Updates: Rubrik - Building a Data-Centric Cyber Resilience Moat (Pt.2)

Summary

• The market is shifting from legacy, on-prem backup to modern, cloud-centric platforms as hack recovery eclipses rare disaster recovery in frequency and impact.
• Veeam is a mature, steady grower, while Rubrik and Cohesity redefined backup by simplifying infrastructure and activating secondary data uses beyond restore.
• Rubrik has pulled ahead of Cohesity via stronger security narrative, Zero Trust execution, and superior GTM — amplified by deep Azure co-sell and focused alliances with CRWD and ZS.
• Rubrik is showing potential like Palantir and Snowflake for enterprise AI use cases, with its Annapurna promising to be an impressive secure RAG to enable enterprise AI.
• Despite near-term guidance caution, Rubrik’s growth runway is supported by automation-led ROI, expanding integrations, and AI optionality, with valuation upside tied to sustained share gains.

Data Recovery Industry Dynamics

Data backup vendors can broadly be divided into two categories:

Legacy vendors (Veritas, Commvault) – These remain important for backing up traditional on-prem workloads, legacy file systems, and mainframes. Their architectures are optimized for these environments but have limited adaptability to modern, distributed infrastructure.

Modern vendors (Cohesity, Rubrik, Veeam) – These specialize in protecting cloud workloads and SaaS applications such as Office 365 and Salesforce. Their ability to support legacy systems is comparatively limited.

The market for legacy-focused solutions has already contracted to around $3bn, as most enterprises shift toward modern, cloud-native platforms. Traditional disaster recovery — built for rare physical or system failures — now represents a small fraction of demand compared with hack recovery, where cyber incidents occur far more frequently and with far greater impact. With AI-powered attacks expected to multiply, demand for intelligent hack recovery is set to grow exponentially.

Veeam represents a mid-stage player in the data protection market—still growing, but no longer at the high growth pace of 20%+ seen in earlier years. Its revenue has surpassed $2bn, and growth has naturally decelerated as demand shifts toward next-generation, VMware-centric and cloud-native backup solutions.

Originally founded by entrepreneurs of Russian origin, Veeam mitigated geopolitical risk early on by incorporating in the Netherlands. To further strengthen its appeal to U.S. investors and enterprise customers, the company was acquired by Insight Partners in 2020 for approximately $5bn, effectively reestablishing it as a U.S.-based firm. In 2024, Insight led a $2bn secondary transaction that brought in new investors—among them TPG, Temasek, and Neuberger Berman—and lifted Veeam’s valuation to around $15bn.

Insight Partners has developed a strong reputation for managing “midlife” technology companies—those that have exited their high-growth phase but still possess durable, moderate growth potential. Under its stewardship, Veeam has maintained steady expansion rather than falling rapidly into single-digit growth. Still, compared with more founder-driven and ambitious players like Rubrik and Cohesity, Veeam increasingly shows the hallmarks of a mature enterprise rather than a disruptive one.

Strategically, Veeam’s focus remains on core data protection and backup rather than broader security capabilities, which it largely outsources through partnerships such as its integration with Sophos. As a result, next-generation players like Rubrik are better positioned to capture the accelerating demand for cyber-resilient “hack recovery,” with room to scale revenue toward $5bn or beyond before approaching a natural ceiling.

Unlike Veeam, both Cohesity and Rubrik emerged as true next-generation players by addressing two long-standing pain points that legacy vendors like Veritas and Commvault had failed to solve.

1. Infrastructure Complexity Before Rubrik and Cohesity, implementing an enterprise backup system was an arduous process that required customers to assemble and integrate servers, operating systems, and storage from multiple vendors. Deployments were costly, slow, and operationally fragile.

2. Limited Data Utility Traditional backups were built solely for recovery. The vast repositories of stored data remained dormant—unsearchable and unusable for broader business or security purposes.

Rubrik and Cohesity’s Core Innovations

• Infrastructure Simplification: Both companies introduced hyperconverged, scale-out architectures that bundled compute, storage, operating system, and software into a single, modular appliance. This “LEGO brick” model made deployment fast, predictable, and easily scalable, eliminating one of the biggest friction points in the industry.
• Activation of Secondary Use Cases: Their platforms were designed in native formats that allowed organizations to repurpose backup data for additional value—ranging from data classification and compliance reporting to security scanning and analytics.

By solving these two structural problems, Rubrik and Cohesity transformed backup from a static insurance function into an active, intelligent data platform.

RBRK vs. Cohesity - A Tale of Two Strategies

Rubrik and Cohesity began with similar ambitions but diverged sharply in strategy. Rubrik has sustained strong momentum, while Cohesity appears reluctant — or perhaps unable — to pivot toward direct, head-to-head competition.

Rubrik’s early advantage came from its exceptional marketing and narrative control. It was the first to successfully position data protection as a security problem rather than an IT or infrastructure issue. This shift reframed the category, elevated the discussion to C-level executives, and enabled Rubrik to dominate the market conversation. Cohesity, by contrast, led with technical excellence. Its architecture was built for superior deduplication, scalability, and even the potential to function as a primary storage system. In its early years, it often outperformed Rubrik in large-scale restore performance and system efficiency.

Today, the technological gap between the two has largely closed, and most of those early differentiators have become table stakes. The real contest now lies in how effectively each company executes on the security workflows that sit on top of their platforms. In this respect, Cohesity continues to lag. It has ceded the data security narrative to Rubrik, shown limited appetite for bold marketing, and outsourced much of its DSPM strategy to partners. These moves suggest a lack of ambition to challenge Rubrik’s growing brand and vision leadership.

The next phase of competition in hack recovery will center on orchestrated recovery workflows, not just ransomware detection. The winning platforms will enable pre-recovery data scanning, seamless integration with clean-room environments to prevent reinfection, and multi-stage recovery orchestration. Cohesity holds a modest edge here through its broad ecosystem of security partnerships, working closely with firms like CrowdStrike, Palo Alto Networks, and several niche startups. It recognizes that backup software alone cannot serve as the ultimate authority in cybersecurity.

Rubrik, meanwhile, tends to align with larger, established security leaders such as CrowdStrike (CRWD) and Zscaler (ZS). The parallels among these three are clear: all emphasize top-down go-to-market execution, thought leadership, and CISO-level engagement. Yet Rubrik arguably combines CRWD’s product-driven credibility with ZS’s platform-led vision — giving it stronger GTM discipline and clearer strategic positioning than Cohesity. Where CRWD and ZS face intense rivalry from peers with comparable technology and market access, Rubrik currently enjoys a more open field in defining the future of data security.