Commvault has announced enhanced threat hunting capabilities within its Commvault Cloud Threat Scan, enabling organizations to detect risks in backup environments and ensure clean, verified data recovery while minimizing reinfection and downtime.
With cyberattacks becoming more sophisticated, organizations often struggle with hidden threats embedded in backup data. Industry insights indicate that attackers can remain undetected for weeks, increasing the risk of reintroducing malicious code during recovery. Commvault’s latest update addresses this challenge by extending intelligence-driven threat detection into backup environments.
Layered Threat Detection at Scale
The upgraded Threat Scan introduces two complementary detection approaches:
- Hyper Threat Hunting: Enables rapid, large-scale searches across backup data using indicators of compromise (IOCs), including hash-based detection and YARA rules for precise threat identification.
- Deep Inspection: Delivers advanced file-level analysis using malware signatures, machine learning, heuristics, and AI-driven encryption detection to uncover hidden threats and ransomware activity.
Together, these capabilities provide security and IT teams with deeper visibility, enabling them to identify compromised data, prioritize risks, and make informed recovery decisions.
From Detection to Verified Recovery
A key differentiator is the integration with Commvault’s AI-enabled Synthetic Recovery technology, which allows organizations to remove compromised data during recovery while restoring only clean datasets to production systems.
This unified approach connects threat detection with recovery workflows, helping enterprises reduce downtime, preserve critical data, and maintain operational continuity.
“We’re seeing a fundamental shift in how organizations approach recovery operations. The market is demanding integrated solutions that combine threat detection with recovery workflows, and Commvault’s layered approach to verified clean recoveries represents where the industry is heading,” said Fernando Montenegro, VP and Practice Lead Cybersecurity at The Futurum Group.
“Security and IT teams need to operate from the same playbook during an incident. Threat intelligence at scale is increasingly table stakes — what sets us apart is what happens next,” said Pranay Ahlawat, Chief Technology and AI Officer at Commvault. “By layering our proprietary signal correlation and AI-enabled algorithms on top of targeted threat hunting, and connecting that directly to verified recovery, we give organizations something powerful: not just the ability to find threats fast, but the confidence that what they restore is clean.”
Advancing Enterprise Resilience
The enhancements align with Commvault’s ResOps (Resilience Operations) model, which brings together IT and security teams to manage cyber resilience as a continuous, enterprise-wide discipline.
The updated Threat Scan solution is now globally available, offered as both a standalone product and part of Commvault’s broader cyber resilience portfolio, with new capabilities provided at no additional cost to existing customers.
With these advancements, Commvault continues to strengthen its position in helping enterprises move from reactive recovery to proactive, intelligence-driven cyber resilience.