Today, Rubrik addresses a major obstacle to cyber-resiliency with a solution designed to help organizations rapidly recover from cyberattacks and get back to business fast.

By leveraging Rubrik’s technology along with Mandiant expertise and Google Cloud technology, we’re focused on making it easier and more cost-effective for companies to build a Cloud-based Isolated Recovery Environment (CIRE)—helping to ensure critical applications can be swiftly restored after a ransomware attack. The reference architecture helps businesses minimize downtime, reduce financial losses, and maintain operational continuity.

Data Threats are Real

According to Google Cloud’s Cyber Security Forecast for 2025, “Ransomware, data theft extortion, and multifaceted extortion are, and will continue to be in 2025, the most disruptive types of cybercrime globally.”

These attacks continue to pose significant financial consequences worldwide despite the unprecedented investment in cybersecurity and prevention efforts. Indeed, the need for an increased level of resilience has never been more apparent—and I’ve experienced it first-hand.

Years ago, before I joined Rubrik, we got a late-night call from one of our top customers: “I need 50TB of flash storage by 8 AM tomorrow.” Then came the real shock; the VP of Infrastructure explained, “We’ve shuttered all four locations. Nobody is coming to work next week. We’re rebuilding IT from scratch in two data centers. It’s all hands on deck.”

A relentless, all-night scramble followed—begging, borrowing, and moving whatever gear we could find. We pulled from our demo labs, packed switches, routers, and servers into the back seat, and sped the gear across town. All to help a customer in crisis.

Many organizations acknowledge that focusing solely on prevention is inadequate, and some that cannot recover quickly resort to paying the ransom. Every ransom paid increases the incentive for these attacks. After a cyberattack, this kind of last-minute firefighting is all too common.

But it doesn’t have to be. That’s why Rubrik has teamed up with Mandiant and Google Cloud to help our joint customers develop cyber resilience and prepare for the worst before it happens, so recovery is fast, controlled, and efficient when an attack hits.

Rethinking Disaster Recovery for Cyber Resilience

Traditional disaster recovery (DR) environments were designed for technical failures and natural disasters that made a single site unavailable, not cyberattacks. Because most DR sites are logically an extension of the production sites and within the same security domain, nothing obstructs threat actors from using their access to production environments to compromise DR environments. Built with shared IP spaces, continuous replication, and shared credentials, these DR sites and production environments become untrustworthy.

Cyber resilience demands a new approach, one that acknowledges the reality of a loss of trust in existing environments and patterns of working and tools that foster rapid collaboration between data protection, cloud, and security teams, and ensure complete transparency, including into recoverable data.

Forensic investigations take time—uncovering entry points, assessing further compromise, and remediating the environment to restore trust. Meanwhile, victims face critical disruptions to applications, automation, and workflows. Recovering quickly in the midst of this process can require an environment that remains isolated, trusted, and capable of receiving restored applications while forensic analysis continues.

Confusion in the market has muddled key terms. A “clean room” is used to cleanse infected data—far less critical for organizations that own Rubrik, which integrates scanning tools directly into its platform and can instantly identify clean recovery points.A clean room is not designed to run applications and usually has a small footprint of equipment isolated from any network.

Some vendors conflate this clean room concept with an Isolated Recovery Environment (IRE). The key difference is that an IRE is a fully independent environment, kept isolated to prevent attackers from gaining access by ensuring no shared credentials, certificates, or access points with production. The IRE is built with infrastructure designed to run recovered applications, and will have at least some users and workstations connected to it post-recovery. 

However, maintaining an always-on, fully redundant IRE is costly and impractical for most organizations given the equipment can’t be used. A modern, cost-effective approach must balance security, isolation, and affordability—enabling recovery without unnecessary overhead.

The on-demand and elastic nature of the public cloud could reduce the need for substantial capital investments and ongoing expenses, but it also introduces technical complexity and demands skill sets that some organizations may lack in-house. Additionally, the challenge of replicating backup data and maintaining a cloud environment without high recurring costs necessitates unique architectural measures.

This brings us to today’s announcement. Google Cloud and Mandiant have built a conceptual architecture for how organizations can construct Cloud Isolated Recovery Environments (CIREs) to help ensure their backups can securely replicate that data to Google Cloud, and in the immediate aftermath of an attack, quickly activate the CIRE, complete with advisory services from Mandiant. This solution delivers the necessary prerequisites for the customer to help recover their most critical applications and resume core business operations: 

  • The backup data remains available in the Rubrik archive. With data archived alongside metadata, customers can deploy a new Rubrik Cloud Cluster to download the catalog and redeploy applications into the Google CIRE.

  • The customer organization has a pre-defined environment on Google Cloud that can be quickly expanded to accommodate restored applications.

  • The Rubrik snapshots for the customer organization’s most critical applications are now co-located with the Google Cloud compute resources needed to run them. 

  • Empowering rapid recovery and fortified cyber resilience, Mandiant Consulting expertly assists customers in establishing, securing, and rigorously validating their CIRE for critical applications. Beyond this foundational capability, Mandiant delivers proactive periodic security assessments and targeted threat hunting, providing a holistic security posture that is further reinforced by our industry-leading incident response services in the event of a cyber incident. 

  • The customer organization can then reconnect critical personnel to the new instances of their applications and resume business operations.

Regulatory agencies across the globe are dedicated to safeguarding citizens' privacy, prompting Rubrik to collaborate and use technology and expertise from Mandiant and Google Cloud to provide integrated solutions against criminal threats. If only such solutions had been available years ago, before we started receiving urgent calls on Friday evenings asking for equipment to establish a recovery environment. 

Visit Rubrik.com to learn more about this announcement. Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.