DR posture management — built for enterprise AWS

Your cloud is
not as resilient
as you think.

Recuperer gives you a continuous, scored, threat-validated view of whether your AWS workloads can actually recover — and tells you exactly what to fix, ranked by impact.

See your DRPM score How it works
DRPM Score — payments-prod Live
74/100
↑ +8 pts from last assessment
Ransomware
62
Regional failure
91
Accidental deletion
78
Misconfiguration
44
Supply chain
83
7 open gaps
3 critical
1h eff. RPO
2h est. RTO
Vault Lock status
Enabled ✓ compliant
3 new gaps detected
DORA Art.12 ↓ gap
Built for
DORA NIST CSF ISO 27001 SOC 2 NIS2
The platform

One platform.
Three things that matter.

Recuperer works continuously across your AWS estate — no agents, no manual effort. It connects to your existing tools and investments, and surfaces what your organisation needs to act with confidence.

01
Business system inventory Live
Business system Resources Accounts Coverage Drift
payments-prod 47 3 84% 6 changes
customer-portal 31 2 100% Clean
analytics-platform 89 4 71% 2 changes
auth-services 18 2 98% Clean
risk-engine 23 1 52% 11 changes
214 resources across 7 accounts · Last refreshed 4 min ago

See your entire estate

Recuperer maps every resource across all your AWS accounts — automatically grouped into the business applications that matter to your organisation. Relationships, backup coverage, and configuration drift are surfaced continuously, not at audit time.

  • Agentless — connects in minutes
  • Multi-account, multi-region
  • Business system grouping
  • Real-time and scheduled refresh
02
DRPM Score — payments-prod 74 /100
Ransomware & cyber 3 open gaps · Vault Lock not enabled
62
Regional failure Fully replicated · 1 secondary region
91
Misconfiguration drift 6 undocumented changes detected
44
Human error Versioning enabled · PITR active
78
Supply chain Dependency isolation verified
83
Mapped to DORA Art.12 NIST CSF RC.RP ISO 27031 +2 gaps

Know your actual posture

The DRPM Score is your single source of truth — a continuously updated measure of whether your workloads can actually survive each class of disruption. Intent-driven threat modelling tests your estate against scenarios you define, not generic templates. Every gap is mapped to the frameworks your regulators require.

  • Intent-driven — you define what resilience means
  • Rigorous baseline with custom intent checks
  • Maps to compliance frameworks and regulations
  • Trend and benchmark reporting
03
Remediation workbench 7 open · 3 in progress · Est. +31 pts
Finding System Impact Status
Vault Lock not enabled Ransomware vector · 3 backup vaults exposed
payments-prod +12 pts
Awaiting approval
Cross-region copy rule missing Regional failure · eu-west-1 only
analytics-platform +8 pts
Awaiting approval
DynamoDB PITR not enabled Human error · user-events table
payments-prod +5 pts
Auto-applied
Retention window below RTO Misconfiguration · 7d set, 30d required
risk-engine +6 pts
Auto-applied
Policy: Standard · 2 auto-applied this week · Full audit trail available

Fix what matters, automatically

Recuperer tells you exactly what to fix, in what order, and why — ranked by impact on your DRPM score. Sensitive changes go through your team's approval workflow; routine fixes are applied automatically within the policy boundaries you define. Every action is auditable, reversible, and explained in plain language.

  • Ranked by score impact, not severity alone
  • Human approval for sensitive changes
  • Policy-governed automation
  • Integrates with leading automation and runbook platforms
Nine capabilities

Every layer of resilience
intelligence, unified.

From raw infrastructure discovery to automated remediation — Recuperer covers the full resilience lifecycle in a single platform, built AWS-first and extending outward.

01
Infrastructure State Intelligence
A multi-source, plugin-first resource graph with real-time refresh. Timeseries snapshots enable PITR-like infrastructure state reconstruction. Business system grouping defines your Recovery Units.
Point-in-time infra reconstruction
02
Scoring Engine
Intent-driven threat modelling: you define what resilience means for your business, and Recuperer validates whether your infrastructure actually achieves it. A rigorous, continuously updated baseline of threat scenarios is complemented by custom intent checks your team defines — so the score reflects your actual risk posture, not a generic template.
Maps to frameworks and regulations
03
Mitigation Engine
The brain. Generates ranked, contextualised fix recommendations with confidence scores and expected score impact. A validation framework confirms every fix worked. User feedback continuously refines the model.
Validated, learning recommendations
04
ResOps
The hands. Policy-governed automated remediation with HITL approval pipelines for sensitive changes. Pre-built templates (conservative, standard, aggressive) get teams started immediately. Every action is auditable and reversible.
Customer-configurable auto boundary
05
Reporting
Fluid templates calibrated to every stakeholder. Board gets the score and trend. CISO gets threat decomposition. Engineers get the ranked fix backlog. Auditors get framework-mapped evidence. One data source, every audience.
One score, every audience
06
Integrations
Loosely coupled integrations that augment your existing toolchain — never compete with it. Recuperer connects to compliance platforms, automation and runbook tools, cloud-native services, and backup vendors through open, documented interfaces. Your existing investments remain the source of truth; Recuperer enriches them with resilience intelligence and receives completion signals back.
Loosely coupled — your tools stay in place
07
Signal Store
Security signals from GuardDuty, Security Hub, and your SIEM become resilience workflow triggers. A ransomware finding instantly surfaces which business systems are at risk, what their backup state is, and whether recovery is viable.
Resilience-aware signal response
08
Smart Workflow Manager
A unified runbook registry that works across your existing automation and runbook platforms — and creates new ones where none exist. Every runbook is enriched with live graph context at execution time: affected resources, dependency order, and clean restore point — without requiring migration away from tools your teams already know.
Context-enriched, no migration needed
09
Optimisation
Right-sizes your DR spend from first principles — no FinOps platform required. Identifies over-provisioned retention and under-protected systems. Every saving recommendation is blocked if it would reduce the DRPM score below your configured floor.
Resilience-constrained cost optimisation
Why it matters

The numbers behind the urgency.

58%
of organisations cannot recover within their stated RTO after a real incident
£4.5M
average cost of a single DR failure in a regulated financial services firm
72hrs
DORA maximum tolerated downtime — penalties for breach begin immediately
3×
more gaps discovered in the first Recuperer scan than organisations self-reported
Build roadmap

AWS-first. Then everywhere.

We build excellence in depth before breadth. Phase 1 wins on AWS. Each subsequent phase extends the platform without breaking what came before.

Phase 1 — Now
AWS-native core
  • Infrastructure state intelligence
  • Timeseries resource graph
  • AWS Backup coverage mapping
  • DRPM scoring engine
  • Compliance mapping (DORA, NIST)
Phase 2 — Action layer
Mitigation & ResOps
  • Mitigation engine + fix library
  • HITL approval pipeline
  • Automated remediation policies
  • Signal store triggers
  • Fluid reporting templates
Phase 3 — Expansion
Platform & intelligence
  • Veeam, Cohesity backup plugins
  • Cutover.com, Vanta integrations
  • Smart workflow manager
  • FinOps optimisation export
  • Agentic learning loop
Phase 4 — Multi-cloud
Azure, GCP & on-prem
  • Azure Resource Graph plugin
  • GCP Asset Inventory plugin
  • Commvault, NetBackup, Rubrik
  • API-accessible on-premises
  • Infra4D graph patterns (Azure)
Early access

Find out your real DRPM score.

Most organisations are surprised by what the first scan finds. Agentless deployment. AWS-native. Results in under 30 minutes.

Request early access Read the architecture →