Fortune 1000 Manufacturer Unifies Siloed Backup and Threat Detection

Organization

A US-based Fortune 1000 enterprise manufacturer operating production facilities, engineering design centers, and regional distribution sites across North America. The organization manages approximately 380 TB of active data across SAN block, NAS file, and S3 object workloads.

Industry

Manufacturing — Fortune 1000 Enterprise

Challenges

The organization ran a mature Veeam environment across its manufacturing databases, engineering CAD and PLM file shares, and S3 archive tier. Backup jobs wrote to a dedicated NAS target — purpose-built for backup storage, but connected to the same production network segment as the systems it was protecting. There was no air gap between the backup target and production.

On the security side, the team operated a cloud-based endpoint detection and response (EDR) platform that monitored endpoint and network behavior across the manufacturing environment. The tool was effective at flagging suspicious activity — but it had no integration with backup infrastructure. The gap was architectural: a ransomware payload that evaded initial detection could begin encrypting production systems and reach the NAS backup target before the EDR alert triggered a manual response. By the time the security team could act on the alert, isolate the affected systems, and assess scope, the backup data would already be compromised.

A tabletop exercise commissioned after a peer manufacturer in the same sector suffered a three-week recovery — and paid ransom to restore backup data that had been encrypted along with production — exposed the same pattern in this organization’s own environment. The backup target was reachable. The threat detection tool had no mechanism to protect it. And the infrastructure team was managing Veeam, NAS storage, and the EDR platform from three separate consoles, with no unified view of backup health and security posture.

“We had Veeam, a NAS box for the backups, and an EDR tool watching the network. Three systems, three dashboards, none of them talking to each other. The EDR could tell us ransomware was running. It couldn’t stop it from hitting the backup target before we could get there.” — Teresa, Director of Infrastructure Engineering

Solution

The infrastructure team evaluated options against three requirements: Veeam Ready validation, an air-gapped vault layer that removed backup data from the production network, and threat detection integrated at the storage layer — not bolted on as a separate platform. The StoneFly DR365V met all three as a purpose-built, turnkey backup and disaster recovery appliance with integrated patented Air-Gapped Vault® technology and built-in threat scanning and response.

The NAS backup target was retired and replaced by the DR365V. Veeam runs on the DR365V, backup jobs now write to the appliance through a policy-driven replication window: the appliance opens on a defined schedule, accepts the backup data across all three workload types, then closes — severing all network access to the vault until the next scheduled cycle. WORM volumes enforce immutability on every committed copy. The DR365V’s integrated threat detection engine scans each incoming backup stream for ransomware behavioral indicators before committing to the vault, catching infected restore points before they become the recovery baseline. The EDR platform was decommissioned from the backup monitoring scope — that function now runs at the storage layer, where it can act before data reaches the vault.

The Veeam environment required no changes. VMware, job schedules, retention policies, and reporting were left intact. The infrastructure team went from three separate management consoles to one.

“The DR365V replaced the NAS, added the air gap, and took over threat scanning at the backup layer — all in one appliance. We retired two systems and simplified three consoles into one. The Veeam team didn’t notice a change. That’s exactly what we wanted.” — Teresa, Director of Infrastructure Engineering

Results

The DR365V consolidated the organization’s fragmented backup and security posture into a single air-gapped vault covering all 380 TB of production data. The NAS backup target was decommissioned within two weeks of the DR365V going live. Post-deployment validation testing confirmed immutable, recoverable copies across all three workload types.

Siloed Infrastructure Eliminated — One Vault, One Console

Three separate systems — Veeam, the NAS backup target, and the EDR platform’s backup monitoring scope — were replaced by a single DR365V deployment. Backup health, security posture, and vault status are now managed from one interface. The manual overhead of reconciling alerts across three platforms was eliminated on day one.

380 TB Protected Across SAN, NAS, and S3 — Immutable

Manufacturing database backups, engineering CAD and PLM file backups, and S3 object archive all write to air-gapped, WORM-enforced vault copies on the DR365V. Each copy is air-gapped and immutable from the moment it is committed. Post-deployment ransomware simulation testing confirmed that a simulated production encryption event did not propagate to any vault copy.

Threat Detection Moved to the Storage Layer

The DR365V’s integrated scanning engine inspects each incoming backup stream before vault commit — flagging ransomware indicators in the backup data itself, not just on endpoints or the network. The organization no longer relies on a response window between EDR alert and manual intervention to protect backup data. Detection and protection happen at the point of ingestion.

Ransomware Recovery — Validated in Testing

A structured recovery exercise simulated a production encryption event reaching both the manufacturing database workload and the NAS file share tier. The DR365V vault copies were unreachable from the simulated attack path, unmodified, and fully recoverable. Recovery time for the manufacturing database workload came in under the organization’s four-hour RTO target. Results were presented to the board’s risk committee as documented evidence of a validated ransomware recovery capability.

Ready to unify backup and threat detection and close the ransomware gap? Contact Us Today!

Contact us to discuss your data protection requirements and custom-build your enterprise Veeam Ready air-gapped and immutable backup and DR solution with integrated threat detection and response.