Commvault enhances identity resilience with new Active Directory tools

Commvault has announced a series of enhancements to its Identity Resilience portfolio, introducing new capabilities to help organisations detect, audit, and rapidly reverse malicious changes within Microsoft Active Directory (AD) environments. The updates are part of the company's focus on providing greater security for enterprise identity systems, which frequently face targeted attacks.

Threat detection

The new tools employ integrated vulnerability assessment, identity change monitoring, and anomaly detection to identify risks among users, groups, and policies in AD. These measures aim to tackle the ongoing challenge of attackers exploiting AD to gain unauthorised access to business-critical systems.

Industry research points to AD as a key target in cyberattacks, with attackers often seeking opportunities to steal credentials or manipulate access permissions.

"Active Directory serves as the core of our business operations and if compromised, key business functions could be impacted," said Erich Beter, Senior Director, Information Security, Jazwares. "Commvault's innovation with Identity Resilience will allow us to detect and roll back malicious identity changes as they happen so that we can maintain reliable authentication and access control while strengthening our overall cyber resilience."

Change auditing

The new auditing features provide IT and security teams with detailed visibility into changes within the AD infrastructure. Each significant change is automatically logged, capturing who initiated the change, when it occurred, and the originating location. This level of auditing is designed to support ongoing compliance and investigation processes in the event of a security incident.

If a suspicious modification is detected, teams can use the recorded log to swiftly reverse unauthorised changes. Recovery can be triggered directly from the change log, eliminating the need for users to manually search for recovery points or objects.

Forest recovery integration

Commvault is integrating its AD forest recovery tools with its Cleanroom Recovery offering. This integration enables customers to recover AD forests in an isolated cleanroom environment, allowing recovery plans to be tested proactively without affecting active identity systems. The approach is intended to help organisations prepare for and mitigate disruption should an attack on identity systems occur.

Commvault representatives said that these centrally-managed identity resilience functions are unified with the company's data protection and security capabilities to support customers in lowering operational complexity and total cost of ownership.

"Commvault's end-to-end Identity Resilience portfolio provides game-changing protection and recovery to customers. And, with Commvault, we go much further," said Rajiv Kottomtharayil, Chief Product Officer, Commvault. "We unify identity resilience with data protection and data security on one platform. That means a lower overall TCO for customers and a single, reliable recovery plan for their entire enterprise, not just one workload."

Industry perspective

External analysts noted the seriousness of identity-targeted compromises for enterprises, with consequences including potential data breaches and financial loss. The expanded tools could help organisations respond effectively to attacks focused on identity data and permissions within AD.

"When identity systems are compromised, the consequences can be severe. Unauthorized access to user accounts and sensitive information are known to be key causes leading to data breaches, financial loss, and unauthorized activity," said Fernando Montenegro, VP of Cybersecurity & Resilience at The Futurum Group. "Commvault's capabilities that help enterprises spot hard-to-detect threats in Active Directory and roll back safely to a trusted state can play an important role in addressing identity-based attacks."