Commvault has announced expanded integration with Microsoft Security to better connect threat detection with reliable recovery. The new integration uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to optimize resiliency operations (ResOps) and enable real-time data insights, strengthening threat detection, helping organizations quickly move from identifying a threat to validating and restoring clean data more quickly and with greater confidence.
This new integration enables coordinated workflows between security and recovery teams, especially in threat detection processes. Commvault Cloud security alerts feed into the Microsoft Sentinel data lake, where security operations center (SOC) analysts can enrich these incidents with partner intelligence to assess impact, improve threat detection, and validate scope. In the coming quarters, this information will be able to drive automated, policy-based recovery workflows to accelerate and coordinate a clean recovery, based on more accurate threat detection.
As part of this announcement, Commvault is delivering integrated capabilities that bridge the gap between threat detection and reliable recovery.
• Modernized Microsoft Sentinel Connector: Transmits alerts and signals generated by Commvault Cloud Threat Scan and Risk Analysis, including key threat detection events such as malware detections, backup anomalies, and sensitive data exposure, to Microsoft Sentinel in real time. This provides security teams with visibility into backup-related risks, along with broader threat intelligence, and helps organizations improve threat detection and identify ransomware patterns sooner, while incorporating backup telemetry into existing SOC workflows.
• Commvault Investigation Agent in Security Copilot: Designed specifically for cyber recovery investigations, Commvault Investigation Agent in Microsoft Security Copilot autonomously analyzes suspicious activity and reinforces threat detection by using Commvault recovery layer intelligence to determine the scope, including affected hosts, anomalous encryption patterns, and validated restore points. By correlating this information with broader security signals from Microsoft, it improves threat detection and can help eliminate manual coordination between security and backup teams, while reducing mean time to clean recovery (MTCR).
“This isn’t just an integration – it’s a blueprint for the future of agent-based recovery operations (ResOps),” said Michelle Graff, senior vice president of Global Channels and Alliances at Commvault. “As attacks continue to evolve, siled approaches no longer work. Every second counts. By uniting and automating critical workflows, Commvault and Microsoft are driving a modern approach that can reduce the time between threat detection and recovery, improve collaboration between IT and security teams, and keep businesses running in a state of continued resilience.”
Commvault and Microsoft are driving a modern approach that can reduce the time between threat detection and recovery
“In today’s threat landscape, the need to connect AI-based intelligence with automated recovery has never been greater,” emphasizes Krishna Kumar Parthasarathy, corporate vice president of the Sentinel platform at Microsoft Security. “The combination of Microsoft Security Copilot, Microsoft Sentinel, and Commvault Threat Scan and Risk Analysis gives enterprises access to a unified approach that strengthens threat detection and is capable of transforming ResOps.”
The updated Commvault connector for Microsoft Sentinel and Security Copilot’s Investigation Agent are currently in early access, and are expected to be generally available this summer, with additional enhancements to threat detection capabilities.
