pure immutable snapshots too.

More Flexible.

Where most cleanrooms require customers to purchase new hardware or acquire new cloud infrastructure, CleanRoom 3 has been designed to run on a broad range of commodity hardware, meaning that in many cases customers will have the ability to use technology they already have in their data centre.

What’s more, our third-generation CleanRoom has more deployment options. Now customers have the option to build their CleanRoom as a Virtual Machine or deploy it on Bare Metal.

Quick and Easy to Deploy.

One of the biggest changes we’ve introduced in CleanRoom 3 is a completely new deployment method. All of the config is done via a step-by-step setup wizard. This generates an ISO file which can be downloaded and easily installed on the host environment.

Ian Richardson, CTO at Predatar explains “We’ve made the setup really user-friendly. Thanks to the new ISO-based deployment, a CleanRoom can be deployed in around 2 hours, without the need for extensive training or highly specialist skills.”  

How is Predatar Different?

CleanRoom 3 has been designed to make the benefits of Recovery Assurance achievable for more organisations, but the fundamental principles of Predatar remain the same. Our Recovery Assurance platform stands out in the marketplace in three important ways.

1. Predatar provides pre-emptive recovery testing: Using automation and AI, to continually validate the recoverability of critical backups and snapshots before a crisis hits.
   _
   
2. Predatar goes beyond anomaly detection: Where most alternative solutions identify signs of possible malware using anomaly detection methods, Predatar goes further – actually restoring suspect workloads, before running a full antivirus scan to verify the infection, and where necessary, cleaning the workload too.
   –
   
3. Predatar supports multiple backup and storage technologies including Veeam, Cohesity, Rubrik, IBM Storage Protect, IBM FlashSystems, and Pure Storage, so customers can validate different workloads in one Cleanroom with a single Predatar licence.

Talk to the Recovery Assurance Experts

To learn more about how Predatar can boost resilience in your organisation, contact our team or find a Predatar expert partner near you.

Here’s an alarming statistic for you: At the time of writing this blog, over 80% of Predatar customers have discovered previously undetected malware in their backup data within a month of starting to use Predatar’s Recovery Assurance platform. So, how does it get there? And what can you do to make sure your backups are safe?

Most of Predatar’s customers are medium to large enterprises with expansive IT networks. Every one of these organisations has cyber security technologies in place, including some sort of antivirus product. In most cases it’s market-leading XDR products from vendors like Crowdstrike, Palo Alto, or Microsoft. So, how is malware getting into their backups?

How Does Malware Get into Backups?

1. Replication of zero day viruses

Typically, organisations configure their antivirus technology to run incremental scans on their production systems. Only new data or data that has changed is checked for malware. The reason for this is simple, incremental scans are more efficient – both in terms of time taken and the performance impact to the underlying disk. The reality is that checking all production data, every day, is simply not feasible.

The problem here is zero-day attacks. If a new strain of virus infiltrates your IT network before it’s known to your antivirus vendor, it will slip through the net and hide inside your network. This malware will remain undetected until the data it resides in is altered. At this point, it’s likely the virus definitions in your antivirus tools will have updated, and the malware can be flagged and removed.

But… most organisations create backups every night. So, in this scenario the malware that ‘slipped through’ will have been backed up too. Even if the virus is removed from production systems, very few organisations take the step of proactively checking and cleaning their backups.

2. Planting malware directly into backups

Cyber criminals can – and do – target backups directly. This is a common practice for ransomware gangs, who will encrypt or delete backups as part of a co-ordinated attack. By compromising the backups, they remove their victim’s ability to restore data. This gives them little option but to pay the ransom demands.

In this scenario, the criminals will gain administrator access to their victim’s backup platforms to plant malicious code directly into backup repositories. This approach completely bypasses antivirus protection on production systems.

Access is usually achieved via stolen administrator credentials, or hacking methods such as manipulating OAuth token access. In some cases, criminals will recruit an insider. For example, a Storage Administrator within the target organisation may be offered payment for planting malware in backups.

Why is Malware in Backups a Problem?

Put simply, malware in your backups will put your ability to restore at risk. Whether you need to recover an important file that was accidentally deleted, or mount a large-scale recovery of critical business systems following a cyber attack or other major data loss event – malware in your backups could be a show stopper, leaving you with no way to recover your valuable data.

At best, this will be inconvenient. At worst, business critical systems could be offline for extended periods. In some cases, loss of customer or employee data could lead to regulatory non-compliance, fines and legal action.

Does Immutability Solve the Problem?

Immutability has become a popular method to protect against the problem of malware in backups. While it offers some protection, immutability alone doesn’t solve the problem.

Essentially, immutability means that once data has been written it can’t be altered. Using immutable backups won’t stop undetected malware being replicated into your storage repositories, but it does mean that once it’s there it can’t be activated, and your data is safe from malicious encryption or deletion – while it remains in an immutable state.

The problem comes when an infected immutable backup is recovered. Restoring from an infected backup will introduce the malware to the system you are restoring to, and once the restore has taken place, the data is no longer immutable, and the malware could be activated by the criminals that created it.

How Can You Make Sure Your Backups Are Safe?

The only way to be sure your backups are safe is to check them. Best-practice dictates recovering backups to an isolated recovery environment, also known as a cleanroom, before running antivirus tools to validate them for cleanliness. This method means that if your backups are found to contain malware neither your production or backup systems will be at risk, while you take remedial action.

Today, this approach is generally used as a reactive measure in high-stakes scenarios. When a cyber attack has occurred, organisations will begin the process to validate their backups, starting with their most critical workloads, as part of a large-scale cyber recovery procedure.

What is Proactive Cyber Recovery?

Thanks to automation and artificial intelligence, products like Predatar Recovery Assurance platform can continually validate your backups to ensure they are always recoverable and free from malware. This proactive approach means that you’ll know your backups are safe before a crisis hits.

Only Predatar offers a vendor-agnostic solution that enables you to automate recovery testing and advanced malware interrogation on Veeam, Rubrik, IBM, and Cohesity backups in the same cleanroom. Predatar can also be used to validate immutable IBM and Pure snapshots too.

Want to Become Recovery Confident?

Don’t wait for a crisis to find out if you can recover. Watch this short video to learn more about Predatar and contact our team to start your journey to recovery confidence.

Empalis & Predatar:
A story of Partnership.

Predatar’s APEX partner program is so much more than a traditional reseller channel. It’s built on the foundations of a long-standing, multi-disciplinary collaboration with Empalis Consulting GmbH, and the result is a global community of exceptional collaborators. In this interview, Markus Stumpf, Business Development Manager at Empalis, explains what it takes to be an APEX partner, and why you should talk to one if cyber resilience is a concern in your business.  

Predatar: How did the partnership between Empalis & Predatar first come about?

Markus: It started almost 10 years ago. At the time, we were on the verge of launching our first managed backup and recovery service. Until then, Empalis had focussed on consulting and one-off engineering projects. It was an exciting time, but like any new venture, it was also a bit of risk. Would the service be a success? and if it was, could we scale it?

I met Alistair (Mackenzie, Predatar CEO) by chance at an IBM Storage conference in Las Vegas. He told me about Predatar, and I could instantly see how the automation and reporting features could help us. By automating daily reporting and other repetitive tasks, our service engineers could bring value to more customers.

Predatar: How did this partnership evolve?

Markus: Once we started using Predatar, our team began to see opportunities to enhance the platform further – to deliver even more value for our customers. Since the beginning, the Predatar team has actively looked for feedback, and we were more than happy to share our insights and ideas.

It soon became obvious that we would be great collaborators. We would challenge one another’s ideas and push the boundaries together. Before long, we were having a direct influence on the Predatar product roadmap, and Predatar was helping to shape the future of Empalis too.

Predatar: Can you give an example of how you’ve influenced the innovation of the Predatar Platform?

Markus: There are so many features and functions in Predatar that Empalis has influenced, but let me tell you about one of the more significant collaborations.

Today, Predatar is known for its innovative CleanRoom. In my opinion, it really is the most advanced Cyber Recovery Cleanroom solution available today. But let’s rewind a few years, before Predatar’s CleanRoom was even a spark of an idea.

I met with Alistair (Mackenzie) for a catch-up while he was in Germany on business back in 2019. We met in a small meeting room in Stuttgart. We weren’t intending for the session to be an R&D workshop, but by the time we were done, we’d mapped out the architecture of what would become Predatar’s first generation CleanRoom on a whiteboard.

Predatar: How else have you supported Predatar’s R&D?

Markus: Innovation at Predatar is rapid, but balancing this with rigorous testing has been a challenge for the Predatar team. We’ve been really happy to get hands-on and support with QA and usability testing. We want to get the latest tech to our customers, fast – but not before my team has put it through its paces – so this is a win, win.

Last year, Predatar formalised this process. They now run an Early Access Program (EAP) where Empalis and other APEX partners can test-drive new features. We’ve been putting CleanRoom 3.0 through its paces. Predatar’s third generation of Cyber Recovery Cleanroom will be a game-changer, making Recovery Assurance achievable for many more businesses.

Predatar: How has Predatar shaped Empalis?

Markus: Around 2 years ago we launched Viking Backup Guardian, our flagship managed backup and recovery service with Predatar baked-in. The service provides an immutable copy of customer’s backup data in our cloud, which we proactively verify for recoverability and cleanliness in a Predatar CleanRoom.  

What our customers love about this service is that it takes away the cost and complexity of CleanRoom setup, it’s scalable – so you only pay for what you need, and it’s completely managed. Empalis will deal with all the day-to-day operational stuff.

When we launched Viking, it was totally unique, and even today, with the exception of other Predatar APEX partners, I’m not aware of any MSPs that offer anything similar.

Predatar: Can you explain a bit about the APEX program?

Markus: It’s no secret that Predatar has designed the APEX program with an ambition to replicate the success of the collaborative relationship between Predatar and Empalis. You could say that our partnership has been the blueprint for the program. Today, there are 24 Apex partners globally.

Of course, like any channel program this helps Predatar access markets around the world – but APEX is about so much more. The selection criteria is rigorous. APEX partners must demonstrate they have the vision and capabilities to deliver world-class, value-added services with Predatar under the hood.

Any IBM channel partner can resell Predatar, but only APEX partners are authorised to integrate Predatar into their own products and services.

Predatar: What’s next for Empalis and Predatar?

Markus: We will continue to help more and more customers achieve recovery confidence with the Empalis Viking Guardian service. But when it comes to innovation, anything could happen. Ask me again after our next whiteboard session!

---

To find out how Markus and the team at Empalis can help you manage complexity and boost data resilience in your organisation, contact them here.

Find an APEX partner in your region here.

Are you considering deploying a cyber recovery cleanroom to test your systems’ recoverability from cyber-attacks or other disruptive events?

You’re not alone. The market for recovery assurance solutions, including cleanroom technology, is growing rapidly. Learn more in this article:
5 Reasons the Cyber Recovery Cleanroom Market is Growing Fast.

A common question we hear is; should you build a cleanroom or invest in an off-the-shelf (productised) solution? This article explores the pros and cons of each approach and provides a simple decision tree to help guide your choice.

This discussion assumes that you intend to use a cleanroom for proactive recovery testing rather than solely for post-attack recovery. While productised solutions can expedite deployment after an attack, their primary strength lies in pre-emptive recovery testing and assurance.

Cleanroom customisation

If your environment requires significant customisation, building your own cleanroom might be the best option. A DIY solution allows for precise tailoring to your infrastructure, whereas productised solutions are designed to serve a broad market.

For example, if your workloads include mainframes or iSeries systems that productised solutions do not support, a self-build approach may be your only choice. However, if your environment primarily consists of virtualised workloads—such as VMware, Windows, and Linux file systems—then a productised solution is a viable and often preferable option.

CleanRoom Security

For organisations operating dark sites with no permissible cloud connectivity, a DIY approach may be necessary. Many productised solutions rely on cloud-based control planes for features like AI-driven anomaly detection, and losing this connectivity can limit their effectiveness.

However, an isolated environment comes with trade-offs. Without internet access, you forfeit real-time malware definitions, security updates, and continuous product enhancements—features that productised solutions deliver automatically.

Cleanroom Automation

Productised cleanrooms benefit from advanced workflow automation that optimises resource allocation for recovery testing and malware scanning.

A key component of modern recovery assurance solutions is the use of data lakes and AI/ML models to prioritise anomalies for deeper analysis. The best cleanroom solutions leverage feedback learning to refine anomaly detection and minimise false positives over time.

If you lack in-house data scientists and software engineers, a DIY solution will likely lack the automation and orchestration capabilities of a commercial product.

Cleanroom ease-of-use

If ease of deployment and maintenance is a priority, a productised solution is the clear choice. Here’s why:

• Rapid Deployment – Modern cleanroom software can be deployed in under a day using standard infrastructure.
• Automated Security Patching – Productised solutions can integrate with repositories like GitHub, continuously downloading updates and enhancements to stay ahead of emerging threats.
• Vendor Support & Testing – Purchasing a product means gaining access to enterprise-grade testing, support, and maintenance. Many organisations opt for productised solutions to offload the burden of software development and patching.

Summary & Decision Process

For comparable costs, a productised solution will always provide a more feature-rich and automated cleanroom for supported workloads. Security concerns may restrict the use of some cloud-dependent cleanrooms, but some vendors offer private cloud deployments as an alternative.

As adoption increases and cleanroom solutions become more mainstream, productised offerings will continue to improve while costs decline, making the build-your-own approach increasingly less viable.

By following this structured approach, you can determine the best path forward for implementing a cyber recovery cleanroom tailored to your organisation’s needs.

Learn about Cyber Recovery Cleanrooms from Predatar

Predatar is a leader in Recovery Assurance technology. Our unique CleanRoom solution provides preemptive recovery testing and advanced malware scanning for backups and snapshots from many leading storage vendors including Veeam, Rubrik, IBM, Cohesity and Pure – with support for more technologies on the way.

Learn more at predatar.com.

Complex, multi-vendor storage environments don’t need complex, multi-vendor resiliency tools. In this short blog, we look at the benefits of unified Recovery Assurance with a centralised CleanRoom.

What is Recovery Assurance?

Put simply, Recovery Assurance is the process of validating that IT systems can be successfully restored following a data loss event.

By far, the most common type of significant data loss scenarios today are cyberattacks. That’s why there’s a new breed of Recovery Assurance technologies emerging, designed to verify that backups are recoverable and have not been compromised before they are used to restore production IT systems.

 You can learn more about the different types of solutions in the Recovery Assurance Buyer’s Guide.

What is a Cyber Recovery Cleanroom?

Cyber Recovery Cleanrooms are an integral component of Recovery Assurance, and are quickly becoming seen as an essential tool for cyber resilience. Essentially, a cleanroom is a secure, isolated environment where potentially harmful data can be analysed and validated without putting other IT systems at risk.

Typically, cleanrooms are seen as reactive tools that are only utilised when a large scale recovery is required. Predatar is leading the way with a new generation of pre-emptive cleanroom technology that automates continuous recovery testing and advanced malware scanning on backups and snapshots. This means that when a cyber incident hits, Predatar users already know that their backups (and primary snapshots) are recoverable and free from malware.

What is Unified Recovery Assurance?

Many of the big backup and storage vendors offer data resilience solutions including cleanrooms, anomaly detection and more. In most cases these solutions are designed to work solely with the vendor’s own products. For example, Veeam’s SureBackup solution is designed to validate the recoverability of Virtual Machines backed up with Veeam’s Backup and Replication platform, IBM’s Storage Defender Cleanroom architecture is intended to validate IBM SafeGuarded Copies and IBM Defender Data Protect backups, while Rubrik’s Cyber Recovery toolset is built to orchestrate recoveries on data backed-up in the Rubrik Security Cloud.

Predatar’s Recovery Assurance technology is different. It has been designed to provide data validation across multiple workload types, on both primary storage and backup storage, and is vendor-agnostic. That means that Predatar users can run automated recovery testing and advanced malware scanning across complex storage environments in a single, centralised CleanRoom – with just one Predatar subscription.

What are the benefits of Unified Recovery Assurance?

Benefit 1. Simplicity

Fragmented storage, doesn’t have to mean fragmented recovery. By choosing a unified approach to Recovery Assurance, IT and Security teams can simplify day-to-day management of resiliency and gain  greater observability though a holistic approach to data validation.

As well as daily operations, greater simplicity will really make a difference during incident response too. Coordinating high-stakes recoveries, with complex interdependencies is always going to be stressful, but with a unified Recovery Assurance solution, automated recovery sequences can be pre-defined and tested in preparation for a cyber incident.

Benefit 2. Cost

While some storage and backup vendors include data resilience features within their products, often they are not part of the core licensing/subscription plans. In many cases these features will only be available as upgrade options or to customers on premium plans.

It is worth contacting your backup and storage vendors to understand what tools are available to you, but
for organisations that have multiple storage and backup products in play, achieving resilience across all platforms could quickly become costly. You’ll also need to consider the additional training and resources required to learn, manage, and maintain multiple tools.

Predatar’s unified, vendor-agnostic approach to Recovery Assurance means Predatar customers can achieve parity of resilience across multiple platforms and technologies with a single solution.

Benefit 3. Future-proof

Technologies are always evolving. New storage products come to the market, while others are retired. Trends change. From tape storage, to mainframe, to Virtual Machines, to containers… How you store your data today might not be how you store it tomorrow.

With a unified, vendor-agnostic approach to recovery assurance, organisations can future-proof their investment, safe in the knowledge that if their storage solutions change, their CleanRoom won’t need to.

Predatar’s approach

Predatar is on a mission to give organisations complete recovery confidence. Our unique Recovery Assurance platform uses automation and AI to continually prove that your backups and snapshots are always recoverable and free from hidden malware. Here’s how:

With a single Predatar subscription, and one centralised Predatar CleanRoom, Predatar customers can validate Virtual Machines, Databases and files systems backed-up by Cohesity, IBM Storage Protect/Plus, IBM Storage Defender Data Protect, Rubrik, and Veeam. Immutable snapshots from IBM FlashSystem, and Pure Storage can be checked too.

Find out how Predatar can simplify Recovery Assurance in your organisation. Book a demo today.

Introduction

Today, cyber threats are sophisticated, they are evolving and they are relentless. While traditional cybersecurity measures focus on preventing attacks, the inevitability of a data breach necessitates a robust cyber resilience strategy. This approach emphasises not only prevention, but also the ability to respond to, recover from, and learn from cyber incidents. Achieving true cyber resilience requires a collaborative effort across various departments, particularly between storage and security teams.

The Shift from Cybersecurity to Cyber Resilience

Historically, organisations have concentrated on building their defences to prevent cyber breaches. However, recent trends and regulatory requirements underscore the importance of accepting that breaches will occur and preparing accordingly. This shift moves organisations from a purely preventive stance to one that also prioritises response and recovery.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework exemplifies this approach. The framework outlines five core functions:

1. Identify: Understand and manage cybersecurity risks.

2. Protect: Implement safeguards to ensure service continuity.

3. Detect: Develop activities to identify cybersecurity events.

4. Respond: Take action regarding detected cybersecurity incidents.

5. Recover: Maintain plans for resilience and restore impaired capabilities.

Traditionally, organisations have focused heavily on the first three functions. However, the increasing complexity of cyber threats and regulatory mandates necessitate a stronger emphasis on the Respond and Recover functions—a shift known as ‘shifting to the right.’

The Cyber Resilience Gap

Cybersecurity teams meticulously monitor metrics including patch rates, incidents raised, and mean time to fix. Meanwhile, IT operations and storage teams prioritise system availability and downtime reduction. Yet, few firms rigorously track recovery metrics, creating a cyber resilience gap.

Predatar’s data reveals that organisations recover less than 1% of their data annually, and 1 in 14 backup recoveries is compromised. This stark reality highlights the gap between firms’ cybersecurity measures and their actual ability to recover from cyber incidents.

Barriers to Closing the Cyber Resilience Gap

Security officers and organisations may not conduct extensive data storage recovery testing due to:

1. Resource Constraints: Recovery testing requires time, manpower, and budget, which may be deprioritised.

2. Perceived Low Risk: Many organisations assume their backup processes are sufficient without rigorous testing.

3. Complexity: Recovery testing is intricate and requires simulated disaster scenarios.

4. Responsibility Challenges: Coordination between IT, security, and management can be difficult, hindering testing efforts.

Whose Role is Cyber Resilience?

Cyber resilience is a team effort, requiring coordination across departments. Here’s how different roles contribute:

Role	Responsibility
CISO	Oversees cybersecurity strategy and ensures response plans are in place.
IT Security Team	Develops technical recovery strategies and validates system integrity.
Storage & IT Operations	Manages backup systems, ensures redundancy, and restores data.
Incident Response Team	Coordinates containment and investigation efforts post-breach.
Legal & Compliance	Ensures regulatory alignment and manages compliance issues.
Communications & PR	Handles external communication in case of breaches.

Closing the Gap: A Cyber Resilience Framework

To enhance cyber resilience, organisations should focus on two key areas: Recovery Speed and Data Integrity.

1. Recovery Speed

Prioritisation

Organisations should identify the critical business systems that make up their Minimum Viable Business —those essential for operational continuity. Recovery Assurance software can automate recoveries based on prioritisation and reduce resource waste.

Early Detection

Security teams should integrate data storage systems into Security Orchestration, Automation, and Response (SOAR) systems to improve recovery speed. AI-powered metadata analysis and storage scanning enhance threat detection.

Example: IBM FlashSystem In-line Threat Detection observes data behaviour and alerts administrators about ransomware threats.

Storage Methods

Storage speed affects recovery time. Below is a breakdown of typical recovery times per 1TB of data:

Storage Medium	Estimated Recovery Time
Storage Class Memory (SCM)	~7 min
Solid State Drives (SSD)	~17 min
Nearline SAS Drive Array	~35 min
Object Storage (1Gb connection)	~1 hr 30 min
LTO9 Tape Drive	~30 min – 4 hrs (Data Dependent)

A cyber resilience strategy must include both primary and secondary storage solutions, as:

• Primary storage snapshots don’t cover all workloads.
• Secondary backups allow granular recovery (VM, folder, file level).
• Offline secondary backups provide air-gapped protection against ransomware.

2. Data Integrity

Storage Architecture Design

A resilient storage architecture follows five key principles:

1. Data Encryption: Protects data from unauthorised access, reducing its value to attackers.

2. Access Controls: Enforce MFA, quorum approvals, and complex passwords.

3. Three Plus Copies: Follow the 3-2-1-1-0 rule: three copies, two media types, one off-site copy, one offline, and zero errors.

4. Immutability: Prevents data tampering but requires proper implementation.

5. Air-Gap Solutions: Isolate critical data from the network to prevent malware spread.

Recovery Planning & Testing

Recovery plans should be frequently tested. New Recovery Assurance technologies including Cyber Recovery Cleanrooms with AI and automation built-in are making this achievable at scale. These solutions provide:

• Randomised Testing – Periodically tests a subset of systems.
• Scheduled Testing – Ensures all systems undergo recovery trials.
• Event-Based Testing – Triggers tests based on security alerts or anomaly detection.

To further ensure data integrity, storage volumes should be scanned for malware during recovery.

Reporting for Continuous Improvement

Cyber resilience is an ongoing effort. Organisations should track key metrics beyond just backup success rates, including:

• Recovery Time Objectives (RTOs) & Recovery Point Objectives (RPOs)
• Cyber Incident Metrics (frequency, severity, response time)
• Downtime & Service Availability Reports
• Cyber Resilience Index – A custom benchmark tracking overall recovery capabilities.

5 Questions to Ask Your Data Storage Manager

1. How are encryption and access controls managed?

2. What is our recovery testing frequency?

3. Are backups segregated and protected against cross-contamination?

4. Do we have an offline or air-gapped backup solution?

5. Can we measure our cyber resilience effectively?

Conclusion

Cyber resilience is not just an IT problem—it’s a business imperative. Organisations must bridge the cyber resilience gap by:

• Shifting focus from cybersecurity to cyber resilience.
• Encouraging collaboration between security and storage teams.
• Implementing faster, more secure recovery solutions.
• Regularly testing backup and recovery plans.
• Leveraging AI and automation to improve detection and response.

By adopting these strategies, organisations can not only survive cyberattacks but emerge stronger and more resilient in the face of evolving threats.

How can Predatar help?

Predatar’s Recovery Assurance platform uses AI and Automation to make data resilience achievable. Discover how…

According to a recent study, ransomware payments have dropped by over a third as more victim organisations refuse to pay up. In this short article we dig deeper into the story. We ask: what’s driving the trend? And explore how organisations, like yours, can be ready to so “No” to extortion.

The study, published earlier this month by US-based blockchain analysis firm Chainalysis, highlights a significant drop in total reported ransomware payments from $1.25 billion(USD) in 2023, down to $813 million(USD) in 2024 – that’s a drop of 35%. The statistic is uncommon in the sense that overwhelmingly, studies into cybercrime tend to tell a negative story, where attacks are on the rise and the criminals are on the front foot.  

Is ransomware as an attack strategy in decline?

Sure, ransom payments are down, which means less money flowing into the bank accounts of criminal gangs. This, in turn, will diminish the incentive for the attackers, and ultimately could lead to a reduction in the prevalence of ransomware attacks – but, there is no sign of that yet. It’s worth noting that while ransom payments fell last year, the number of ransom demands actually increased. This tells us that criminal gangs are continuing to succeed in breaching defences and locking down networks.

If perimeter cybersecurity measures aren’t stopping more ransomware, then what’s changed? Why are more ‘victim’ organisations choosing to take on the complex and often risky task of recovering their systems over paying to have them unlocked?

Choosing Recovery Over Ransom

In an ideal world, no organisation would pay a ransom demand. While the number that do pay is falling, Coveware’s quarterly ransomware report shows that in 25% of cases in Q4 2024, demands were paid with an average payment cost of over $550,000(USD).

So, what are the considerations to weigh up when deciding whether to pay up? And what’s changed that is shifting the needle.

The moral question:
The moral question is, should your organisation fund criminal activity? Of course this sounds like a no-brainer, but rather than being a binary choice, it’s actually more nuanced. Really, it’s about balancing the ethical position of your organisation against the negative (and potentially devastating) impacts that not paying the ransom will have on your employees, your customers, and your supply chain.

The legal question:
The question here is, is it illegal to pay the ransom? While there is no universal legal position on payment of extortion demands associated with ransomware, many governments around the world have put measures in place to prohibited, limit, and discourage payment. So, in some circumstances, payment the ransom is actually illegal.

As an example, The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has prohibited payments to certain sanctioned organisations, including some known ransomware groups.

When it comes to similar legal sanctions, the direction of travel is clear. The European Union and 48 individual countries have signed up to the International Counter Ransomware Initiative, which states that government authorities should not pay ransomware extortion demands.

Meanwhile, the UK government has declared that a ban on ransom payments by public sector entities including schools, the National Health Service (NHS), and local councils is under consideration.

There is no doubt that these measures at a governmental level are contributing to the decrease in ransom demand payments. Essentially, in some scenarios they remove the option of payment entirely.

The confidence question:
Fundamentally, choosing to pay an extortion demand, or not, is about calculating risk. The question is, how confident are you that your business can recover its IT systems quickly, and completely without the risk of re-infection?

Over the last 3 years many organisations have shifted from a cybersecurity strategy to a more holistic cyber resiliency strategy – putting processes and technology in place to ensure that if the worst happens, they are ready to mount a rapid and robust recovery.

We believe this has been the biggest contributing factor to the decrease in ransom demand payments. When an organisation is confident in it’s own ability to recover, the criminals’ leverage is removed.

Achieving Recovery Confidence

Saying ‘No’ to a ransomware extortion demand is a bold move, and if you lack certainty in your ability to recover, it could be a disastrous one. That’s where Recovery Assurance technology comes into play.

The Recovery Assurance Buyer’s Guide is a useful resource to help you understand the different technologies in this emerging marketplace and guide you towards the right ones to make your organisation ‘recovery confident.’

Predatar, for example, is designed to prove that your backups and snapshots are recoverable and infection-free – before a crisis hits. Thanks to AI and automation, you can validate your recovery plans daily, and continually check that your storage hasn’t been compromised.

In conclusion

Early signs indicate that the ransomware tide may be turning, but organisations can’t be complacent. The risks are still very real, particularly for organisations that don’t have robust cyber resiliency practices in place. By shifting from a cyber security approach to a more holistic cyber resiliency one, and investing in the right technologies, organisations can build recovery confidence and say “No” to extortion demands.