--- title: Data Protection date: 2026-05-19T13:18:00+02:00 author: Hannes Heckel canonical_url: "https://www.fast-lta.de//en/solutions/data-protection" section: Topic Pages --- Silent Bricks • Immutable Backup • Secondary Storage • Made in Europe # Your backup won't survive the attack, if it wasn't built for that purpose. 96% of all ransomware attacks specifically target backup systems. 76% of these are successful. Most backup architectures are designed to cope with operational failures, not with an attacker who has had weeks to map out your infrastructure. [Beratung anfragen ](https://www.fast-lta.de//en/fast/contact/backup "Beratung anfragen") ![Das hier bitte mit weißem 202605261348 | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/images/Das_hier_bitte_mit_wei%C3%9Fem_202605261348.jpeg?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1779796105&s=f2aae1b5baf01cbfa8e91029728b91c2) --- Made in EuropeZero Loss by DesignBSI-compliantNIS2-compliantUp to 10 years CARE SLA of all ransomware attacks target backup systems 76%of these attacks on backups are successful 8xhigher recovery costs for compromised backups --- The problem ## Why backups fail when it really matters Three structural vulnerabilities that ransomware attackers specifically exploit: **Backup permissions within the same Active Directory:** A compromised admin account gives the attacker access to both the production environment and the backup environment at the same time. The HAHN Automation Group has experienced exactly this. **Software immutability can be circumvented:** Object Lock, retention policies and S3 locks are all configurable. Anyone with sufficient permissions can reset these policies. In a real-world scenario, software immutability does not protect against a privileged attacker. ### Immutable Storage Immutable storage refers to storage technologies that protect stored data from subsequent alteration or deletion — where the decisive difference lies in whether this protection is enforced at the hardware level (cannot be circumvented) or at the software level (can be circumvented by administrators with sufficient rights). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/immutable-storage) **Recovery times have never been tested:** Only 28% of companies affected by ransomware were able to fully recover all their data. Backups that have not been tested cannot be relied upon in an emergency. The framework ## Rethinking backup: Recovery First Four principles that distinguish a backup architecture from a recovery architecture. #### As little backup as possible Unstructured data (60–80% of the backup volume) never changes once it has been created. Data that does not change does not need to be backed up. You need hardware WORM. Silent Cubes store immutable data once at the hardware level. What is not in the backup does not need to be restored. ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) #### 3-2-1-1-0 instead of GFS 3 copies across 2 media types | 1 copy off-site | 1 copy offline / air-gapped — physically disconnected from the network | 0 errors during the restore test. Silent Brick Max Air provides electrical isolation once the backup job is complete. #### Separate the backup infrastructure from the production AD Red Zone (production) and Grey Zone (isolated recovery infrastructure) — separate directory services, separate admin accounts. Even a fully compromised production account cannot access the backup data. #### RTO and RPO are not estimates Recovery Time Objective and Recovery Point Objective must be derived from a business impact analysis and validated through regular restore tests. The Silent Brick system provides random access to all backup versions. ### RTO / RPO RTO (Recovery Time Objective) is the maximum acceptable downtime after an IT failure; RPO (Recovery Point Objective) is the maximum acceptable data loss — both are metrics that must be technically demonstrably met in backup architectures and must not merely be defined as aspirational targets. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/rto-rpo) ### RTO / RPO RTO (Recovery Time Objective) is the maximum acceptable downtime after an IT failure; RPO (Recovery Point Objective) is the maximum acceptable data loss — both are metrics that must be technically demonstrably met in backup architectures and must not merely be defined as aspirational targets. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/rto-rpo) The solution ## The Silent Brick System The Silent Brick System is the storage infrastructure for a modern backup architecture based on the 3-2-1-1-0 rule, featuring immutability and an air gap. It integrates seamlessly with your backup software. No need to change software or migrate data. [Find out more ](https://www.fast-lta.de//en/products/silent-brick-system "Find out more") Control centre ### **Controller X** - Up to 8 slots for a maximum of 768 TB of internal storage - SAS expansion for up to over 6 PB of external storage - Connectivity up to 100G Ethernet - Durable and low-maintenance Primary Target ### **Silent Brick Pro** - NVMe-based, high restore speed - Physically removable from Controller X: maximum physical air gap - For Tier 1 data with short retention periods and short RTO targets - Ideal for secure storage or a secondary site Secondary Target ### **Silent Brick Max Air** - HDD-based, high capacity, long retention - Galvanic isolation upon completion of the backup job - When isolated, no ports, protocols or API endpoints are accessible - Fully automatic media rotation via integrated real-time clock (e.g. 30-day rotation) Protect your backups ### **Immutability & Air Gap** - Immutable backups, regardless of the backup software - Continuous snapshots with configurable retention - True air gap across all media - Silent Brick Pro physically removable - Silent Brick Max Air with galvanic isolation Veeam integration ## Fast Clone Support: Backup windows 80% shorter, 50% less storage capacity required The Silent Brick system is one of the most powerful **backup targets for Veeam Backup & Replication**. With native Fast Clone support (from Silent Brick OS 2.59 onwards), Veeam utilises the file system directly for synthetic full backups and forever incremental backups. Veeam references data blocks rather than copying them (RefLink). The Silent Brick System’s continuous snapshots also back up backup versions with their own retention policy, completely independent of Veeam access rights. ## 80% shorter backup window with Fast Clone ## 50% reduced capacity requirements thanks to RefLink --- ###### Silent Bricks are compatible with your backup solution ![The Data Protection Company CMYK | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/images/logos/The-Data-Protection-Company_CMYK.webp?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1772121949&s=759c4dbbb0775209fad80448af3cfa39)![Veeam main logo without contor RGB | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/logos/Solutions/Veeam_main_logo_without_contor_RGB.png?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1779795102&s=bedb8a9cb017bce0b1e64edb6553c371) ![The Data Protection Company CMYK | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/images/logos/The-Data-Protection-Company_CMYK.webp?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1772121949&s=759c4dbbb0775209fad80448af3cfa39) ![Veeam main logo without contor RGB | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/logos/Solutions/Veeam_main_logo_without_contor_RGB.png?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1779795102&s=bedb8a9cb017bce0b1e64edb6553c371) Regulatory framework ## Legal framework The Silent Brick System provides the technical foundation for the key regulatory requirements relating to backup and recovery. 0">RegulationRequirementSilent Brick SystemNIS2 (October 2024)Proven effective backup procedures, documented restore tests, physical air gap✓BSI IT-Grundschutz CON.3A tiered data backup strategy, at least one offline copy, hardware immutability✓DORA (January 2025)Proven recovery procedures, secure backup copies stored outside the primary network✓GDPR Art. 32Backup with verifiable integrity as a technical safeguard✓ ![HAHN Automation Group Logo 2c fs WEB | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/logos/Referenzen/HAHNAutomationGroup-Logo-2c-fs-WEB.png?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1778580366&s=6c6b23289d57766c73c3d980cdcf3d34)»Our key requirements were performance, immutability and an air-gapped solution, which led us straight to FAST LTA. Within our storage environment, FAST LTA’s Silent Bricks offer a specialised solution that meets these exact requirements.« ![HE8 2013 klein | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/images/customer/HAHN/HE8_2013_klein_2026-06-08-151600_ynbn.jpg?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1780931760&s=a86db4eaf7c287a2e70f042eade5b97c)Frank Benke Head of IT [continue ](https://www.fast-lta.de//en/customers/hahn-automation-group-3 "HAHN Automation Group") ###### **The Problem** Backup access rights were managed via the same Active Directory as the production environment. Following a ransomware incident, a fundamental redesign of the architecture was required. ###### **The solution** Red Zone (production) / Grey Zone (isolated recovery infrastructure, dedicated authentication, Silent Bricks as a tamper-proof medium). ###### **The result** Critical core systems can be restored from the Silent Bricks within a matter of days, without having to wait for forensic experts. No ransom is paid. ## Frequently asked questions #### Do I need to change my backup software? No. The Silent Brick System is set up as an additional backup target within your existing solution — via FC, iSCSI, NFS, SMB or S3. No need to switch systems or migrate data. #### What is the difference between the Silent Brick Pro and the Silent Brick Max Air? The Silent Brick Pro is used as internal storage in a slot on the Controller X and can be physically removed — providing maximum physical air gap for critical Tier 1 data that is to be stored externally. The Silent Brick Max Air is connected externally to the Controller X via SAS and provides electrical isolation without media removal — ideal for fully automated rotation with large data volumes (e.g. two units on a 30-day rotation). #### Why do backup access rights need to be separate from the production AD? A compromised admin account within a shared directory structure gives the attacker access to both the production and backup environments at the same time. Separate authentication infrastructures ensure that even a fully compromised production account cannot access backup data. #### How fast is the restore? Silent Bricks provide random access to all backup versions — no sequential scanning, no egress retrieval, no unlocking process. Restore performance depends on the protocol and network, not on the storage system. The HAHN Automation Group can restore critical core systems within a few days without having to wait for forensic experts. #### How does the cost compare to cloud backup? Cloud backup costs scale with data volume: egress charges during restores can be substantial. For environments of 20 TB or more, on-premises solutions are generally more cost-effective after 2–3 years. We can provide a TCO comparison for your specific environment on request. #### What is Fast Clone Support, and do I need it? Fast Clone Support enables Veeam to reference data blocks for synthetic full backups rather than copying them. This reduces the backup window by up to 80% and storage requirements by up to 50%. It is a free software update for all Silent Brick Controllers X running OS 2.59 or later. Relevant for any Veeam environment. #### How often should I test restores? The BSI and NIS2 recommend testing at least once a year, and quarterly for critical systems. Crucially, the test must simulate a real-world restore, not merely check whether backup files are present. ### NIS2 The NIS2 Directive (EU 2022/2555) is an EU regulation that obliges essential and important entities to implement specific cybersecurity measures — including demonstrable backup management, crisis management and reporting obligations — with personal liability for management bodies in case of non-compliance. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/nis2) Next step ## Sizing matters. We’d be happy to advise you. FAST LTA engineers can help you develop a backup architecture that stands up to the test in an emergency: with defined RTO/RPO targets, tested restores and physical isolation. [Find a date ](https://www.fast-lta.de//en/fast/contact/backup "Find a date") ![Rene Weber FAST LTA | FAST LTA](https://fast-lta.transforms.svdcdn.com/production/images/fast/Rene-Weber-FAST-LTA.jpg?w=960&q=80&auto=format%2Cavif&fit=crop&dm=1779438601&s=ae84a86c0f071229def172a5a4c8dc1c)