Commvault has added more comprehensive Cleanroom Recovery capabilities and says it has forged a closer CrowdStrike partnership to detect and respond to cyberattacks more effectively.
Its Cleanroom Recovery facility provides recovery from immutable backups to a cleanroom in the Azure cloud for faster recoveries and incident response testing. Commvault integrated CrowdStrike’s malware-detecting Falcon XDR (Extended Detection and Response) into its Commvault Cloud in January. With this, a CrowdStrike alert can be used by Commvault Cloud to trigger its own ThreatScan check for affected data, and then restore compromised data to a known good state using its backups.
Nate Hauenstein, IT Global Infrastructure & Operations Director, Chart Industries, stated: “Previously, recovery could take more than seven hours, causing significant disruption. Today, our Cleanroom environment ensures zero wait time for most applications – services are ready instantly. Reducing that downtime so dramatically is critical – it minimizes disruption [and] protects revenue.”
Commvault’s Cleanroom Recovery now includes a Factory Reset feature for restoring IT infrastructure – not just data and VMs – with a customizable recovery point in time. There is also an expanded CrowdStrike partnership for coordinated cyber recovery and incident response services. A third development is that Commvault Cloud has gained GovRAMP Authorized status for its cyber resilience SaaS offerings.
The Factory Reset function, referred to as “pave/repave,” enables customers to restore their infrastructure within the cleanroom, with an image that is hardened and verified in advance. The pave part refers to using a so-called golden image, a pre-configured, secure template of an operating system, application, or infrastructure setup that is free from vulnerabilities or malicious code, as a fresh, trusted base layer. The repave aspect means rebuilding or redeploying systems using the golden image and without manual reconfiguration.
When the infrastructure is restored, systems can be rehydrated with data, speeding up the overall recovery process. Commvault says admin staff “can focus on validating recovered data in the cleanroom instead of worrying about the underlying infrastructure.” They can customize recovery sequences, so data is recovered in a logical order, and use Commvault Cloud Threat Scan to scan their recovered data in the cleanroom as another way of making sure their data is clean.
Pranay Ahlawat, Commvault CTO and AI Officer, said: “Unlike traditional approaches, cloud-based cleanrooms enable customers to spin up multiple isolated recovery environments in parallel, without concerns around compromised firmware or underlying hardware … We’re doubling down on infrastructure recovery, automation, and orchestration.”
Commvault is now supporting Cleanroom Recovery by its MSPs so that they can offer this technology to their customers.
The expanded Commvault-CrowdStrike partnership integrates CrowdStrike’s incident response services and Commvault’s Guardian retainer-based services to provide readiness assessments, recovery validation, recovery testing, and incident response recovery assistance. The two say that, in the event of a cyber incident, CrowdStrike’s real-time threat visibility identifies the attack’s scope and Commvault’s recovery offerings, including its CleanRoom services, enable rapid restoration of affected infrastructure components. Integrated response workflows between Commvault and CrowdStrike enable better incident blast radius detection and recovery during a cyberattack.
Daniel Bernard, CrowdStrike chief business officer, said: “Cyber resilience isn’t just about recovery, it’s about being ready at every stage of an attack … In an AI-accelerated world of relentless and sophisticated threats, security and IT teams need to operate as one, and this collaboration helps make that possible.”
GovRAMP (formerly operating as StateRAMP) has a standardized approach for assessing the security posture of cloud products and services utilized by US state and local governments and educational institutions. It has three verified statuses: Ready, Provisionally Authorized, and Authorized. These are based on NIST 800-53 Rev. 5 controls and require a government sponsor for the latter two.
Commvault says it is GovRAMP Authorized at a High impact level, is FedRAMP High Authorized, and has FIPS 140-3 validated status for its SaaS cyber resilience offerings.
Commvault Cloud’s GovRAMP Authorized status is available immediately for US-based SLED (state and local government agencies and educational institutions) customers.
The Cleanroom Recovery Factory Reset feature is available now, as is the unified suite of Commvault and CrowdStrike services for incident response, cyber recovery, and resilience. Find out more here.
