
The Isolated Recovery Environment for NetBackup: the copy in an isolated environment, malware-scanned and ready for certified clean restore — the enterprise vault room.
For the NetBackup enterprise the answer to ransomware is the IRE: an isolated recovery environment receiving copies via controlled replication (the air gap opens only for the sync), scanning them with malware scanning and anomaly detection, and keeping them ready for a certified clean restore — with orchestrated periodic tests. It's the vault room of the cyber plan.


Separate network, identities and administration: the breached domain doesn't reach the room.
Replication opens the air gap for scheduled minutes: the time surface cut to the bone.
Malware scan and anomaly detection INSIDE the IRE: you know what's clean before you need it.
Recovery rehearsed in the isolated environment: measured times, DORA/NIS2 evidence.
The IRE is a dedicated NetBackup domain with immutable storage (Flex WORM or locked MSDP), a segregated network whose firewall opens only the replication window, separate admin identities with MFA; received copies are scanned (signatures and anomalies) and cataloged clean/suspect; recovery drills restore sample applications in the isolated environment measuring RTO; the evidence — syncs, scans, drills — composes the resilience dossier for auditors and insurers.
The required resilience, architected.
The cyber plan on the existing infrastructure.
The dossier that lowers the premium.