Security PDF

COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Metallic Technical Sales Professional:

Security Overview
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Metallic Technical Sales Professional: Security Overview
Metallic® Technical Sales Professional:
Security Overview
Notes:
Hello, and welcome to the Security Overview module.
Our Multi-Layered Security Approach
Our Multi-Layered Security Approach

A New and Differentiated Approach to DMaaS
YOUR DATA
Separate
security domain
On Premises Workloads
Threat Sensors &
Ransomware
Alerts
Physical Virtual Converged Early threat detection

• Anomaly detection
Isolated • Trends & insights
• User behaviors
Cloud Workloads
virtual
air gap
Data encryption
in-flight/at-rest
Metallic®
Control Plane
Endpoints
SaaS Applications
Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
Metallic leverages a multi-layered data protection, providing robust controls to both prevent threats
and ensure data is highly available and recoverable from deletion or attack.
The control plane for Metallic lives in the cloud, in a separate security domain. All backups are
isolated from source environments, in a different format from source data and production
environments. This delivers a virtual-airgap between customer environments and backup copies
and operations. All backup data stored within Metallic is immutable, with data encrypted in-flight
and at-rest.
At a platform-level multi-factor, zero-trust authentication, and zero-trust access protocols are in
place. Metallic is also hardened with industry-leading standards built in (such as SOC 2: Type II, ISO
2700, and is the only DMaaS offering to achieve FedRAMP High status), for an enterprise-grade
security model in the cloud.
Metallic also delivers next-generation threat detection.
Integrated cyber deception enables businesses to spot zero day and advanced ransomware attacks
in production environments (before they impact data), while built-in anomaly, user behavior, & file
access monitoring with monitor threats and provide advanced insight into vulnerabilities on
datasets.
Strengthening Customer Security with Metallic
Strengthening Customer Security With Metallic®

Innovative Data Security Services in the Cloud
Isolation is needed Active Directory Government agencies Data protection and Admins and IT pros Data protection starts
for additional plays a role in 90% & contractors recovery is a critical need smarter data before you’re
ransomware of attacks require more part of end-to-end security and recovery compromised...
protection stringent protection security insights
Metallic® Recovery Metallic® Metallic®

Active Directory First MSSP Partner Security IQ ThreatWiseTM
ReserveTM Government Cloud
virtual air gapped, FREE Azure & the ONLY inclusion in first advanced insights market-leading
scalable cloud Microsoft AD FedRAMP High Managed Security and security tools cyber deception
storage target Backup DMaaS portfolio Service offering technology
with new partner
Notes:
Security is always top of mind for us at Metallic, as evident from our continued investment in new
and differentiated data services that enrich our data management platform and help our customers
strengthen their overall security posture:
• First, we understood that attackers were getting smarter, cloud backups alone weren't enough,
and that customers needed an extra layer of protection – so we introduced Metallic Recovery
Reserve (formerly named Metallic Cloud Storage Service or MCSS), delivering a virtually air-
gapped cloud storage target, which isolated customer data in a separate security domain outside
of their environments
• Then, we focused on Active Directory, as it plays a role in almost every ransomware attack,
offering bad actors a haven for manipulating users, permissions, and access – so we introduced
FREE Active Directory Backup for Microsoft and Azure AD with every Metallic service – enabling
our customers to protect and recover one of their most critical applications
• Next, we turned our attention to agencies and government contractors, who needed to protect
sensitive data while meeting the stringent security standards in the cloud – so we launched our
Metallic Government Cloud offering and became the ONLY vendor in our space to achieve
FedRAMP High status, meeting 421 mandated security controls and protocols.
• Knowing that data protection plays an interconnected role in a business' overall multi-layered
security strategy, we expanded our partner ecosystems with our first MSSP partnerships, to
deliver Metallic as a managed service alongside other critical monitoring, management, and
security services
• We understood that backup and IT admins needed better tools to keep up with evolving attacks
and make more sound recovery decisions – so we launched Security IQ, bringing advanced tools
and insights to help customers quickly bolster security posture, monitor abnormal behaviors and
events, and rapidly recover data to pre-ransomware states
• And lastly, with our launch of Threat Wise, unique cyber deception that surfaces ransomware
threats before data impact – understanding that customers needed new tools and capabilities to
protect their data sooner - before encryption, leakage, exfiltration, or theft.
Metallic Recovery Reserve
Metallic® Recovery ReserveTM
Notes:
In this section we will look at Metallic Recovery Reserve
Enhance Ransomware Strategies With Managed Cloud Storage
Secure Flexible Simple

Virtual air-gapped ransomware Meet long and short-term data Purchase. Add. Apply.
protection with retention needs with Single pane of glass
encryption built-in flexible tiers management makes
administration easy
The easy button to virtual air-gapped protection Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
Metallic Recovery Reserve is the easy button to adopt secure and scalable cloud storage in minutes.
For simplicity, we provide the option for customers to select Metallic Recovery Reserve as a
managed cloud storage target for their data backups
It delivers a cost-effective and secure storage target in the cloud for additional ransomware security.

Cloud Storage Options for Metallic® DMaaS, HyperScale XTM and Commvault® Backup and Recovery
The easy button to air gapped ransomware

protection, for both long- and short-term data
retention needs
Enhanced Flexibility: Choose between long and short-

term retention tiers for Metallic DMaaS and
Commvault® Software.
Simplified Management: As simple as 1, 2, 3 -

purchase, add, & apply. Single pane of glass
management makes administration easy.
Secure: Air-gapped ransomware protection with

encryption built-in.
Easy adoption of cloud storage for long and short-term data retention Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
With Recovery Reserve customers get:
• Isolated, Air gapped data copy, ensuring recoverability from ransomware
• Everything is also managed and configured through Commvault Command Center - As simple as 1,
2, 3 – apply the licenses through Commvault Command Center, create the cloud library target, &
apply backup retention policies.
• Cloud costs can spiral – managing through Commvault means there are no egress fees, guesswork,
or hidden fees.
• Lastly, it can be challenging to move to the cloud without expertise. Metallic takes on much of the
cloud service management and configuration so you can focus on what is important
ThreatWise
ThreatWise
Notes:
In this section we will look at Threatwise
New Ransomware Motives
New Ransomware Motives

The Double and Triple Extortion of Data
!
Leak
Lateral
Movement ! ! 83% of attacks
Exfiltrate involve some form
Command
of data leakage,
Access exfiltration, theft,
& Control
Encrypt
or damage.1
Privilege
Escalation
!
Steal
Get in Get Access Impact
Source 1: https://www.computerweekly.com/news/252513735/Backups-no-longer-
effective-for-stopping-ransomware-attacks Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
 Today, ransomware is more sophisticated than ever – and targeting businesses in new and unique
ways.
 A few short years ago, data encryption was the end game. If attackers could encrypt and deny you
access to your data, businesses would be forced to comply and pay a ransom. But with more and
more companies leveraging proven backup solutions (like what Commvault offers) to protect their
data – businesses have requisite tools to recover encrypted data and get their business back online
– avoiding costly ransomware demands.
 Understanding this, bad attackers have evolved their approach – and have begun targeting
organizations in new and unique ways.
 In fact, over 83% (the majority) of ransomware attacks today involve some form of data leakage,
data exfiltration, or data theft - meaning bad actors are looking to damage your business in new
ways, beyond just encrypting it. And while recoverability is an irreplaceable element of business
continuity, disaster recovery, and ransomware readiness strategies, organizations need new tools to
spot and minimize threats before they reach their data.
 To comprehensively secure our customers from advanced ransomware threats, we are rethinking
data protection – so it starts before data is compromised.
Lightweight, Highly- Accurate Threat Signals
Lightweight, Highly-Accurate Threat Signals
Event
Notification
Your Data
Security
Ec osystem
Notes:
That’s why, Commvault introduced Metallic ThreatWise, next-generation cyber
deception for early ransomware detection in production environments
• Here’s how it works…
• Without deception, bad actors have a direct path to your data, where 100% of the
assets in customer environments are real
• Leveraging patented deception technology, Metallic drops threat sensors around
valuable assets, covering production environments with authentic, look-a-like decoys.
These threat sensors can mimic servers, IoT devices, workstations, highly specialized
customer assets, and more.
• By precisely simulating real resources, Metallic threat sensors are indistinguishable to
attackers, and when engaged with, deliver high-fidelity warning signals to key business
stakeholders and security systems the moment they happen.
• And because Threat Wise sensors are only visible to bad actors, they provide highly
accurate visibility into malicious activity (without false positives) to surface recon,
lateral movement, and unwanted privileged access. ThreatWise redefines data
protection and moves into uncharted territory as the only vendor to provide customers
with capabilities to surface unknown and zero-day threats before data impact.
Security IQ
Security IQ
Notes:
In this section we will look at Security IQ
Security IQ Dashboard
Security IQ Dashboard
Advanced Security Tools and Insights
VM &
Kubernetes
Outcomes Endpoint
Database
Evaluate and continuously improve Backup
backup security stature
Insights
Gain real-time visibility into critical events, Cloud File
and Object
anomalous activities, and vulnerabilities Storage
Recovery Points
Make informed recovery decisions
to exceed SLA objectives Office
365
Salesforce
Dynamics 365
Notes:
As malicious threats mount, modern companies need proactive insights and new approaches to
respond. With Security IQ, from Metallic, you get intuitive tools to safeguard from external and
insider threats. It’s embedded into every Metallic subscription – helping businesses reduce attack
surface exposure and constantly monitor their backup environment - broadly across SaaS apps,
endpoints, and hybrid cloud workloads.
Security IQ
Tracks abnormal
Security IQ conditions and

behaviors on data for
deeper insight into
unwarranted changes
on backup data.
Scores backup
environment based on
native security controls
activated and provides Monitors anomalous
recommended actions file system trends and
for improvement. suggests pre-
ransomware recovery
points.
Provides accounting for

unauthorized changes
to configurations,
restores, and user
logins.
Notes:
Within Security IQ, users can quickly enhance their security posture. By evaluating all available
controls and best practices, Metallic then intuitively recommends admin actions to further harden
current backup environments.
Users can quickly assess areas of improvement and rapidly configure additional security capabilities
to bolster their security stature. It includes key parameters such as advanced authentication,
storage encryption, multi-authorization workflows, and more.
Additionally, Security IQ provides advanced monitoring of datasets and behaviors. It can flag and
detect anomalous conditions across networks and spotlight suspicious activity for investigation.
Artificial Intelligence and Machine Learning-powered file monitoring also flags unusual file activity
in real-time. It enables users to discern when datasets are being tampered with, deleted, or created.
This gives direct line of sight into potentially infected datasets or malicious activities.
From here, users can further investigate suspicious files, quarantine impacted datasets, and uproot
suspicious behavior before it can cause immediate or widespread damage. Users can then recover
data with precision and confidence by surgically removing malicious files and rolling individual
datasets or entire environments back to last clean, pre-infected states to prevent reinfection.
Active Directory Backup
Active Directory Backup
Notes:
In this section we will look at Active Directory Backup
Active Directory in the Crosshairs
Active Directory in the Crosshairs

A New Vector to Orchestrate Attacks
Establishing a Foothold for Cyberthreats
Gain Control Move Laterally Execute Attack

Exploit misconfigurations and Silently traverse infrastructure, Propagate cyberattack and
blind spots to compromise workstations, and control access to customer
privileged accounts. applications. networks.
Notes:
As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new
methods, means, and vectors for their exploits. Active Directory (AD), as a core element of
centralized management has become a primary target, and pathway, to execute ransomware
attacks.
Metallic Active Directory Backup
Metallic® Active Directory Backup

For Microsoft AD + Azure AD
Simple, Purpose-Built Protection
Automated Backups for single-solution protection of

Microsoft AD and Azure AD
Comprehensive Coverage of objects, attributes, users,

groups, and app registrations
Granular Recovery to roll back damaging, unwanted, or

accidental changes
Layered Security with data encryption and air-gapped

ransomware protection
Included for FREE with every Metallic service. Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
Safeguarding AD from ransomware requires purpose-built tools to prevent, detect, and recover
from attack. And while some businesses have developed home-grown solutions, they are time-
consuming to maintain, upkeep, and administer. With Metallic Backup, you get dedicated, single-
solution protection for Microsoft Active Directory and Azure Active Directory – that helps to quickly
restore your data.
Frequent backups enable users to undo damaging and unwanted changes to objects, attributes,
users, groups, app registrations, and more.
Fast, granular recovery options allow administrators to view what’s changed their environment and
easily recover missing, damaged, or misconfigured items to thwart ongoing attacks.
Users can even roll back entire AD instances at scale to uproot bad actors and get entire business
systems or users back online.
Best of all… Active Directory Backup is included for FREE with every paid Metallic subscription.
Thank You!

Security PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security PDF

Uploaded by

Copyright:

Available Formats

COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED

Metallic Technical Sales Professional:

Metallic Technical Sales Professional: Security Overview

Metallic® Technical Sales Professional:

Our Multi-Layered Security Approach

Our Multi-Layered Security Approach

Physical Virtual Converged Early threat detection

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Strengthening Customer Security with Metallic

Strengthening Customer Security With Metallic®

Metallic® Recovery Metallic® Metallic®

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Metallic Recovery Reserve

Metallic® Recovery ReserveTM

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Metallic Recovery Reserve

Metallic® Recovery ReserveTM

Enhance Ransomware Strategies With Managed Cloud Storage

Secure Flexible Simple

Metallic Recovery Reserve

Metallic® Recovery ReserveTM

The easy button to air gapped ransomware

Enhanced Flexibility: Choose between long and short-

Simplified Management: As simple as 1, 2, 3 -

Secure: Air-gapped ransomware protection with

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

New Ransomware Motives

New Ransomware Motives

Get in Get Access Impact

Lightweight, Highly- Accurate Threat Signals

Lightweight, Highly-Accurate Threat Signals

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

backup security stature

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Security IQ conditions and

Provides accounting for

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Active Directory Backup

Active Directory Backup

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Active Directory in the Crosshairs

Active Directory in the Crosshairs

Establishing a Foothold for Cyberthreats

Gain Control Move Laterally Execute Attack

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

Metallic Active Directory Backup

Metallic® Active Directory Backup

Simple, Purpose-Built Protection

Automated Backups for single-solution protection of

Comprehensive Coverage of objects, attributes, users,

Granular Recovery to roll back damaging, unwanted, or

Layered Security with data encryption and air-gapped

Copyright 2022 Metallic, A Commvault Venture. All rights reserved.

You might also like