Are Companies Practicing Traditional Disaster Recovery Ready for the Next Big Cyberattack?

In today’s world, where cybercrime has become increasingly prevalent and more sophisticated than ever, ensuring an organisation’s resilience is no longer solely about traditional disaster recovery.

A recent example of this came almost a week ago, when X, formerly known as Twitter, experienced a series of significant outages. Elon Musk, the owner of X, later confirmed that these disruptions were the result of a major cyberattack. 

Speculations suggest that the attack was likely a distributed denial-of-service (DDoS) attack, where excessive traffic overwhelms a platform’s servers, leading to slowdowns or complete outages. However, as cyber threats evolve, the risks extend beyond temporary disruptions.

In short, it’s about preparing for an entirely different kind of threat—one where data can no longer be trusted, and recovery itself could introduce new risks.

“When there has been a cybercrime, you cannot trust the data. If you recover from it, it may make things worse. In some of the attacks, it is not just data, but they are infecting the hardware. Doing quick recoveries can be damaging or dangerous,” Tim Zonca, VP of portfolio marketing, Commvault, told AIM in an exclusive interview.

What is Commvault Doing?

Zonca explained that Commvault has developed a variety of tools to help organisations stay protected. Elaborating on how one of these tools, called ‘ThreatWise’, functions, he said, “It deploys a set of decoys into an environment. These decoys could look like crown jewels that an organisation is protecting. It might even look like the Commvault environment, and we use some emerging technology where these decoys do not exist or the technology the tool is mimicking does not exist.”

“If someone comes knocking on the door of something that doesn’t exist, it’s not a user accidentally trying to log in; you know that someone’s up to no good. We detect that, and there are two things that we do with that,” Zonca mentioned.

First, Zonca explained that ThreatWise sends an alert to security systems like security information and event management (SIEM) or security orchestration, automation and response (SOAR). “It can also feed into our system,” he said. In some cases, the security systems can automate some processes, such as spinning up a recovery environment to be ready to recover if malicious activity doesn’t get quarantined.

While ThreatWise appears to be an exciting capability, Zonca pointed out that its biggest impact often comes from something simpler—getting organisations to be more prepared.

“Most customers that I talk with do not practise cyber recovery techniques. Everyone practises disaster recovery, where you can trust the data. But very few practise cyber recovery,” he mentioned.

Emphasising the risk, he explained that without this preparation, the users will encounter errors while recovering.

Source: commvault.com

AI Powering Threat Detecting Capabilities

Zonca revealed that Commvault uses AI to look for threats within data that is being recovered.

Furthermore, AI powers many of their threat detection capabilities. “The scanning will, first of all, look for AI-based attacks and more sophisticated attacks, and then it will streamline that process.” 

Most importantly, Zonca talked about the next massive opportunity—one that Commvault has already started helping its customers with, and that is protecting their AI-based workloads and stacks.

He pointed out that many data stores commonly hold AI data. “For example, it might be Azure Data Lake, Amazon Simple Storage Service (S3), or databases like MongoDB, which now have vector support,” he explained. “Some of the configuration and logic for these AI applications also need protection.”

According to Zonca, on average, Commvault customers, regardless of which specific component of the company’s technology they are using, can restore critical operations 2.7 times faster than alternative methods.

Why Organisations are Failing at the Security Front

Many organisations continue to rely on long-established disaster recovery practices. While the mechanisms to recover are in place, what’s often missing is a clear process to ensure the data being recovered is clean and safe to use.

Zonca explained that many companies avoid this because it is complicated to replicate every application. Instead, they rely on checklists and disaster recovery plans, sometimes running tabletop exercises or “what-if” simulations.

Some companies have spent over $30 million trying to set up such environments, but three years later, they are still not done. 

Commvault Uses AI to Recover Workloads from Anywhere in Cloud

Zonca, however, stated that using new cloud and AI technologies has changed the game. “We use the cloud to burst to a cloud location—a location that didn’t exist before. What’s cool about that is no one could have accessed or compromised it,” he explained.

Zonca added that this technology allows organisations to recover workloads from anywhere into the cloud. 

AI is then used to verify if the data is clean. It opens up the possibility for more frequent testing because it’s in an isolated location.

Some of the technologies Commvault uses for threat scanning involve two partner models. “One is we use OpenAI and the other one is we’re using some technology from Avira,” the company stated.

Avira provides both threat scanning tools and a threat database, along with AI that can detect AI-driven attacks. “It’s Microsoft’s OpenAI. We also have proprietary capabilities that we build, which are typically designed to look at specific data sets in one category,” he added.

These capabilities are organised into apps that sit on top of the main system. One group of these apps focuses on generative AI, such as Arlie, an AI assistant for Commvault Cloud. “Arlie is…what we call our autonomous resilience,” he said. It includes all the GenAI-based logic and proprietary technology, using different LLMs. They are also working on a second group of apps, based on agents, which are still in the early stages.

Why Bengaluru?

Bengaluru is where Commvault’s global capability centre (GCC) is headquartered. Substantiating this, Zonca further added that there is a representation from every department in the company at this location. “We look at this location as our main GCC,” he said. 

Across its centres of excellence (CoEs), the company has built many products. For example, two years ago, it merged its platforms into what is now known as Commvault Cloud.

One of the key results from its Bengaluru centre was the development of its software-as-a-service (SaaS) platform. “Commvault Cloud, previously called Metallic, now offers the full power of Commvault without the need for management,” he explained. 

He also talked about Cloud Rewind, a product Commvault gained through an acquisition. “It’s unmatched in the industry, enabling full cloud stack rebuilds—not just data recovery, but also applications, infrastructure, and all configurations.” This product is being developed out of the company’s Coimbatore centre.