📝NOTE: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support.

Overview

In modern IT environments, having a backup is only half the battle; the true challenge lies in the speed, reliability, and security of the recovery process.

This feature addresses two primary pain points:

Manual burden of regular testing
High-stakes pressure of recovering from a cyber attack

What are Cyber Recovery Plans?

Cyber Recovery Plans—a new tool that transforms recovery from a slow, manual process into an automated, threat-aware operation. While traditional disaster recovery is built for power outages or hardware failures, this feature is specifically engineered to defeat modern cyber threats.

It has two modes:

Scheduled Cyber Recovery Testing (SCRT): Think of this as a Fire Drill for your data. The system automatically runs a test on your schedule (Quarterly, half-yearly, or Yearly) to make sure everything works perfectly before an emergency happens.
Live Incident Recovery (LIR):This is your Emergency Button. If an attack occurs, this plan restores your critical operations into a secure environment, preventing re-infection and getting you back to business fast.

Licensing information: The available recovery plans depend on your SKU-

Advanced Ransomware Recovery SKU: Allows enabling only the Live Incident Recovery Plan.
Premium Security SKU: Allows enabling both the Scheduled Cyber Recovery Testing Plan (SCRT) and the Live Incident Recovery Plan.

Key Benefits

Threat-Aware Recovery: Most recoveries fail because they accidentally restore the virus along with the data. Our system automatically scans for malware before your data touches your office network.
Compliance-Driven Confidence: Many auditors now require Proof of Recovery. Our system automatically generates these reports for you, proving that your business is prepared and protected.
A Safe Room for Your Data: We use an Isolated Recovery Environment (IRE)—essentially a digital Sandbox—where we can test and clean your systems in a fenced-off area before they go live.
Speed & Accuracy: Instead of an IT person manually restoring one server at a time, our plans allow for a single-action restoration of your entire business application stack.

Key concepts to know

Isolated Recovery Environment (IRE): Also known as a "Sandbox." This is a fenced-off network segment where we can test and clean your systems without risk of infecting the production environment or communicating with the internet.
IOC Scan: A security validation step that searches for known malware "fingerprints" or signatures during the recovery process.
Post-Recovery Script: Automated hooks used to perform environment-specific tuning—such as re-IPing a server or verifying database services—immediately after the VM is turned on.

Supported Workloads for Cyber Recovery Plans

Enterprise Workloads

VMware - For more information, see Restore pre-requisites for VMware

How to create your first Cyber Recovery Plan?

Establishing a robust Cyber Recovery Plan is essential for ensuring business continuity in the face of a ransomware attack. Using the Cyber Recovery feature, you can create two types of plans:

Scheduled Recovery Testing Plan: Proactively tests your recovery readiness on a recurring basis. Check the pre-requisites.
Live Incident Recovery Plan: Executed during an actual security event to restore critical systems. Check the pre-requisites.

Access Path

Log in to the Cloud Platform console.
Navigate to Global Navigation icon > Cyber Resiliency > Ransomware Recovery > Cyber Recovery. The Get Started with Cyber Recovery page appears.
On the Get Started with Cyber Recovery page, choose either Create Scheduled Recovery Plan or Create Live Incident Recovery Plan as per your requirement.

Step 1: General Plan Details (General Tab)

Every recovery plan requires basic identification to distinguish it from other workflows. Enter the required details and click Next.

Step 2: Resource Selection (Resources Tab)

Identify which resources are critical for this recovery workflow. Use the search and filter criteria to find your required resources.

Step 3: Snapshot Selection (Snapshot Tab)

A snapshot is your point-in-time backup. Choosing the right one ensures you do not restore the ransomware itself. Select the appropriate recovery window (based on the Recovery Plan) and recovery options.

💡 Tip: Always use "Latest snapshot with no IOC matches" if you suspect a virus was present in recent backups.

Step 4: Target Environment (Target Environment Tab)

Define the isolated environment where the VMs will be hosted to prevent re-infecting your production network.

Step 5: Post-Restore Actions (Recovery Settings Tab)

Automate the clean-up and validation of VMs once they are powered on.

Once you have configured these five steps, click Finish to save your plan. Your Cyber Recovery Plan is now ready to be triggered manually or run on its assigned schedule.

Additional steps for managing and monitoring your Cyber Recovery Plans

Managing your Cyber Recovery Plans

You can manage your plans from the main dashboard using these actions:

Edit: Use this option to update the required configurations per your requirement. For more information, see Cyber Recovery Plan Dashboard.
Pause/Unpause: Stop a scheduled test if your team is performing maintenance.
Run Now: Manually trigger a test or live recovery immediately.

Monitoring and Reporting

The system keeps you informed every step of the way via email notifications:

7-Day Warning: You will receive an email a week before a scheduled test begins.
Execution Alerts: You will receive notifications for the following plan statuses: started, finished, failed, and ready to run.

The Recovery Report

After every run, you can download a Compliance-Ready Report. This document acts as proof for auditors or insurance providers that your business is prepared for a cyberattack. It includes: