Commvault SHIFT 2023
On November 9th 2023, Commvault held their SHIFT event, focussing on the future of cyber resilience. Data security and ransomware at the forefront of all organisations minds at the moment, and that threat landscape is constantly evolving. Commvault, along with some of their partners, used this event to give us their take on what cyber resilience looks like in this modern world- and how their AI powered innovations can be used to combat the rise in AI threats.
The event saw the unveiling of Commvault Cloud, powered by Metallic AI, which brings together all of their all of their Software-as-a-Service products into one single platform. The headline features of “AI-powered defence”, “rapid recovery”, and “infinite scale” are on every organisations cyber wish list at the moment, and Commvault are promising to deliver this to their customers
Sanjay Mirchandani, President and CEO of Commvault, chaired the Keynote session “Cyber Resilience: A New Paradigm for Enterprise Security” to start the event. He told us “The time is now” to fight back against the “systemic and pervasive threat of ransomware” and we should change how we are protecting our enterprise data. Ransomware is the big focus of cyber attacks in 2023 with a headline cost of $30 Billion being quoted, and a survey of Commvault’s customers said that 98% of companies now needed to be able to recover from a Cyber attack quickly. Quick recovery from an attack might have been a “want” some years ago but is now definitely in the “must have” list as organisations recognise that an attack is likely.
Commvault are approaching this with four pillars. Firstly working with a true Cloud-Based Approach. This recognises organisations are making what they term a “Cloud-smart” approach, choosing the public cloud where appropriate and the Commvault Cloud offering is firmly positioned as an accessible SaaS solution.
The second pillar Security & Recovery is about understanding that these two concepts need to be equal parts of the solution. Even with the best security, breaches are going to happen and the organisation needs to be able to recover. Recovery, especially at petabyte scale, needs to have a plan (and practise of that plan).
Third is the use of an AI Powered Engine. The attackers of 2023 and beyond are using Artificial Intelligence, it provides faster operations than are possible with humans. That means the tools we’re using to protect against and recover from those attacks also need to work fast. AI adds speed to operations such as threat detection, diagnosis, delivering a clean recovery site, and checking data to make sure it’s clean of ransomware before bringing it back online. A recurring mantra from Commvault in this event was Fighting AI with AI.
Finally, the fourth pillar was titled A Cost that makes sense. Sanjay pointed out “You still have a business to run”, for any product to get used it first needs to be purchased (and in the OpEx world, continue to get purchased) so if the price is too high then the risk/reward calculation will fall on the other side of the fence.
Commvault tell us they will protect the widest range of solutions on the market with this product, and that statement is backed by their history of being able to back up a plethora of platforms- VMs, databases, storage systems, public clouds and so on. They also work with a number of partners, including the biggest hyperscalers, to make sure that their operations are integrated with the platforms and products in use in the modern hybrid enterprise.
The Keynote was followed by a session titled “The Next Era of Cyber Recovery Innovation”, with Rajiv Kottomtharayil and Tim Zonca who are both from Commvault. This session dived a bit deeper into what Commvault Cloud actually looks like- taking headlines like “Bringing cutting edge technology to market to solve emerging challenges” and showing a bit more of what this means under the hood, and what that “single pane of glass” looks like.
The architecture covered here is important. Commvault have separated their control plane, data plane, and storage- but also designed in separate security domains for these, preventing lateral movement. With ransomware and other attacks now targeting the backups as well as the source data this is vital.
That storage tier remains vendor agnostic, and offers an immutable solution to protect backups from accidental or malicious deletion. There’s also a lot of focus on the ability to recover data from one environment to another, expanding on Commvault’s existing capabilities. This is useful if an attack takes out your primary recovery location, for example by compromising your firmware, it gives you the option to restore to the cloud.
The Risk Governance solution gives you a comprehensive view of your data. This isn’t just the backups but includes live source data from your production and development environments too. This looks for sensitive information, that could be patient details, PII, credit card data, privileged corporate data and so on, and flags it up. A good example of a developer copying a production database over to a test environment was given. This copy could include credit card data, but because the test environment is considered temporary and not backed up, a scan of just backup data would not reveal the risk.
Threat Scan Predict is where Commvault is using AI to fight AI. We were told how traditional mechanisms were not picking up shapeshifting polymorphic attacks. This tool looks for unusual and suspicious activity. It was also noted that all this AI happens behind the scenes- it’s embedded across their platform and contributing to the tools you are using rather than using the AI specifically.
Having said that, we next saw Arlie, an AI Powered Assistant for Commvault Cloud. It provides natural language and context sensitive help across the interface. Requests such as “Show me failed backups in the last day”, “Why are these jobs failing”, “What other databases are having a similar issue”, or “Email me this report” were demonstrated. This is designed to help users become Power Users without having to learn everything, and in addition to just taking the requests Arlie could provide guided step-by-step assistance in performing specific tasks.
There is a unified API for Commvault Cloud, this is powering a host of off the shelf integrations and is also available for customers and partners to develop their own solutions.
Bulk recovery after a ransomware attack is a big challenge. We need to answer questions like what was the last clean recovery point, do we have a clean environment to recover to, and have we experience recovering this? Practising recovery can be expensive, and involve a lot of staff. It needs a target to recover to, Commvault used the term “Clean Room” a lot today. A verified, available Clean Room is great for “production” recovery events following an attack, but is also great for testing. The Public Cloud comes into it’s own here. If ransomware has potentially compromised your data centre right down to the firmware on the servers Commvault Cloud enables a recovery to somewhere like Azure.
Four different tiers will be available for those purchasing Commvault Cloud , “Foundational Protection”, “Autonomous Recovery”, “Cyber Resilience”, and a top-tier “Commvault Cloud Platinum Resilience, built on AWS”. Each of these incorporates more features into the platform as you go up the pricelist.
The “Shift Right to Resilience” session brought in customers and parters- including Microsoft and ServiceNow- to discuss how they are working with Commvault to protect data and recover from attacks. We were told to expect failure in defences, think that you are already under attack, and move quickly when a breach is discovered- the recoverability is vital.
There were familiar themes in this session, the idea of IT operations and Cyber Security needing to work together was a movement we had previously heard about in the June event. Following an attack the recovery activities span both these disciplines and it is important to make sure that there is a platform in place that enables this and processes that have been rehearsed beforehand.
One suggested way of making these rehearsals, these practice recoveries, work is to automate the process. As with any automation makes it repeatable, documented, and easy to invoke when the real event occurs. The Commvault Cloud platform, and it’s integrations, enable this automation.
Practising these recoveries can be very expensive and we saw how the Azure-based Clean Room recovery cut these costs. It has the automation baked in, and because the Clean Room is spun up and down on-demand there’s no need to pay for expensive hardware (either physical or virtual) to be available 24/7/365.
In summary, Commvault have streamlined their SaaS offering, bringing all the tools together into a single product- Commvault Cloud powered by Metallic AI. This should hopefully simplify procurement and operations for their customers whilst offering them the best protection and recovery defences against modern cyber attacks.
For more information, check out the Commvault Website
#LeaveChaosBehind #Ransomware #CyberResilience
In addition to my standard Declaration/Disclaimer this is a sponsored post.