Intelligent Bulk Remediation Overview

Automated post-attack recovery that rolls back only the affected files — in minutes, without manual triage.

After Active Defense stops a ransomware attack, the question becomes: how do you recover? Intelligent Bulk Remediation answers it by automatically identifying and restoring only the files touched by the attack, using the same I/O telemetry that detected the threat. The result is surgical recovery in minutes — not hours of manual work, and not a disruptive full-volume restore.

• Surgical File Recovery

  IBR identifies exactly which files were affected by an attack and rolls back only those files — leaving clean data untouched and avoiding the data loss of a full-volume restore.
• Minutes, Not Hours

  By scoping recovery to the affected file set rather than entire volumes or snapshots, IBR compresses recovery time from hours to minutes for most ransomware events.
• Triggered by Active Defense

  IBR works in concert with Active Defense — when Active Defense terminates an attack, IBR automatically begins scoping the affected file set using the same behavioral telemetry.
• No Manual Triage

  Traditional recovery requires administrators to identify affected files manually — a slow, error-prone process. IBR automates this using the attack session's I/O record.
• Point-in-Time Granularity

  Recovery targets the exact pre-attack state using immutable snapshots, with per-file granularity — not the nearest full backup, which may be hours or days old.
• Compliance-Grade Audit Trail

  The full remediation process is logged immutably — which files were affected, when, by whom, and what was restored — satisfying incident response and compliance requirements.