The News: Commvault announces four new cyber-detection and recovery capabilities that will be available in 2Q 2023: Commvault Risk Analysis, Threat Scan, and Auto Recovery (all available standalone or as a part of a Commvault solution bundle), as well as the ThreatWise Advisor capability. The company also is introducing its Cloud Command centralized User Interface for all Commvault Complete and Metallic instances. It also is furthering integration with CyberArk and Microsoft for identity and access management (IAM) and security incident and event management (SIEM) capabilities. Additional detail can be found in Commvault’s Press Release.
Cyber-Detection and Recovery Drive Commvault’s Portfolio Strategy
Analyst Take: Backups are only as good as their ability to be recovered. Enterprises do not protect data for the sake of protecting it. Enterprises protect data so that it can be recovered, and to support business continuity.
With this in mind, data protection is evolving to play in a broader framework that encompasses cyber-resiliency, recovery mechanisms, and security, in addition to core backup and operational recovery functions. Enterprises looking to follow the NIST Framework should therefore begin to encompass not just Protect and Recover, but also Identify and Detect, as well.
Commvault Taps ThreatWise to Deliver “Active Defense”
Commvault, like its peers in the data protection space, centers its portfolio strategy around cyber-resiliency. Commvault describes its approach as enabling “Active Defense” – that is, earlier and more proactive identification and remediation of threats and attacks, versus simply allowing protection tools and technologies to serve only as the last line of defense.
This effort is spearheaded by ThreatWise, an add-on, cloud-delivered service for honeypot and early warning/threat detection that is based on Commvault’s 2022 acquisition of TrapX. The idea is to catch threat actors when they are getting a foothold into the environment and preparing to move laterally – as a result helping not only to detect attacks earlier, but also to minimize the blast radius of an attack.
Implementing threat detection requires a set of practices that are complex, even for security professionals. This task is even more challenging for data protection professionals, who are an additional layer removed compared to their security cohorts. To address this challenge, the implementation of threat detection tools needs to be integrated into protection workflows and processes.
With the current launch, Commvault is adding to ThreatWise a capability called ThreatWise Advisor, which recommends deployment of decoys, including where in the environment they are deployed, and the number or density of decoys that are deployed. This is based on what Commvault describes as “intelligent,” logic-base machine learning (ML) that connects the backup environment with ThreatWise, and continuously interrogates the environment and provides recommendations based on environmental changes. The customer can decide whether or not to act on these recommendations, for example based on what they know about where their “crown jewel” infrastructure and data are deployed.
While its peers in the data protection space are also looking to add capabilities that help them to detect attacks sooner, the ThreatWise honeypot-style approach is unique.
ML-driven Active Defense is Extending Across Commvault’s Portfolio
The new Commvault Risk Analysis and Threat Scan capabilities build on the theme of using ML to strengthen cyber-resiliency. Risk Analysis uses metadata-based classification to identify sensitive data, such as Social Security numbers, so that IT Operations can have a better sense of how to protect their environment based on the risk profile of their data assets (e.g., where to grant access permissions). Threat Scan inspects the contents of backup files in order to uncover data sets that are corrupted or otherwise suspicious. These files can then be subsequently quarantined and eradicated from the environment. It is notable that Commvault can understand data versioning and what changes have occurred, based on file entropy. This is important from the standpoint of assessing a file’s age and its importance to the organization. Meanwhile, the Auto Recovery capability allows for automated recoveries in an AIOps-type fashion (a major benefit considering how strapped for staff IT Operations teams are).
Cloud Command will Allow for Cyber-Resiliency Across the Assets Under Commvault Protection
In addition to more closely integrating the acquired ThreatWise technology into its codebase, Commvault is moving towards a consistent, unified experience between its core Complete offering, and its Metallic SaaS protection offering.
Metallic services are successful, surpassing $100 million in annual recurring revenue (ARR) in less than 3 years of existence. However, the management interface was separate. Based on my interactions, IT Ops did not have a good understanding of what was protected by Metallic and what was protected by Complete. In fact, there is a somewhat common perception that they are separate entities, or that Commvault acquired Metallic. Adding a more cohesive user experience will help to address this problem.
Deepening the Security Partner Ecosystem
As indicated with the discussion of the NIST Cybersecurity Framework, cyber-resiliency is a team sport that extends beyond data protection. We are seeing security-focused ecosystem plays become more common in the data protection space, and Commvault is contributing its share. With the portfolio announcement comes closer, bi-directional support with Microsoft’s Sentinel SIEM tool to allow SecOps and IT Ops teams to receive notifications and then audit if there are problems, such as a large number of files being encrypted, based on the backup environment. Remedial actions can then be executed automatically based on runbooks. Commvault also has integrated with CyberArk for dynamic, just-in-time credentials that are created as needed and not stored by Commvault. This is important because many (arguably most) attacks are based on compromised credentials. Enterprises may have hundreds of thousands of service account credentials, and this is how malicious actors penetrate the environment.
Looking Ahead
The landscape of data protection is evolving to encompass a broader framework that goes beyond traditional backup and recovery functions. Commvault’s focus on cyber-resiliency and active defense through its ThreatWise solution is a positive step to align with this trend. By leveraging intelligent ML and threat detection capabilities, Commvault aims to proactively identify and remediate threats, minimizing the impact of potential attacks.
Additionally, Commvault is enhancing its portfolio with risk analysis, threat scanning, and auto recovery features, further strengthening its cyber-resiliency functionality. The integration of security partner ecosystems, such as Microsoft’s Sentinel SIEM tool and CyberArk, underscores the collaborative nature of cyber-resiliency efforts and is to be applauded. As organizations face increasingly sophisticated cyber threats, adopting a comprehensive approach that combines data protection, threat detection, and security measures is crucial for ensuring business continuity and minimizing potential risks.
These recent announcements and the overall freshening of the C-Suite at Commvault over the last few months bode well for the company as it looks to compete and differentiate against the likes of Cohesity, Rubrik, and Veeam.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Decentralized Storage in the Battle Against Ransomware
Infinidat Infuses its OS into Public Cloud, Adds Forensics for Cyber Resiliency
Author Information
Regarded as a luminary at the intersection of technology and business transformation, Steven Dickens is the Vice President and Practice Leader for Hybrid Cloud, Infrastructure, and Operations at The Futurum Group. With a distinguished track record as a Forbes contributor and a ranking among the Top 10 Analysts by ARInsights, Steven's unique vantage point enables him to chart the nexus between emergent technologies and disruptive innovation, offering unparalleled insights for global enterprises.
Steven's expertise spans a broad spectrum of technologies that drive modern enterprises. Notable among these are open source, hybrid cloud, mission-critical infrastructure, cryptocurrencies, blockchain, and FinTech innovation. His work is foundational in aligning the strategic imperatives of C-suite executives with the practical needs of end users and technology practitioners, serving as a catalyst for optimizing the return on technology investments.
Over the years, Steven has been an integral part of industry behemoths including Broadcom, Hewlett Packard Enterprise (HPE), and IBM. His exceptional ability to pioneer multi-hundred-million-dollar products and to lead global sales teams with revenues in the same echelon has consistently demonstrated his capability for high-impact leadership.
Steven serves as a thought leader in various technology consortiums. He was a founding board member and former Chairperson of the Open Mainframe Project, under the aegis of the Linux Foundation. His role as a Board Advisor continues to shape the advocacy for open source implementations of mainframe technologies.
