Earlier this year, Predatar launched CleanRoom 3. Our third-generation Cyber Recovery CleanRoom has been redesigned from the ground up – to make our unique Recovery Assurance technology accessible to more organisations than ever before.
In our recent webcast, ‘Recovery Assurance for All‘, Ian Richardson (Predatar CTO) and Rick Norgate (Predatar Managing Director) explain how we’ve broken down some of the biggest barriers to the adoption of this important technology. If you missed it, don’t worry – we’ve pulled out some of the key questions and answers from the session in this blog
Watch the webcast in full on YouTube
[25 mins]
What is a CleanRoom? And what does it do?
Ben: We’ve been using the term ‘CleanRoom’ at Predatar for a few years now, and recently we’ve been hearing it used more and more by cybersecurity experts, major tech vendors, and in the industry press. Rick, what is a CleanRoom? And what does it do?
Rick: That’s a great question. When we talk about CleanRooms, we’re specifically referring to Cyber Recovery CleanRooms. You might also hear them referred to in the industry as Isolated Recovery Environments. Essentially, it’s an isolated environment that you can use to perform recovery testing and malware scanning.
There is often some confusion around the term ‘CleanRoom’. When you look at how some technology vendors are using it in the market, and you dig into what they mean by ‘CleanRoom’, they’re generally referring to a tool that’s used post-attack to conduct forensic analysis. Imagine an organisation gets attacked – they’ll need to recover workloads somewhere to check they are clean and haven’t been compromised before they begin restoration.
At Predatar, when we talk about a CleanRoom, we’re actually referring to a proactive tool. The overarching concept is the same, but a Predatar CleanRoom is used to test your backups for recoverability, and then scan them for malware on a proactive basis – that’s the key difference when we talk about CleanRooms in the context of Predatar.
What is the role of a CleanRoom within a Recovery Assurance solution?
Ben: We talk about Predatar as a Recovery Assurance platform. So, Ian, can you explain what the role of a CleanRoom is within that overall solution?
Ian: Predatar is built on two core components. The first is CRO (Cyber Recovery Orchestration) software. This is the AI and automation engine at the heart of the solution. It pulls metadata from your backup applications into the platform. When users access their CRO interface via a browser, they can manage how they want their recoveries to work. They can trigger them manually, or set up rules for automation – which is where the real power of Predatar lies.
Users can choose whether they want to trigger workflows based on a signal of activity (like some sort of anomaly), on a predefined schedule, or both. The goal is to prove recoverability every single day, not just when a disaster strikes.
The second component is the CleanRoom. The CleanRoom is essentially a secure, isolated recovery environment where you can test and validate your recoveries without risk to your production environment. This is where users recover their workloads to. Following a successful recovery, Predatar runs a full malware scan – all without the risk of reintroducing potentially compromised data back into your live systems. This is how Predatar can give organisations confidence that if they ever need to recover for real, their data is clean, usable and safe.
So, to recap: the CRO automates and proves recoverability, then the CleanRoom provides a safe space to validate that recovery before putting anything back into production. Together, they close the loop on Recovery Assurance.
Can you give a real-world example of a Recovery Assurance use case?
Ben: Now, we’ve talked about the concept of Recovery Assurance. Rick, can you give us an example of a real-world use case?
Rick: Sure, I can do that. There’s a highly relevant and high-profile example in the UK at the moment. Marks & Spencer (M&S) is one of the biggest retailers in the UK. It’s been around for as long as I can remember – on every high street, in every town – in petrol stations, in airports – everywhere.
M&S was attacked last month by a group called Scattered Spider. The attack took place over the Easter break. We’re seeing more and more cyberattacks occurring during holiday periods, when IT and security staff are more likely to be out of the office, impacting the speed at which they can respond to and contain an attack.
So, back to M&S. They’ve already paid out to the ransomware group via their insurance company but have been unable to recover fully. They’re currently losing around £43 million per week.
Now, what’s really interesting about this attack – and this is fairly common – is that the ransomware gang originally gained access to M&S’s systems via social engineering. Once they had compromised employee accounts and gained access to the network, they didn’t immediately install ransomware. They spent time observing, learning, and escalating their access. Then, once they had reached all the systems they wanted to, they deployed ransomware to create maximum disruption.
So, how can Predatar help? First off, when this ransomware gang first accessed the Marks & Spencer environment, they likely installed reconnaissance tools like keyloggers and spyware to learn as much about the environment as possible. Often, these tools can be used discreetly, without triggering perimeter alarms or anomaly detection – which are usually designed to spot encryption and exfiltration events.
This is where Predatar can help. By running proactive recovery testing and carrying out full malware scans on workloads, Predatar has a high chance of picking up the criminals’ surveillance tools.
Predatar has found malware in 80% of our customers’ backup environments that they didn’t previously know was there – and much of that is made up of tools like key loggers and spyware.
Secondly, Predatar can also help once a malicious encryption event begins. Predatar has anomaly detection built in, which will trigger when workloads start to become encrypted. This acts as an early warning system to raise the alarm during an active attack.
How is Predatar different from other cyber resilience solutions?
Ben: That’s a great example, Rick. But there are lots of technologies on the market offering cyber resilience right now. Ian, perhaps you can tell us what makes Predatar different?
Ian: That’s a great question, and it’s one we hear a lot. There are plenty of technologies out there that claim to offer cyber resilience, but there are a few key ways in which Predatar really stands out.
First and foremost, Predatar is unified. A lot of the options on the market today come directly from backup and storage vendors. The big catch here is that they’re built to work only within their own technology ecosystem and stack. So, if you don’t want to be locked into a specific vendor, or you’re running a mix of technologies, Predatar is a great choice.
Predatar is agnostic to the technology stack. So, whether you’re using IBM, Rubrik, Cohesity – we can integrate with and orchestrate recoveries across all of them. And it’s not just about the products – we support multiple workloads on those platforms too: physical, virtual, snapshots from a storage subsystem – you name it. Instead of siloed tools for each backup platform or application, Predatar gives you one solution that works across many. It’s centralised, consistent, and scalable.
The second big difference is around speed and simplicity. When it comes to setting up things like CleanRooms, many of the products on the market today are more like DIY kits. They come with a reference architecture, some automation scripts, and then it’s up to you to pull it all together using your own resources. That might be fine for a huge enterprise with dedicated teams, but for most organisations, it’s a slow, complex, and costly project.
Predatar takes a completely different approach. We’ve productised the solution. We can deploy a fully functional CleanRoom environment – integrated with orchestration, automation, validation, and reporting – in just a matter of hours, not weeks. No complex integrations, no need to hire teams to build it out – just straightforward deployment and value from day one.
So, in summary, it’s one platform that brings together multiple backup products, supports a wide range of workloads, and makes recovery validation fast, simple, and accessible to any organisation.
Ben: Rick before we move on have you got anything you’d like to add with regard to what’s different about Predatar?
Rick: I think Ian’s covered that really well – as he always does. But there’s one thing worth adding. It’s important to say that Predatar is a proven technology. We’ve been doing recovery testing for the best part of 12 years, and we brought our first CleanRoom to market almost five years ago. Today, Predatar CleanRooms are in use all around the world. We’ve got customers in pretty much every geography using Predatar every day. We’ve got numerous customer case studies, and as I mentioned earlier, 80% of our customers have found malware in their environments that their primary XDR tools didn’t detect.
This proves that even if you have the very best XDR tools at the front end, malware can still get through. The more layers of defence you have, the better.
What was the big idea behind CleanRoom 3?
Ben: Okay, I think we’ve now got a good overview of Recovery Assurance, CleanRooms, and Predatar. So, let’s focus more specifically on CleanRoom 3. Rick, can you explain where the idea came from – and what was wrong with CleanRoom 2?
Rick: The first thing to say, Ben, is that there was nothing wrong with CleanRoom 2. And in some instances, CleanRoom 2 will still be the best option. The inspiration for CleanRoom 3 came from our customers and some of the channel partners we work with.
The concept of CleanRooms is resonating across the market, but we were getting feedback that the complexity of scoping and deploying the solution was causing friction. Customers didn’t want to buy lots of third-party products to make it work. With CleanRoom 2, for example, you needed Windows licences, SQL licences, VMware licences, and your own XDR licences too. That just adds complexity, increases cost, and slows down implementation.
With CleanRoom 3, the two guiding principles were:
[1] we wanted to make CleanRooms as easy and quick to deploy as possible, and
[2] we wanted to remove any dependency on third-party licences.
How did Predatar make the CleanRoom 3 concept a reality?
Ben: So, as Predatar’s CTO, Ian, I guess it fell to you and your team to put the concept into action and make Predatar’s third-generation CleanRoom a reality. Can you talk us through how you achieved it?
Ian: Yes, I’m excited to walk you through what’s new, because this is where we’ve really made big strides – not just from a technical perspective, but also in terms of making CleanRooms much more accessible and scalable for our customers. Let me break it down into a few key areas.
Firstly, we’ve removed the dependency on third-party software and licensing. In earlier iterations of our CleanRoom, there were certain third-party tools and licences – especially VMware – that we had to rely on. That added complexity, cost, and friction for our customers.
With CleanRoom 3, we’ve designed the entire environment to be natively driven by the Predatar portal. That means no additional licensing requirements and no extra software stacks that customers need to purchase, maintain, or configure. Everything is powered and controlled natively through Predatar. So, we’ve massively simplified the stack, making it cleaner and quicker to deploy, while also removing those hidden blockers around licence management and support overheads.
Secondly, we no longer require new hardware or cloud infrastructure. This is one of the most powerful changes in CleanRoom 3. It eliminates the need for customers to stand up new infrastructure – whether that’s physical servers or spinning up a collection of virtual machines. Instead, CleanRoom 3 lets you deploy into your existing environment exactly how you want – whether that be on bare metal or virtualised through VMware or Hyper-V.
For customers, this means no new hardware requirements, no additional software contracts, and no need to carve out or maintain separate infrastructure. You just deploy it however you need for your environment – and then we bring the CleanRoom to life on top of it: completely isolated, fully secure, and built for Recovery Assurance.
Thirdly, the deployment is now faster than ever – and this is an area where we’ve really pushed ourselves, because we knew that one of the biggest barriers to cyber recovery solutions was time to value. With CleanRoom 3, we’ve built a fully automated deployment process. What used to take weeks – from provisioning to configuration and validation – now takes just a few hours.
This is thanks to a new wizard within the Predatar portal, which generates an ISO image specifically for your environment – complete with all the networking and configuration embedded within it. This allows customers to run their unique ISO image on any system they choose, whether it’s a virtual machine or a bare-metal server.
The process is as simple as connecting the system to the ISO image, booting from it, and sitting back while everything is configured for you. We’ve essentially removed the DIY complexity and replaced it with a push-button deployment experience.
Now, CleanRoom projects don’t take weeks. A customer can stand one up in the morning, run test jobs that afternoon, and start building true recovery confidence immediately.
To sum it up: CleanRoom 3 is all about removing friction.
Key takeaways
CleanRoom 3 is another big stride forward for Predatar and for Recovery Assurance technology as a whole. Here’s three key takeaways from the webcast:
#1.
If you’re not using any sort of proactive Recovery Assurance today there’s a high chance that there’s malware in your backups already …just like 80% of Predatar customers before they deployed our solution.
#2
Predatar is the only vendor agnostic pre-emptive Recovery Assurance platform available
#3
CleanRoom 3 has made Recovery Assurance more attainable for lots of organisations. It’s more cost- effective, more flexible, and easier to deploy.
If you want to know more about how Predatar’s Recovery Assurance platform can benefit your organisation, visit www.predatar.com
