// THREAT DETECTION AND DATA PRIVACY TERM
Restoration
Restoration is the final stage of incident response where systems, data, and services are brought back to normal operation after being affected by a security breach. This process typically involves recovering from clean backups to ensure the threat is no longer present.
TECHNICAL DEFINITION
In cybersecurity incident response (IR) and disaster recovery (DR), Restoration is the process of recovering and returning affected systems, applications, and data to a known-good, operational state from secure backups, aimed at meeting Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) after a threat has been fully eradicated.
BACKGROUND
The NIST Cybersecurity Framework, is a set of guidelines designed to help organizations assess and improve their preparedness against cybersecurity threats. Developed in 2014 by the U.S. National Institute of Standards and Technology, the framework has been adopted by cyber security professionals and organizations around the world. The NIST framework has provided a basis for communication and understanding of cybersecurity principles between organizations, both in the private sector and public, such as governments. The framework, which is publicly available online for free, provides recommendations of existing cybersecurity standards and actions that organizations can take to mitigate cybersecurity risk.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Recovery
- System Restore
- Service Restoration
- Data Recovery
- Reconstitution
- Remediation
USAGE NOTE
Restoration is the last active phase in the PICERL incident response framework, following Eradication and preceding Lessons Learned.
DEVELOPERS
Organizations developing technology related to Restoration.
Develops backup, disaster recovery, and data management software for virtual, physical, and multi-cloud infrastructures. Its platform is central to restoring data and systems after ransomware attacks or other data loss events.
Provides a data security platform focused on cyber resilience. Their technology creates immutable backups and uses machine learning to enable rapid, large-scale recovery from cyberattacks, insider threats, and operational failures.
Offers a data management platform that consolidates data protection, including backup and recovery. Their solutions are designed for rapid restoration at scale, specifically focusing on helping organizations recover from ransomware attacks.
Specializes in disaster recovery and ransomware resilience through its Continuous Data Protection (CDP) technology. Zerto allows for granular, point-in-time recovery, enabling organizations to restore systems to a state seconds before an attack.
While known for endpoint protection, their Falcon platform includes incident response and remediation services. A key part of their offering is helping organizations restore systems and operational normalcy after a threat has been contained.
A leading incident response organization that assists companies during and after major cyber breaches. Their services include remediation and restoration, guiding organizations on how to safely rebuild and restore their networks to a trusted state.
Provides an enterprise data protection platform for backup, recovery, and data management. Their software facilitates automated disaster recovery and provides tools to restore data and workloads after a cyber incident.
Offers a SaaS-based Data Resiliency Cloud platform for data protection and governance. It provides backup and recovery services for endpoints, data centers, and cloud applications, enabling organizations to restore critical data after an incident.