Acronis integration with Storage Guardian’s Incident Response Planner

By Omry Farajun, President and CEO, Storage Guardian

Storage Guardian, in partnership with Acronis, has launched the Incident Response Planner to help organizations meet CIS Control 17 – Incident Response Management.

The solution uses out-of-band SMS communication and predefined response templates to rapidly engage key stakeholders, host a centralized incident response plan and execute validation drills and tabletop exercises with confidence.

A recent enhancement introduces the ability to slice and segment the incident response plan by stakeholder role, delivering each participant only the information relevant to them — directly to their smart phone via SMS. This approach significantly improves clarity, coordination and engagement during tabletop exercises, resulting in a more organized, realistic and effective incident response simulation.

While many businesses understand the value of running tabletop exercises to simulate and practice incident response, a critical gap remains: overreliance on existing infrastructure that may be unavailable or unsafe during a real incident.

In scenarios such as a zero-day attack or ransomware outage, organizations are often advised to disconnect desktops and internal systems to prevent lateral movement and further spread.

At the same time, using compromised collaboration tools or email can enable threat actors to eavesdrop on internal discussions or ransom negotiations, severely weakening the organization’s negotiating position.

Following the PICERL (six-step approach standing for Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned) approach within the NIST 2.0 framework and CIS 17th control, organizations must be able to:

• Isolate the affected environment.

• Establish a secure, out-of-band war room.

• Coordinate response efforts using communication channels unknown and inaccessible to the attacker.

Effective tabletop exercises should therefore validate not only roles and procedures, but also the organization’s ability to operate when primary systems are unavailable, ensuring secure communication, decision making and coordination throughout the incident lifecycle.

Storage Guardian has seen a vivid example within the distribution industry where a lack of effective communication planning led to significant frustration among partners once systems were taken offline. When everything was unplugged to contain the incident, the absence of a reliable out-of-band communication strategy exposed gaps in preparedness and hindered coordination at a critical moment.

Often, incident response plans are stored on the same internal PCs or networks that become compromised during an attack. When this happens, access to the incident response plan is lost at the very moment it is needed most. In these situations, clear and decisive communication from C-level leadership becomes paramount. Extortion events and operational outages directly impact the brand, trust and credibility of the business, and executive leadership must be prepared to lead and communicate with intent during a crisis without any vendor pointing or blame.

Another common gap which Storage Guardian observes is that incident response planning is often limited to MSPs, SOCs and NOCs, while CEOs and executive leadership are not fully incorporated into the plan. As a result, senior leaders may be unsure how or when to communicate or may underestimate the critical role they play during an incident.

Effective incident response mirrors the execution of a war room during a national crisis: technical teams manage the battlefield, but executive leadership sets direction, communicates with authority and protects public confidence. Without executive participation and predefined communication strategies, organizations risk delayed decisions, inconsistent messaging and increased reputational damage at the moment leadership matters most.

Using the Acronis Cyber Protect Cloud integration, Storage Guardian enables organizations to host their incident response plan out of band, completely separate from the production network and protected with MFA / one-time passcodes. This eliminates the scramble to locate spreadsheets or documents during a crisis.

With an SMS-based approach, teams can:

• Receive an incident declaration directly from the SOC.

• Rapidly notify key stakeholders.

• View only the roles and responsibilities relevant to them, rather than the entire document.

This targeted, out-of-band delivery reduces confusion, accelerates decision making and counters the core objective of Ransomware to disorient and disrupt response efforts when clarity matters most.

The Incident Response Planner is free of charge in the Acronis Ecosystem, accelerating EDR adoption. Storage Guardian’s core service focuses on incident monitoring, clear SOW-defined roles and responsibilities and a forensic second set of eyes to alert you when something isn’t right such as open ports, unpatched systems, stolen credentials on the dark web, or SIM swap events that could compromise Acronis Cyber Protect Cloud backups in partnership with Ericson Telecommunication Company.

Log in to your Acronis Cyber Protect Cloud console and enable the Storage Guardian integration now, or contact Storage Guardian for a demo and onboarding support.