Commvault has expanded the threat hunting capabilities within its Commvault Cloud Threat Scan solution, incorporating a layered detection approach. These enhancements help organizations quickly identify risks in backup environments and recover clean, validated data, reducing reinfection risks and prolonged downtime through advanced layered detection strategies.

According to recent reports, the average dwell time of an undisclosed security breach by the perpetrator is 24 days, giving attackers ample opportunities to silently embed malicious code into systems.

Although security operations teams often have information tied to specific indicators of compromise (IOC) or indicators of attack (IOA), that information must also be applied to backup data before restoration begins, especially within a layered detection model. Without clear visibility into backup integrity, organizations run the risk of reintroducing threats, prolonging outages, and exacerbating business downtime—something that can be mitigated with appropriate layered detection.

Artificial Intelligence-Based Threat Hunting

To address this challenge, Commvault now offers two complementary scanning modes within Commvault Cloud Threat Scan, enhanced by layered detection techniques:

• Hyper Threat Hunting enables targeted searches of backup data using threat hunting artifacts, such as hashes and YARA rules, to identify known indicators of compromise at scale. Hash-based search provides fast index-based detection, while YARA-based analysis allows more specific pattern matching for deeper investigation within a layered detection scheme.

• Deep Inspection delivers layered, file-level analysis using malware signatures, machine learning, heuristic analysis, and AI-based encryption detection to uncover known threats, suspicious variants, and ransomware-related activity that could evade exact match indicators alone, strengthening layered detection.

Together, these detection modes enable close collaboration between incident response and recovery teams to isolate affected data and make informed recovery decisions using layered detection. They can schedule periodic scans for continuous monitoring or perform targeted searches during active incident response situations, providing flexibility for both continuous protection and urgent response.

“In an era where attacks adapt faster than defenses, our priority is to stay ahead of all threats,” said Dr. Erika Voss, Chief Security Officer at Blue Yonder. “Being able to validate recovery data against current threat indicators using a layered detection approach is a way to stay ahead of threats, giving us greater control in an unpredictable landscape.”

From detection to recovery

Commvault integrates these threat detection capabilities with its patent-pending Synthetic Recovery technology, unifying detection and recovery workflows through layered detection. Once risks are identified, Commvault’s AI-powered Synthetic Recovery offering can help precisely remove compromised data sets during recovery, while restoring clean data to production systems. With Synthetic Recovery, organizations can maximize data retention while achieving data cleanliness by relying on layered discovery.

These detection modes enable close collaboration between incident response and recovery teams

“We are seeing a fundamental change in the way organizations approach recovery operations. The market demands integrated solutions that combine threat detection with recovery workflows, and Commvault’s layered approach to achieving clean, verified recoveries represents the direction the industry is headed,” said Fernando Montenegro, vice president and head of cybersecurity at The Futurum Group.

This announcement continues to demonstrate how Commvault is driving the ResOps operating model. Instead of operating in silos between IT and security, ResOps connects people, processes and technology, so organizations can manage resilience as a continuous discipline across the enterprise, reinforced by layered detection.

“Security and IT teams must act from the same script during an incident. Large-scale threat intelligence is increasingly a basic requirement; what differentiates us is what happens next,” said Pranay Ahlawat, director of Technology and AI at Commvault. “By combining our proprietary signal correlation and AI-based algorithms with targeted threat hunting, and connecting it directly to a verified recovery, we give organizations something very powerful: not only the ability to detect threats quickly, but the confidence that what they restore is clean thanks to layered detection.”

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.