Cutover provides automated runbooks for technology teams. It is used in many of the world's major banks to support them, from recovering their applications or services quicker under an outage, to migrating their services faster to the cloud or wider infrastructure, to releasing and patching their software. Cutover's ability to integrate both human and machine based activities allows for efficient and effective completion of complex activities. Typically, we see customers using Cutover to orchestrate recovery in phases once the immediate threat has been neutralized. Firstly, validating and recovering if necessary, their control plane, ensuring that network based operations, authentication, and access management systems are all restored as quickly as possible if impacted by the attack. Secondly, beginning the recovery from bare metal of critical business services. And as part of the recovery of those services, restoring from a last known good, non infected backup and validating the integrity of that data store. Based on this, we see customers building bare metal and data integrity recovery templates for each of their apps and storing it in Cutover. Of course, every organization is unique and therefore Cutover offers the flexibility to structure templates in different ways. For example, merging services and data recovery plans together. In addition to this, we are capable of integrating with a customer's configuration management database to enrich the Cutover runbooks with valuable data around the application or service, which can later be used to filter down manually or automated via powerful Cutover API to specific attributes such as the criticality of the application or service or by their RTOs. Let's now consider an example use of Cutover for bare metal recovery. A ransomware attacker has just occurred. Hackers targeted a locally hosted set of critical applications supporting your payment service, following NIST best practices, your cyber security team has led the detection and eradication of the malware deployed as a result of the attack and now you need to recover your applications from a last known good set of backups sitting in your cyber vault. Using one of the predefined templates, your recovery team can run the validation process. They check your identity and authentication systems. They check that your cyber vault is accessible. This could equally be an automated check with your Dell cyber recovery vault or Rubric cloud vault. Moving on, we validate which applications have been hit and need to be restored. At this point, using Cutover's linked runbooks feature, you can link in your specific application recoveries into your main event runbook as we have done here. Now we have identified the important business service and the application supporting it, the appropriate personnel are alerted for them to begin running the bare metal application recovery processes for the various payment services. Let's dive into the recovery steps for one of these applications. We start by confirming the location for restoration. We evaluate our backups against a known good position and confirm that control plane services have been restored and are not infected. Integrations with tools like Rubrik and Veritas allow organizations to orchestrate technical recovery activities in one platform alongside those activities your members of staff are performing. For our network attached storage services, we restore back to a last known good position, allowing infrastructure and application services to be restored from bare metal. If a cyber vault is in place, we can restore from immutable copies of our production data, ensuring that our production systems are restored to a known good state. Optionally, we can select a number of different parts of the application to be restored. In this case, we have the option to restore web server components, but also database and middleware components. Each bare metal recovery plan can be customized according to the specific application or service's needs. Having restored database, web application, and middleware services for this specific application, we then perform setup and configuration activities to continue to recover this application. Tasks exist in the runbook to validate the application's restoration state and these can be configured for both technical and business teams to execute known test plans to validate the successful restoration and recovery of service. So why use Cutover runbooks? The use of Cutover runbooks allows you to seamlessly orchestrate your complex recovery activities whether they are human or automated tasks. The runbooks allow you to send notifications to interested parties via inbuilt comms methods such as email or SMS, but also via third party platforms such as Microsoft Teams or Slack. The runbook is structured to allow accurate capture of RTA (recovery time actual) for subsequent comparison to the RTO (recovery time objective) of the service. Use of our node map in both planning and execution phases shows users the logical sequencing of activity and can help diagnose where tasks are misaligned. Use of Cutover enables you to effectively and quickly restore back to a known good state, restoring service to your customers and users. Cutover enables you to analyze your performance in restoration and identify opportunities for improvement and automation. These steps are completely configurable, as this is a best in class template. We work with our customers to further refine these templates to customize them to their specific needs so that they can be invoked in real time. Cutover offers a full audit log of everything that has transpired to enable you to investigate the recovery process after the attack and learn from it. Additionally, our PIR (post-implementation report) provides valuable insights into what activities and steps could be improved the next time you evaluate this recovery plan. I hope this short video has been helpful to illustrate at a high level how Cutover can provide more confidence and efficiency with your cyber recoveries. Contact Cutover today.
.webp)
