Commvault is closely integrating its threat detection solutions with Microsoft Security. This should help organizations gain better insight into potential anomalies using enriched information.
Commvault is expanding its integration with Microsoft Security. The company is linking threat detection, investigation, and recovery more closely to Microsoft Sentinel and Microsoft Security Copilot, allowing organizations to switch from detection to recovery faster.
Commvault utilizes Commvault Cloud, Microsoft Sentinel, and Microsoft Security Copilot for this purpose. Alerts from Commvault Cloud are aggregated in the Microsoft Sentinel data lake. Analysts can enrich these signals with additional intelligence to better determine the impact and scope of an incident.
Bringing detection and recovery closer together
The updated Microsoft Sentinel Connector sends real-time alerts from Commvault Cloud Threat Scan and Risk Analysis to Sentinel. This includes malware detections, backup anomalies, and sensitive data exposure. As a result, security teams gain more visibility into backup-related risks and can recognize ransomware patterns faster.
Commvault aims to bridge the gap between threat detection and reliable recovery. Insights from Sentinel can drive policy-based recovery workflows, enabling organizations to verify and restore clean data more quickly.
Investigation with Security Copilot
Additionally, Commvault’s Investigation Agent in Security Copilot automatically analyzes suspicious activities. It uses Commvault’s recovery intelligence to map out affected systems and unusual encryption patterns, among other things.
Commvault’s updated Microsoft Sentinel connector and the Investigation Agent in Security Copilot are available immediately via early access. General availability will follow in the summer.