Alex - stock.adobe.com

Commvault expands, automates ransomware discovery tools

In its latest release, Commvault adds advanced ransomware functionality and new security features to its data protection platform as well as unveils a new admin console.

Commvault will use machine learning capabilities to build a better mousetrap against ransomware attacks.

The data backup vendor will add new AI-based functionality to ThreatWise, a decoy security technology available as part of Metallic, Commvault's SaaS backup and recovery product. ThreatWise Advisor will automate the building and placement of data traps, which are designed to lure bad actors and alert companies to the attack. ThreatWise is based on technology from TrapX, a company Commvault acquired in 2020.

Additional updates and new capabilities to the Commvault software platform will include Risk Analysis, Threat Scan and Auto Recovery. The Commvault Cloud Command, an updated console, provides visibility of the vendor's data protection software both on premises and in the cloud.

Cloud Command will be a free service for Commvault customers. ThreatWise Advisor will be added to the ThreatWise service, while Risk Analysis, Threat Scan and Auto Recovery will be sold separately with their own pricing models. All these services are expected to launch later this year, according to Commvault.

The new ThreatWise capabilities can improve cyber resiliency against ransomware, primarily by catching intrusions with decoys. But data protection capabilities are no substitute for security-focused software and teams, said Krista Macomber, an analyst at Futurum Group.

"It's important for data protection vendors to continue to do what they do well," she said. "We advise [data protection vendors to] try to be clear in their role within the security stack."

Front toward enemy

ThreatWise Advisor builds on ThreatWise technology added to Metallic last year by recommending decoy placement through machine learning to set up traps of unstructured data.

The software required administrators to manually set trap locations. But the new ThreatWise Advisor adds automation capabilities to suggest and place traps, according to Steve Preston, vice president of Metallic Security Services.

"This is all being driven by the threat landscape," Preston said. "You need to have the ability to respond at machine speed."

Commvault Risk Analysis will let the vendor's platform discover and classify sensitive data across both production and backup storage environments. Administrators can choose to set automatic quarantining and deletion policies for such data as well.

Commvault Threat Scan inspects backup data to locate encrypted, corrupted or suspicious datasets among backups. Commvault Auto Recovery provides suggestions for recovery points-in-time prior to corruption.

Commvault's new capabilities create a cyber-resilient infrastructure and a technology stack that protects itself against ransomware attacks. It can also address traditional backup woes, such as corruption and data center outages, said Jerome Wendt, CEO and analyst at Data Center Intelligence Group.

"What you're seeing now is the rise of the cyber-resilient infrastructure," he said. "This is going to be a better way to catch an active [ransomware] attack."

A screenshot of the new Commvault Cloud Command administrator console
Commvault Cloud Command console screenshot.

This side toward you

Many data protection companies are making the pivot to cyber resiliency, such as Cobalt Iron and Asigra, according to Wendt. But data backup and disaster recovery vendors cannot replicate the same capabilities or tools of security vendors -- despite marketing claims that backup can do it all.

It's important for data protection vendors to continue to do what they do well.
Krista MacomberAnalyst, Futurum Research

Insights into best recovery times, what backups are corrupted and what data is vulnerable can create a more comprehensive security posture even if backups are not the primary line of defense, according to Wendt and Macomber. Backups are, however, becoming a juicer target for ransomware attacks, as eliminating the backups eliminates an escape vector for victims.

"Whether it's Commvault or whatever security solution, they're all trying to solve this bigger problem of ransomware," Wendt said.

Commvault CEO Sanjay Mirchandani has said the company remains focused on data protection despite some of Commvault's services, such as ThreatWise, providing cybersecurity functionality and some shifts in the data backup market, such as Rubrik's attempts to become a cybersecurity vendor, Mirchandani said.

"The most prevalent conversation in data protection is ransomware," he said in an interview with TechTarget Editorial last year. "That is a cybersecurity issue but that does not automatically flip me to being a cybersecurity company."

Keeping that separation in mind will be important for IT teams, Macomber said, because security software needs to stop threats from reaching any storage environment.

"If you stop the attacker from getting into the environment to begin with, you're going to be ahead of the game," she said.

Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.

Dig Deeper on Data backup and recovery software

Disaster Recovery
Storage
ITChannel
Close