Sign up to save your podcasts
Or
Share Your Backups Are Talking — Are You Listening?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Your Backups Are Talking — Are You Listening?
Security teams spend enormous effort chasing the latest threats, yet often overlook one of the most revealing sources of truth already in their environment: backups. In this episode of Data Security Decoded, host Caleb Tolin sits down with Kyle Fiehler, Transformation Analyst at Rubrik Zero Labs, to explore why backup data has become a critical — and largely ignored — form of security telemetry.
Kyle explains how secure, immutable backups act as a historical record of attacks that evaded traditional detection tools, capturing digital fingerprints left behind by sophisticated adversaries. From hypervisor-level threats to long-dwell state-backed actors, backups often reveal what endpoint and network tools miss. And attackers know it. As Kyle outlines, ransomware groups like Evil Corp and Storm-0501 deliberately target backups and identity infrastructure to maximize leverage and accelerate payouts.
The conversation also challenges how organizations think about recovery and Mean Time to Response (MTTR). Rather than treating MTTR as a single metric, Kyle advocates breaking recovery into phases — scoping compromise, validating clean recovery, and restoring identity — to pinpoint where resilience actually breaks down. The result is a more actionable, operational view of cyber readiness.
This episode offers a clear message for security and IT leaders alike: resilience isn’t just about preventing attacks. It’s about using every available signal, drilling recovery before incidents occur, and recognizing that backups are no longer passive insurance — they’re active intelligence.
What You’ll Learn
Why secure backups function as a record of threats other tools miss
How ransomware groups deliberately target backups and identity systems
Where organizations commonly fail to extract security value from backup data
How to rethink MTTR by breaking recovery into measurable phases
Why identity infrastructure is central to modern recovery strategies
Three concrete steps to operationalize backup intelligence today
Episode Highlights
[00:00] Backups as Digital Fingerprints Why immutable backups reveal threats that evade traditional security tools.
[04:30] The Telemetry Everyone Ignores How organizations overlook backups as a source of threat intelligence.
[07:45] Who Owns Backup Security? The growing shift from IT ownership to security accountability.
[10:30] MTTR Is Broken Why recovery metrics fail — and how phased recovery fixes that.
[12:45] Threat Actors Targeting Backups How groups like Evil Corp and Storm-0501 maximize leverage.
[15:00] Three Actions Security Teams Can Take Today Practical steps to extract real value from backup data.
View all episodes
By Rubrik
5
1414 ratings
Security teams spend enormous effort chasing the latest threats, yet often overlook one of the most revealing sources of truth already in their environment: backups. In this episode of Data Security Decoded, host Caleb Tolin sits down with Kyle Fiehler, Transformation Analyst at Rubrik Zero Labs, to explore why backup data has become a critical — and largely ignored — form of security telemetry.
Kyle explains how secure, immutable backups act as a historical record of attacks that evaded traditional detection tools, capturing digital fingerprints left behind by sophisticated adversaries. From hypervisor-level threats to long-dwell state-backed actors, backups often reveal what endpoint and network tools miss. And attackers know it. As Kyle outlines, ransomware groups like Evil Corp and Storm-0501 deliberately target backups and identity infrastructure to maximize leverage and accelerate payouts.
The conversation also challenges how organizations think about recovery and Mean Time to Response (MTTR). Rather than treating MTTR as a single metric, Kyle advocates breaking recovery into phases — scoping compromise, validating clean recovery, and restoring identity — to pinpoint where resilience actually breaks down. The result is a more actionable, operational view of cyber readiness.
This episode offers a clear message for security and IT leaders alike: resilience isn’t just about preventing attacks. It’s about using every available signal, drilling recovery before incidents occur, and recognizing that backups are no longer passive insurance — they’re active intelligence.
What You’ll Learn
Why secure backups function as a record of threats other tools miss
How ransomware groups deliberately target backups and identity systems
Where organizations commonly fail to extract security value from backup data
How to rethink MTTR by breaking recovery into measurable phases
Why identity infrastructure is central to modern recovery strategies
Three concrete steps to operationalize backup intelligence today
Episode Highlights
[00:00] Backups as Digital Fingerprints Why immutable backups reveal threats that evade traditional security tools.
[04:30] The Telemetry Everyone Ignores How organizations overlook backups as a source of threat intelligence.
[07:45] Who Owns Backup Security? The growing shift from IT ownership to security accountability.
[10:30] MTTR Is Broken Why recovery metrics fail — and how phased recovery fixes that.
[12:45] Threat Actors Targeting Backups How groups like Evil Corp and Storm-0501 maximize leverage.
[15:00] Three Actions Security Teams Can Take Today Practical steps to extract real value from backup data.
More shows like Data Security Decoded
View all
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Hacking Humans
315 Listeners
Threat Vector by Palo Alto Networks
40 Listeners