Silent Bricks • Immutable Backup • Secondary Storage • Made in Europe
Your backup won't survive the attack, if it wasn't built for that purpose.
96% of all ransomware attacks specifically target backup systems. 76% of these are successful. Most backup architectures are designed to cope with operational failures, not with an attacker who has had weeks to map out your infrastructure.
The problem
Why backups fail when it really matters
Three structural vulnerabilities that ransomware attackers specifically exploit:
Backup permissions within the same Active Directory: A compromised admin account gives the attacker access to both the production environment and the backup environment at the same time. The HAHN Automation Group has experienced exactly this.
Software immutability can be circumvented: , retention policies and S3 locks are all configurable. Anyone with sufficient permissions can reset these policies. In a real-world scenario, software immutability does not protect against a privileged attacker.
Immutable Storage
Immutable storage refers to storage technologies that protect stored data from subsequent alteration or deletion — where the decisive difference lies in whether this protection is enforced at the hardware level (cannot be circumvented) or at the software level (can be circumvented by administrators with sufficient rights).
Recovery times have never been tested: Only 28% of companies affected by ransomware were able to fully recover all their data. Backups that have not been tested cannot be relied upon in an emergency.
The framework
Rethinking backup: Recovery First
Four principles that distinguish a backup architecture from a recovery architecture.
As little backup as possible
Unstructured data (60–80% of the backup volume) never changes once it has been created. Data that does not change does not need to be backed up. You need . Silent Cubes store immutable data once at the hardware level. What is not in the backup does not need to be restored.
WORM
WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges.
WORM
WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges.
3-2-1-1-0 instead of GFS
3 copies across 2 media types | 1 copy off-site | 1 copy offline / air-gapped — physically disconnected from the network | 0 errors during the restore test. Silent Brick Max Air provides electrical isolation once the backup job is complete.
Separate the backup infrastructure from the production AD
Red Zone (production) and Grey Zone (isolated recovery infrastructure) — separate directory services, separate admin accounts. Even a fully compromised production account cannot access the backup data.
RTO and RPO are not estimates
and must be derived from a business impact analysis and validated through regular restore tests. The Silent Brick system provides random access to all backup versions.
RTO / RPO
RTO (Recovery Time Objective) is the maximum acceptable downtime after an IT failure; RPO (Recovery Point Objective) is the maximum acceptable data loss — both are metrics that must be technically demonstrably met in backup architectures and must not merely be defined as aspirational targets.
RTO / RPO
RTO (Recovery Time Objective) is the maximum acceptable downtime after an IT failure; RPO (Recovery Point Objective) is the maximum acceptable data loss — both are metrics that must be technically demonstrably met in backup architectures and must not merely be defined as aspirational targets.
Control centre
Controller X
- Up to 8 slots for a maximum of 768 TB of internal storage
- SAS expansion for up to over 6 PB of external storage
- Connectivity up to 100G Ethernet
- Durable and low-maintenance
Primary Target
Silent Brick Pro
- NVMe-based, high restore speed
- Physically removable from Controller X: maximum physical air gap
- For Tier 1 data with short retention periods and short RTO targets
- Ideal for secure storage or a secondary site
Secondary Target
Silent Brick Max Air
- HDD-based, high capacity, long retention
- Galvanic isolation upon completion of the backup job
- When isolated, no ports, protocols or API endpoints are accessible
- Fully automatic media rotation via integrated real-time clock (e.g. 30-day rotation)
Protect your backups
Immutability & Air Gap
- Immutable backups, regardless of the backup software
- Continuous snapshots with configurable retention
- True air gap across all media
- Silent Brick Pro physically removable
- Silent Brick Max Air with galvanic isolation
Veeam integration
Fast Clone Support: Backup windows 80% shorter, 50% less storage capacity required
The Silent Brick system is one of the most powerful backup targets for Veeam Backup & Replication. With native Fast Clone support (from Silent Brick OS 2.59 onwards), Veeam utilises the file system directly for synthetic full backups and forever incremental backups. Veeam references data blocks rather than copying them (RefLink). The Silent Brick System’s continuous snapshots also back up backup versions with their own retention policy, completely independent of Veeam access rights.
80%
shorter backup window with Fast Clone
50%
reduced capacity requirements thanks to RefLink
Silent Bricks are compatible with your backup solution
Regulatory framework
Legal framework
The Silent Brick System provides the technical foundation for the key regulatory requirements relating to backup and recovery.
| Regulation | Requirement | Silent Brick System |
|---|---|---|
| NIS2 (October 2024) | Proven effective backup procedures, documented restore tests, physical air gap | ✓ |
| BSI IT-Grundschutz CON.3 | A tiered data backup strategy, at least one offline copy, hardware immutability | ✓ |
| DORA (January 2025) | Proven recovery procedures, secure backup copies stored outside the primary network | ✓ |
| GDPR Art. 32 | Backup with verifiable integrity as a technical safeguard | ✓ |
The Problem
Backup access rights were managed via the same Active Directory as the production environment. Following a ransomware incident, a fundamental redesign of the architecture was required.
The solution
Red Zone (production) / Grey Zone (isolated recovery infrastructure, dedicated authentication, Silent Bricks as a tamper-proof medium).
The result
Critical core systems can be restored from the Silent Bricks within a matter of days, without having to wait for forensic experts. No ransom is paid.
Frequently asked questions
No. The Silent Brick System is set up as an additional backup target within your existing solution — via FC, iSCSI, NFS, SMB or S3. No need to switch systems or migrate data.
The Silent Brick Pro is used as internal storage in a slot on the Controller X and can be physically removed — providing maximum physical air gap for critical Tier 1 data that is to be stored externally. The Silent Brick Max Air is connected externally to the Controller X via SAS and provides electrical isolation without media removal — ideal for fully automated rotation with large data volumes (e.g. two units on a 30-day rotation).
A compromised admin account within a shared directory structure gives the attacker access to both the production and backup environments at the same time. Separate authentication infrastructures ensure that even a fully compromised production account cannot access backup data.
Silent Bricks provide random access to all backup versions — no sequential scanning, no egress retrieval, no unlocking process. Restore performance depends on the protocol and network, not on the storage system. The HAHN Automation Group can restore critical core systems within a few days without having to wait for forensic experts.
Cloud backup costs scale with data volume: egress charges during restores can be substantial. For environments of 20 TB or more, on-premises solutions are generally more cost-effective after 2–3 years. We can provide a TCO comparison for your specific environment on request.
Fast Clone Support enables Veeam to reference data blocks for synthetic full backups rather than copying them. This reduces the backup window by up to 80% and storage requirements by up to 50%. It is a free software update for all Silent Brick Controllers X running OS 2.59 or later. Relevant for any Veeam environment.
The BSI and recommend testing at least once a year, and quarterly for critical systems. Crucially, the test must simulate a real-world restore, not merely check whether backup files are present.
NIS2
The NIS2 Directive (EU 2022/2555) is an EU regulation that obliges essential and important entities to implement specific cybersecurity measures — including demonstrable backup management, crisis management and reporting obligations — with personal liability for management bodies in case of non-compliance.
