Commvault has unveiled a new integration that uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to enable coordinated workflows between security and recovery teams.
The integration streams alerts and signals generated by Commvault Cloud Threat Scan and Risk Analysis, including malware detections, backup anomalies, and sensitive data exposure, into Microsoft Sentinel in real time.
Security operations center (SOC) analysts can enrich these incidents with partner intelligence to access impact and validate scope, and in the coming quarters, these insights can drive automated, policy-based recovery workflows to accelerate and orchestrate clean recovery.
Specifically designed for cyber recovery investigations, Commvault also rolled out its Investigation Agent in Microsoft Security Copilot, a capability that autonomously analyses suspicious activity and uses Commvault's recovery-layer intelligence to determine scope including impacted hosts, anomalous encryption patterns, and validated restore points.
By correlating these insights with broader Microsoft security signals, it can help eliminate manual coordination between security and backup teams while reducing mean time to clean recovery, the company claims.
"By uniting and automating critical workflows, Commvault and Microsoft are ushering in a modern approach that can diminish the time between detection and recovery, advance the collaboration between IT and security teams, and keep enterprises running in a state of continuous resiliency," said Michelle Graff, SVP of global channels and partnerships at Commvault.
"The combination of Microsoft's Security Copilot, Microsoft Sentinel, and Commvault's Threat Scan and Risk Analysis gives enterprises access to a unified approach that can transform ResOps," said Krishna Kumar Parthasarathy, CVP sentinel platform at Microsoft Security.
_(25).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0){kind=logo}
