Plain-language definitions for the terms used across the site. Written for buyers, analysts, partners, and anyone evaluating the category.
A category for software that produces a confidence-scored safe-resume decision from primary production evidence, rather than only inventorying backups or running restore tests. Cybersnap.io defined and operates in this category.
Backups are safe but slow. Production snapshots are fast but unverified. The missing layer combines the speed of snapshots with backup-level verification and produces a recovery decision in minutes.
Cybersnap.io visual map of recoverability. Every server is a row. Every snapshot over time is a column. Each cell shows the cleanliness verdict for that recovery point. The closest clean recovery point before the attack is the answer.
The verdict Cybersnap.io produces for any candidate recovery point: safe to resume, requires investigation, or unsafe to resume. Confidence-scored, evidence-backed, and auditable.
A single AI cyber agent that reads SnapMap data and turns scan results, snapshot history, and ransomware indicators into a plain-language recovery picture. Six capabilities: Summary Report, Validate Threats, Show Affected Components, Detect Anomalies, Analyze Threat Details, Suggest Next Actions.
An AI-native recovery engine. Specialized agents (forensic, customer-profile, simulation, ranking, recommendation) each focus on one part of the recovery problem and feed a central recovery brain. The platform stops adding features and starts compounding capability.
Policy-governed rescue actions: inspect snapshot history, identify clean candidates, isolate questionable recovery points, validate workloads, and guide safe production resume, with human approval where required.
Six correlated detection layers: YARA rules, Shannon entropy, ransom-note reading, extension and filename threat feeds, language and NLP signals, mass-change timeline. No single indicator is enough. Cybersnap.io correlates them.
No. Backups and DR keep doing their jobs. Cybersnap.io reads their outputs alongside production evidence and produces the safe-resume decision they were never designed to produce.
NetApp and VMware as the validated wedge, with AWS as the cloud anchor. The connector model extends across additional storage and cloud platforms over time.
No. The platform works close to primary production environments and does not depend on a third-party cloud for the core recovery decision. Cloud, on-premises, and hybrid are all in scope.
Minutes, not days. The safe-resume verdict is produced from primary production snapshots, which are inherently faster than backup-based recovery.
The product was shaped in high-pressure Israeli government recovery environments. Built with elite cyber-intelligence expertise. Now available to U.S. enterprise, MSP, and partner customers.
For enterprises: book a briefing, evaluate the fit against your stack, run a focused engagement on a target workload. For MSPs and partners: start with the platform overview and book a strategic conversation.
Plain definitions for the terms that show up in every recovery conversation. Written for buyers, recovery teams, and the leaders who answer for them.
The maximum time the organization will tolerate between an incident and resumed operation. Cybersnap.io changes the RTO math: when the safe-resume verdict takes minutes, the recovery time is dominated by the actual restore, not by the decision.
The maximum acceptable data loss, measured as the gap between the last good recovery point and the moment the incident began. Production-side scanning narrows the RPO by validating recovery points close to the incident, not far before it.
Backups written to media or storage that cannot be modified after the fact. Immutability protects the copy. It does not validate the copy. Cybersnap.io adds the missing validation layer on top.
Physical or logical separation between backup storage and production. Air gaps reduce the blast radius. They do not produce a recovery decision. A safe-resume verdict requires evidence, not isolation alone.
A protected, often immutable, storage tier holding clean copies for use after a ransomware event. Vaults are storage. Cybersnap.io adds the decision layer that says which vault copy is the closest clean recovery point.
A point-in-time copy of a storage volume or VM, typically created by the storage platform itself (NetApp, VMware, AWS EBS). Faster to create and restore than backups. Only useful if the team can prove the snapshot is clean.
A pattern where candidate recovery points are restored into an isolated environment for inspection and validation before they touch production. Cybersnap.io automates the clean-room phase using FlexClone or vSphere clones.
The sequence of attacker actions from initial access through encryption and impact. Cybersnap.io operates at the recovery end of the kill chain: identifying which production snapshots predate impact and are safe to bring back.
File hashes, file names, registry keys, network signatures, and behavior patterns that suggest a ransomware presence. Cybersnap.io reads IoCs across snapshot history to identify the moment compromise began.
The Recover function of the NIST Cybersecurity Framework 2.0 covers recovery planning, communication, and improvements. Cybersnap.io directly maps to RC.RP (Recovery Planning) and RC.IM (Improvements) by producing the auditable evidence the function requires.
CISA guidance for cyber recovery, including the CIRCIA reporting requirements for federal incidents. Cybersnap.io produces the timestamped, exportable audit trail this reporting requires.
Pattern-matching rules used to identify malware and ransomware artifacts in files. Cybersnap.io applies YARA across snapshot history with context-aware severity scoring as one of six correlated detection layers.
A statistical measure of data randomness. High entropy in files that should be structured is a strong signal of encryption. Cybersnap.io uses entropy as a signature-less ransomware indicator.
A pattern of abnormal file modification activity across time. Cybersnap.io maps mass-write events across snapshot history to expose ransomware progression and identify the closest clean recovery point before it.
A recovery decision that includes a numeric confidence (e.g., 94%) and the evidence underneath it. Cybersnap.io produces confidence-scored verdicts so recovery teams and auditors can see both the decision and the reasoning.
Recovering each workload from its own closest clean snapshot, rather than rolling back the entire environment to a single shared point. Cybersnap.io produces per-workload verdicts by default.
The outcome of restoring from a recovery point that already contains attacker presence, persistence, or active malware. Cybersnap.io exists to make reinfection visible and avoidable.
NetApp's snapshot-based replication technology. Cybersnap.io reads SnapMirror destinations as recovery candidates and validates them with the same Recovery Intelligence applied to local snapshots.
NetApp's writable, instantaneous snapshot-based clone. Cybersnap.io uses FlexClone to spin up isolated sandbox environments for snapshot validation without consuming the production storage budget.
VMware's centralized management interface for vSphere environments. Cybersnap.io reads VM snapshots from vCenter and validates them using vSphere clones in an isolated network.
AWS-native backup service for EBS, RDS, EFS, and other AWS resources. Cybersnap.io reads AWS Backup recovery points and adds the Recovery Intelligence layer that says which one is the closest clean safe-resume option.
One of the six signal types Cybersnap.io correlates: YARA, Shannon entropy, ransom-note reading, extension and filename feeds, NLP signals, mass-change timeline. No single layer is sufficient; correlation across layers produces the high-confidence verdict.
The phase of recovery where a candidate snapshot is booted in isolation, tested for integrity and usability, and confirmed safe before being approved for production resume. Cybersnap.io automates the sandbox phase and produces the verdict from the test evidence.
The timestamped, tamper-evident record of what was decided, when, by whom, and based on what evidence. Cybersnap.io produces audit trails as a first-class output, not an afterthought.
Email the team directly. We respond to every inbound inquiry from operators, MSPs, partners, investors, and analysts evaluating the category.
500 words. Every Thursday. Free.
Recent ransomware analyzed through the lens of production-side Recovery Intelligence.