Introducing Commvault Security IQ integration pack for Commvault products. It enables security analysts swiftly respond to threats using pre-built integrations, playbooks to secure and audit backups and backup software ecosystem.
With today's evolving threat landscape, data is under constant risk of data destruction and exfiltration. Organizations are challenged with responding to security events as quickly as they can to limit the impact of cyber threats on their production as well as backup data. This content pack allows organizations to monitor anomaly alerts from Commvault and Metallic data protection platforms, so they can respond with orchestrated actions to help fortify the data protection platform.
Key features :
- Support for Commvault and Metallic
- Suspicious file anomaly monitoring to indicate file encryption.
- Fetch Commvault and Metallic file anomaly alerts over API, Commvault Webhook, or Syslog
- Native API token storage or Azure Key Vault token storage
- Ability to export and view list of infected files for investigation
Automation Use cases:
- Disable data aging within Commvault/Metallic when server compromise is detected to protect backup data
- Interactive runbook to disable Commvault/Metallic user account if suspicious user behavior is detected to avoid exfiltration attempts.
- Interactive runbook to disable IDP provider configured for Commvault/Metallic user authentication to restrict access to backups in the event of a cyber incident to avoid exfiltration attempts.
