Cyber-Detection and Recovery Drive Commvault’s Portfolio Strategy

The News: Commvault announces four new cyber-detection and recovery capabilities that will be available in 2Q 2023: Commvault Risk Analysis, Threat Scan, and Auto Recovery (all available standalone or as a part of a Commvault solution bundle), as well as the ThreatWise Advisor capability. The company also is introducing its Cloud Command centralized User Interface for all Commvault Complete and Metallic instances. It also is furthering integration with CyberArk and Microsoft for identity and access management (IAM) and security incident and event management (SIEM) capabilities. Additional detail can be found in Commvault’s Press Release.

Cyber-Detection and Recovery Drive Commvault’s Portfolio Strategy

Analyst Take: Backups are only as good as their ability to be recovered. Enterprises do not protect data for the sake of protecting it. Enterprises protect data so that it can be recovered, and to support business continuity.

With this in mind, data protection is evolving to play in a broader framework that encompasses cyber-resiliency, recovery mechanisms, and security, in addition to core backup and operational recovery functions. Enterprises looking to follow the NIST Framework should therefore begin to encompass not just Protect and Recover, but also Identify and Detect, as well.

Commvault Taps ThreatWise to Deliver “Active Defense”

Commvault, like its peers in the data protection space, centers its portfolio strategy around cyber-resiliency. Commvault describes its approach as enabling “Active Defense” – that is, earlier and more proactive identification and remediation of threats and attacks, versus simply allowing protection tools and technologies to serve only as the last line of defense.

This effort is spearheaded by ThreatWise, an add-on, cloud-delivered service for honeypot and early warning/threat detection that is based on Commvault’s 2022 acquisition of TrapX. The idea is to catch threat actors when they are getting a foothold into the environment and preparing to move laterally – as a result helping not only to detect attacks earlier, but also to minimize the blast radius of an attack.

Implementing threat detection requires a set of practices that are complex, even for security professionals. This task is even more challenging for data protection professionals, who are an additional layer removed compared to their security cohorts. To address this challenge, the implementation of threat detection tools needs to be integrated into protection workflows and processes.

With the current launch, Commvault is adding to ThreatWise a capability called ThreatWise Advisor, which recommends deployment of decoys, including where in the environment they are deployed, and the number or density of decoys that are deployed. This is based on what Commvault describes as “intelligent,” logic-base machine learning (ML) that connects the backup environment with ThreatWise, and continuously interrogates the environment and provides recommendations based on environmental changes. The customer can decide whether or not to act on these recommendations, for example based on what they know about where their “crown jewel” infrastructure and data are deployed.

While its peers in the data protection space are also looking to add capabilities that help them to detect attacks sooner, the ThreatWise honeypot-style approach is unique.

ML-driven Active Defense is Extending Across Commvault’s Portfolio

The new Commvault Risk Analysis and Threat Scan capabilities build on the theme of using ML to strengthen cyber-resiliency. Risk Analysis uses metadata-based classification to identify sensitive data, such as Social Security numbers, so that IT Operations can have a better sense of how to protect their environment based on the risk profile of their data assets (e.g., where to grant access permissions). Threat Scan inspects the contents of backup files in order to uncover data sets that are corrupted or otherwise suspicious. These files can then be subsequently quarantined and eradicated from the environment. It is notable that Commvault can understand data versioning and what changes have occurred, based on file entropy. This is important from the standpoint of assessing a file’s age and its importance to the organization. Meanwhile, the Auto Recovery capability allows for automated recoveries in an AIOps-type fashion (a major benefit considering how strapped for staff IT Operations teams are).

Cloud Command will Allow for Cyber-Resiliency Across the Assets Under Commvault Protection

In addition to more closely integrating the acquired ThreatWise technology into its codebase, Commvault is moving towards a consistent, unified experience between its core Complete offering, and its Metallic SaaS protection offering.

Metallic services are successful, surpassing $100 million in annual recurring revenue (ARR) in less than 3 years of existence. However, the management interface was separate. Based on my interactions, IT Ops did not have a good understanding of what was protected by Metallic and what was protected by Complete. In fact, there is a somewhat common perception that they are separate entities, or that Commvault acquired Metallic. Adding a more cohesive user experience will help to address this problem.

Deepening the Security Partner Ecosystem

As indicated with the discussion of the NIST Cybersecurity Framework, cyber-resiliency is a team sport that extends beyond data protection. We are seeing security-focused ecosystem plays become more common in the data protection space, and Commvault is contributing its share. With the portfolio announcement comes closer, bi-directional support with Microsoft’s Sentinel SIEM tool to allow SecOps and IT Ops teams to receive notifications and then audit if there are problems, such as a large number of files being encrypted, based on the backup environment. Remedial actions can then be executed automatically based on runbooks. Commvault also has integrated with CyberArk for dynamic, just-in-time credentials that are created as needed and not stored by Commvault. This is important because many (arguably most) attacks are based on compromised credentials. Enterprises may have hundreds of thousands of service account credentials, and this is how malicious actors penetrate the environment.

Looking Ahead

The landscape of data protection is evolving to encompass a broader framework that goes beyond traditional backup and recovery functions. Commvault’s focus on cyber-resiliency and active defense through its ThreatWise solution is a positive step to align with this trend. By leveraging intelligent ML and threat detection capabilities, Commvault aims to proactively identify and remediate threats, minimizing the impact of potential attacks.

Additionally, Commvault is enhancing its portfolio with risk analysis, threat scanning, and auto recovery features, further strengthening its cyber-resiliency functionality. The integration of security partner ecosystems, such as Microsoft’s Sentinel SIEM tool and CyberArk, underscores the collaborative nature of cyber-resiliency efforts and is to be applauded. As organizations face increasingly sophisticated cyber threats, adopting a comprehensive approach that combines data protection, threat detection, and security measures is crucial for ensuring business continuity and minimizing potential risks.

These recent announcements and the overall freshening of the C-Suite at Commvault over the last few months bode well for the company as it looks to compete and differentiate against the likes of Cohesity, Rubrik, and Veeam.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Decentralized Storage in the Battle Against Ransomware

CISA Launches RVWP, a New Ransomware Warning Pilot Program Designed for Critical Infrastructure Entities

Infinidat Infuses its OS into Public Cloud, Adds Forensics for Cyber Resiliency

Author Information

Steven engages with the world’s largest technology brands to explore new operating models and how they drive innovation and competitive edge.

Related Insights
SaaS ERP Is Reshaping Data Access, But Can It Deliver on the Promise of Real-Time Insight?
July 11, 2026

SaaS ERP Is Reshaping Data Access, But Can It Deliver on the Promise of Real-Time Insight?

IT Convergence's SaaS ERP strategy capitalizes on enterprise modernization trends, with 84.5% of channel partners expecting AI-driven growth and the Channel Ecosystems market forecast to reach $41.8B by 2029....
Can Anthropic's GRAM 'Off Switch' Make Dual-Use AI Safer Without Killing Utility?
July 10, 2026

Can Anthropic’s GRAM ‘Off Switch’ Make Dual-Use AI Safer Without Killing Utility?

Anthropic and AE Studio introduced GRAM, enabling selective removal of sensitive AI capabilities without retraining, potentially addressing privacy and security concerns for organizations adopting generative AI....
Is Migrating from Synapse to Databricks the Shortcut to Unified AI-Ready Data?
July 10, 2026

Is Migrating from Synapse to Databricks the Shortcut to Unified AI-Ready Data?

Organizations are consolidating data infrastructure around unified platforms, with 73.6% planning to increase spending—signaling a shift toward AI-ready, simplified architectures that eliminate costly silos....
Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?
July 10, 2026

Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?

Exprivia announced partnership with ABI's WeSec summit as Main Partner, aligning with surging demand for cybersecurity and AI solutions across Italian banking. The move positions the company to capitalize on...
Can Biohub’s Open AI Models and Imaging Tools Redefine Biomedical Discovery?
July 10, 2026

Can Biohub’s Open AI Models and Imaging Tools Redefine Biomedical Discovery?

Biohub's AI integration in protein modeling and genomics marks a biomedical shift, yet adoption barriers—hallucination risk, data privacy, and unclear ROI—hinder clinical deployment....
AWS Looks to Collapse the Search-Analytics Divide: How Its New OpenSearch Engine Fuels Agentic AI
July 9, 2026

AWS Looks to Collapse the Search-Analytics Divide: How Its New OpenSearch Engine Fuels Agentic AI

Brad Shimmin, VP at Futurum, explores how AWS is re-architecting Amazon OpenSearch Service. By fusing search and analytics and integrating native MCP support, AWS aims to slash log storage costs...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.