Professional Documents
Culture Documents
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Security Overview
Notes:
Hello, and welcome to the Security Overview module.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
YOUR DATA
Separate
security domain
On Premises Workloads
Threat Sensors &
Ransomware
Alerts
SaaS Applications
Notes:
Metallic leverages a multi-layered data protection, providing robust controls to both prevent threats
and ensure data is highly available and recoverable from deletion or attack.
The control plane for Metallic lives in the cloud, in a separate security domain. All backups are
isolated from source environments, in a different format from source data and production
environments. This delivers a virtual-airgap between customer environments and backup copies
and operations. All backup data stored within Metallic is immutable, with data encrypted in-flight
and at-rest.
At a platform-level multi-factor, zero-trust authentication, and zero-trust access protocols are in
place. Metallic is also hardened with industry-leading standards built in (such as SOC 2: Type II, ISO
2700, and is the only DMaaS offering to achieve FedRAMP High status), for an enterprise-grade
security model in the cloud.
Metallic also delivers next-generation threat detection.
Integrated cyber deception enables businesses to spot zero day and advanced ransomware attacks
in production environments (before they impact data), while built-in anomaly, user behavior, & file
access monitoring with monitor threats and provide advanced insight into vulnerabilities on
datasets.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Isolation is needed Active Directory Government agencies Data protection and Admins and IT pros Data protection starts
for additional plays a role in 90% & contractors recovery is a critical need smarter data before you’re
ransomware of attacks require more part of end-to-end security and recovery compromised...
protection stringent protection security insights
Notes:
Security is always top of mind for us at Metallic, as evident from our continued investment in new
and differentiated data services that enrich our data management platform and help our customers
strengthen their overall security posture:
• First, we understood that attackers were getting smarter, cloud backups alone weren't enough,
and that customers needed an extra layer of protection – so we introduced Metallic Recovery
Reserve (formerly named Metallic Cloud Storage Service or MCSS), delivering a virtually air-
gapped cloud storage target, which isolated customer data in a separate security domain outside
of their environments
• Then, we focused on Active Directory, as it plays a role in almost every ransomware attack,
offering bad actors a haven for manipulating users, permissions, and access – so we introduced
FREE Active Directory Backup for Microsoft and Azure AD with every Metallic service – enabling
our customers to protect and recover one of their most critical applications
• Next, we turned our attention to agencies and government contractors, who needed to protect
sensitive data while meeting the stringent security standards in the cloud – so we launched our
Metallic Government Cloud offering and became the ONLY vendor in our space to achieve
FedRAMP High status, meeting 421 mandated security controls and protocols.
• Knowing that data protection plays an interconnected role in a business' overall multi-layered
security strategy, we expanded our partner ecosystems with our first MSSP partnerships, to
deliver Metallic as a managed service alongside other critical monitoring, management, and
security services
• We understood that backup and IT admins needed better tools to keep up with evolving attacks
and make more sound recovery decisions – so we launched Security IQ, bringing advanced tools
and insights to help customers quickly bolster security posture, monitor abnormal behaviors and
events, and rapidly recover data to pre-ransomware states
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
• And lastly, with our launch of Threat Wise, unique cyber deception that surfaces ransomware
threats before data impact – understanding that customers needed new tools and capabilities to
protect their data sooner - before encryption, leakage, exfiltration, or theft.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Notes:
In this section we will look at Metallic Recovery Reserve
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
The easy button to virtual air-gapped protection Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
Metallic Recovery Reserve is the easy button to adopt secure and scalable cloud storage in minutes.
For simplicity, we provide the option for customers to select Metallic Recovery Reserve as a
managed cloud storage target for their data backups
It delivers a cost-effective and secure storage target in the cloud for additional ransomware security.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Easy adoption of cloud storage for long and short-term data retention Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
With Recovery Reserve customers get:
• Isolated, Air gapped data copy, ensuring recoverability from ransomware
• Everything is also managed and configured through Commvault Command Center - As simple as 1,
2, 3 – apply the licenses through Commvault Command Center, create the cloud library target, &
apply backup retention policies.
• Cloud costs can spiral – managing through Commvault means there are no egress fees, guesswork,
or hidden fees.
• Lastly, it can be challenging to move to the cloud without expertise. Metallic takes on much of the
cloud service management and configuration so you can focus on what is important
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
ThreatWise
ThreatWise
Notes:
In this section we will look at Threatwise
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
!
Leak
Lateral
Movement ! ! 83% of attacks
Exfiltrate involve some form
Command
of data leakage,
Access exfiltration, theft,
& Control
Encrypt
or damage.1
Privilege
Escalation
!
Steal
Source 1: https://www.computerweekly.com/news/252513735/Backups-no-longer-
effective-for-stopping-ransomware-attacks Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
Today, ransomware is more sophisticated than ever – and targeting businesses in new and unique
ways.
A few short years ago, data encryption was the end game. If attackers could encrypt and deny you
access to your data, businesses would be forced to comply and pay a ransom. But with more and
more companies leveraging proven backup solutions (like what Commvault offers) to protect their
data – businesses have requisite tools to recover encrypted data and get their business back online
– avoiding costly ransomware demands.
Understanding this, bad attackers have evolved their approach – and have begun targeting
organizations in new and unique ways.
In fact, over 83% (the majority) of ransomware attacks today involve some form of data leakage,
data exfiltration, or data theft - meaning bad actors are looking to damage your business in new
ways, beyond just encrypting it. And while recoverability is an irreplaceable element of business
continuity, disaster recovery, and ransomware readiness strategies, organizations need new tools to
spot and minimize threats before they reach their data.
To comprehensively secure our customers from advanced ransomware threats, we are rethinking
data protection – so it starts before data is compromised.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Event
Notification
Your Data
Security
Ec osystem
Notes:
That’s why, Commvault introduced Metallic ThreatWise, next-generation cyber
deception for early ransomware detection in production environments
• Here’s how it works…
• Without deception, bad actors have a direct path to your data, where 100% of the
assets in customer environments are real
• Leveraging patented deception technology, Metallic drops threat sensors around
valuable assets, covering production environments with authentic, look-a-like decoys.
These threat sensors can mimic servers, IoT devices, workstations, highly specialized
customer assets, and more.
• By precisely simulating real resources, Metallic threat sensors are indistinguishable to
attackers, and when engaged with, deliver high-fidelity warning signals to key business
stakeholders and security systems the moment they happen.
• And because Threat Wise sensors are only visible to bad actors, they provide highly
accurate visibility into malicious activity (without false positives) to surface recon,
lateral movement, and unwanted privileged access. ThreatWise redefines data
protection and moves into uncharted territory as the only vendor to provide customers
with capabilities to surface unknown and zero-day threats before data impact.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Security IQ
Security IQ
Notes:
In this section we will look at Security IQ
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Security IQ Dashboard
Security IQ Dashboard
Advanced Security Tools and Insights
VM &
Kubernetes
Outcomes Endpoint
Database
Evaluate and continuously improve Backup
Insights
Gain real-time visibility into critical events, Cloud File
and Object
anomalous activities, and vulnerabilities Storage
Recovery Points
Make informed recovery decisions
to exceed SLA objectives Office
365
Salesforce
Dynamics 365
Notes:
As malicious threats mount, modern companies need proactive insights and new approaches to
respond. With Security IQ, from Metallic, you get intuitive tools to safeguard from external and
insider threats. It’s embedded into every Metallic subscription – helping businesses reduce attack
surface exposure and constantly monitor their backup environment - broadly across SaaS apps,
endpoints, and hybrid cloud workloads.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Security IQ
Tracks abnormal
Scores backup
environment based on
native security controls
activated and provides Monitors anomalous
recommended actions file system trends and
for improvement. suggests pre-
ransomware recovery
points.
Notes:
Within Security IQ, users can quickly enhance their security posture. By evaluating all available
controls and best practices, Metallic then intuitively recommends admin actions to further harden
current backup environments.
Users can quickly assess areas of improvement and rapidly configure additional security capabilities
to bolster their security stature. It includes key parameters such as advanced authentication,
storage encryption, multi-authorization workflows, and more.
Additionally, Security IQ provides advanced monitoring of datasets and behaviors. It can flag and
detect anomalous conditions across networks and spotlight suspicious activity for investigation.
Artificial Intelligence and Machine Learning-powered file monitoring also flags unusual file activity
in real-time. It enables users to discern when datasets are being tampered with, deleted, or created.
This gives direct line of sight into potentially infected datasets or malicious activities.
From here, users can further investigate suspicious files, quarantine impacted datasets, and uproot
suspicious behavior before it can cause immediate or widespread damage. Users can then recover
data with precision and confidence by surgically removing malicious files and rolling individual
datasets or entire environments back to last clean, pre-infected states to prevent reinfection.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Notes:
In this section we will look at Active Directory Backup
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Notes:
As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new
methods, means, and vectors for their exploits. Active Directory (AD), as a core element of
centralized management has become a primary target, and pathway, to execute ransomware
attacks.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Included for FREE with every Metallic service. Copyright 2022 Metallic, A Commvault Venture. All rights reserved.
Notes:
Safeguarding AD from ransomware requires purpose-built tools to prevent, detect, and recover
from attack. And while some businesses have developed home-grown solutions, they are time-
consuming to maintain, upkeep, and administer. With Metallic Backup, you get dedicated, single-
solution protection for Microsoft Active Directory and Azure Active Directory – that helps to quickly
restore your data.
Frequent backups enable users to undo damaging and unwanted changes to objects, attributes,
users, groups, app registrations, and more.
Fast, granular recovery options allow administrators to view what’s changed their environment and
easily recover missing, damaged, or misconfigured items to thwart ongoing attacks.
Users can even roll back entire AD instances at scale to uproot bad actors and get entire business
systems or users back online.
Best of all… Active Directory Backup is included for FREE with every paid Metallic subscription.
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED
Thank You!
commvault.com | 888.746.3849
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, and “Be ready” are trademarks or registered
trademarks of Commvault Systems, Inc. A complete list of trademarks owned by Commvault can be found here. All other third party brands, product names, and
trademarks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.