πNOTE: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support.
General FAQs: Understanding the Basics
What exactly is a Cyber Recovery Plan?
Cyber Recovery Plansβa new tool that transforms recovery from a slow, manual process into an automated, threat-aware operation. While traditional disaster recovery is built for power outages or hardware failures, this feature is specifically engineered to defeat modern cyber threats.
It has two modes:
Scheduled Cyber Recovery Testing (SCRT): Think of this as a Fire Drill for your data. The system automatically runs a test on your schedule (Quarterly, half-yearly, or Yearly) to make sure everything works perfectly before an emergency happens.
Live Incident Recovery (LIR):This is your Emergency Button. If an attack occurs, this plan restores your critical operations into a secure environment, preventing re-infection and getting you back to business fast.
For more information, see <Get Started>.
What is the "Sandbox" (Isolated Recovery Environment)?
Imagine a digital quarantine room. The Sandbox is a secure area where your virtual machines are turned on, but they are not allowed to talk to the internet or your main office network. This ensures that if there is still a virus on the backup, it cannot spread.
How does the system know the backups are "clean"?
The plan uses an IOC Scan (Indicator of Compromise). This is like a digital fingerprint scanner that looks for known traces of malware or ransomware before the virtual machine is allowed to fully start up.
How It Works: Testing vs. Emergencies
What is the difference between a "Scheduled Test" and a "Live Incident"?
Scheduled Testing (The Drill): The system automatically builds your virtual machines in the Sandbox every few months. It proves you can recover, generates a report for your records, and then shuts everything down.
Live Incident Recovery (The Real Deal): This is the Emergency Button you press during an actual attack to get your business back up and running in a safe environment.
Will these tests slow down my actual work?
No. Because the recovery happens in a separate "Sandbox" and uses a dedicated Proxy Pool (a separate set of digital resources), your daily operations continue as usual.
Creating Your Plan: What You Need to Know
How many virtual machines can I include in one plan?
For Scheduled recovery testing plan, you can group up to 10 Virtual Machines per plan.
Which "Snapshot" should I choose?
A snapshot is just a "save point" in time. We recommend choosing "Latest snapshot with no IOC matches." This tells the system: "Give me the newest version of my data that does not have a virus in it."
What are "Post-Restore Scripts"?
These are tiny automated helpers. Once a virtual machine is turned on, these scripts can do things like rename the virtual machine or change its internal settings so it works correctly in the new recovery environment without a human having to log in and do it manually.
Management and Compliance
Do I get proof that these tests are happening?
Yes. After every run, the system generates a Recovery Report. This is a Compliance-Ready document you can hand to auditors or cyber-insurance providers to prove your business is protected. It shows:
Which virtual machines were recovered.
Results of the malware scans.
How long the recovery took.
Can I stop a scheduled recovery plan?
Absolutely. If your team is doing maintenance, you can Pause a plan at any time and Unpause it when you are ready to resume the schedule.