Security — Blog — Tech Doodles

Commvault: Navigating the Cyber Threat Landscape with Proactive Data Protection and Security

In today's cloud age, with data fragmenting and IT resources becoming increasingly strained, cyber threats are a growing concern for all organisations. While traditional data protection measures remain vital, they often feel reactive rather than proactive. Commvault, however, is shifting this narrative, developing a dynamic, proactive defence against cyber threats.

What impresses me about Commvault's strategy, particularly compared to other vendors, is their blend of data protection and security. By merging these two key aspects, Commvault's platform evolves from a 'last resort' recovery solution to an active shield against potential cyber threats.

This approach was discussed during Commvault's recent online event, "Accelerating Cyber Defence and Response with Next Generation Data Protection". CEO, Sanjay Mirchandani, outlined several thought-provoking points that underline Commvault's proactive and integrated approach to cyber defence:

The dual implications of AI, arming both defenders and adversaries with advanced tools.
The complexity and vulnerabilities of using various tools to protect cloud data.
The blurring of boundaries between data protection and security necessitates a unified approach.
Commvault are taking security capabilities used in production directly into their protection platform.
The vital importance of swift recovery, helping organisations minimise downtime and enhance resilience.

Commvault's CTO, David Ngo, then unveiled the latest advancements, each contributing to the company's innovative protection and security solution:

Commvault Cloud Command: A unified dashboard for managing all Commvault services, with integrated visibility into the health, risk levels, security, and recovery.

Commvault Risk Analysis: A machine learning-powered tool that works as a cyber sentinel, securing sensitive data to prevent cyber exposure.

Commvault Threat Scan: A digital detective of sorts, inspecting backup content to quarantine suspicious datasets and ensuring clean recoveries.

Commvault Auto Recovery: This tool tests your recovery readiness and offers forensic analysis to pinpoint clean recovery points.

Commvault Threatwise Advisor: This new feature enables intelligent assessment of backed-up workloads, recommending where sensors should be configured to ensure key data is protected.

Read more about these updates

One of the event's highlights was an insightful panel discussion hosted by Steve Preston, Commvault's VP for Security. The panel comprised Moriah Hara and Dr. Ed Amoroso from TAG Cyber LLC, Commvault's own CISO, Javier Dominguez, and Yabing Wang, CIO at Just Works. This diverse group touched on a broad range of topics, such as:

The critical role of the CISO in organisations: With the rising complexity of digital threats, the importance of having a strategic leader guiding an organisation's cyber defence can't be overstated.
The AI threat: Imagine a video or voice message that sounds exactly like your CEO but isn't! The panel discussed the dangers of AI-manipulated communication and its implications.
The changing face of risk in the age of COVID-19: The pandemic and the resultant shift to remote working have drastically changed our perception of risk and risk acceptance.

For those aiming to stay ahead of the curve in our evolving digital landscape, Commvault's unique approach provides a compelling solution. By prioritising proactive data protection and security, Commvault demonstrates adaptability and foresight in the face of the rapidly changing cyber threat environment.

EventsMegan WarrenJune 12, 2023Commvault, Commvault Security Release, Security, AI, Data ProtectionComment

What's new in Commvault Platform Release 2023

Commvault has recently released its semi-annual platform release introducing new capabilities across the hybrid cloud. Check out my video and doodle below for more information regarding what you can expect in this release.

Features within this release include

Google Cloud Regional Snapshot support
New Data Protection support for DevOps Protection
Oracle Compute Infrastructure (OCI) Storage Tiering
Improved backup times for Hadoop File Systems (HDFS)
Enhanced security integrations with Security Information and Event Management (SIEM) platforms
Compliance Lock – Protect critical data with immutable storage
Amazon FSx for NetApp ONTAP
New security enhancements & certifications help improve security posture and compliance.

In my doodle below, you can see my thoughts and further information about this release.

Further to this, Commvault has released a blog post drilling into these features
Commvault Platform Release 2023

You can now watch the Commvault webinar covering this release on demand using the button below.

Watch the on-demand webinar now!

Storage & Data Protection, Virtualisation & CloudBarry CoombsMarch 2, 2023Commvault, Data Protection, Backup, Security, VMware, AzureComment

Commvault Connections 2022 - Roadmap Session - CVConnections22

The roadmap session was the third session I created a doodle for at Commvault Connections 2022. Be sure to check out the other blog posts and doodles at the links below.

The roadmap session built upon the fundamental principles of the Commvault strategy with further insight into the direction and products that are coming. It is clear that Commvault takes a high level of pride in its ability to connect with its users, their community and listen to what is needed. One of the statistics that was shared was the fact that four hundred product enhancements in the last year have come from direct customer feedback.

Key to the Commvault strategy are the following three principles

End-to-end data visibility
Broadest Workload Protection
Faster Business Response

You can see further detail regarding the announcements and planned focus areas in the doodle below.

Virtualisation & Cloud, Storage & Data Protection, SecurityBarry CoombsNovember 15, 2022Commvault, Commvault Connections, cvconnections22, Cloud, Data Protection, Backup, SecurityComment

Commvault Connections 2022 - Keynote Presentation - #CVConnections22

Commvault Connections was a great opportunity not only to hear an update from Commvault on their strategy but also to get insight into wider technology trends and real-life insights from customers. Across the conference, I created doodles for three of the sessions. You can find the links to the other sessions below.

Keynote Thoughts

The keynote was led by Commvault’s fantastic CEO, Sanjay Mirchandani. Sanjay is a great keynote speaker, always giving great clarity and getting through the fluff to the points that matter.

There was a theme across the conference about innovating with confidence. The keynote set about explaining what this means and the backstory behind how we got to where we are today.

Ultimately IT professionals are now responsible for delivering the dreams of the organisation and its leaders. But delivering the dreams isn’t enough on its own it needs to be done in a managed and secure way.

To deliver these dreams, IT and business professionals have turned to SaaS applications and multiple cloud resources to achieve what is needed. Whilst these disparate resources have allowed for an increase in innovation and a reduction in time to value, it has led to massive complexity around security and data protection.

Mirchandani explained that your data has a higher value to not only you but also attackers, which has led to an increased need to protect and secure.

He explained that IT professionals need the right tools to gain control of these disparate workloads, offering the confidence to the business that they can innovate with confidence whilst IT ensures that everything is professionally managed, protected, and secure. These tools are exactly what Commvault sets to deliver.

Several technologies were discussed to help with this overall goal. This included Metallic Threatwise, an early warning system that proactively baits, deceives, and surfaces bad actors. Threatwise makes it harder for hackers to find your organisation’s valuable data, reducing their dwell time to help ensure you aren’t compromised. This was a completely different approach from those I have heard of before, especially for it to be included as part of a data management platform. I look forward to digging more into this in the future.

Also discussed was Commvault’s breadth of portfolio, offering protection across not only a wide range of solutions but also across on-premises and cloud technology with a unified management solution in their Command Center product.

It was clear that Commvault’s approach focuses on simplicity and flexibility across its portfolio.

You can see my doodle from the keynote below, covering the key elements that stood out to me.

Security, Storage & Data Protection, Virtualisation & CloudBarry CoombsNovember 15, 2022Commvault, Commvault Connection, Data Protection, Backup, Security, CloudComment

Juniper Connected Security - Building a threat-aware network

Trying to ensure your network is secure often seems like an impossible battle. Many security and network operation teams often face a losing battle of an ever-growing list of software, aiming to ease administration and secure the network. The truth is, more often than not, this software ends up creating further information silos and adding to the barrage of information for the already bewildered specialists to try to understand.

I was recently given the opportunity to attend an exec briefing with some of the security team at Juniper Networks to understand how their approach differs.

As always I have summerised my findings in the Tech Doodle below.

Before I delve a little deeper into Juniper Security Director Cloud, let me share with you my top 3 thoughts:

Juniper Security Director Cloud is a subscription-based service avoiding additional hardware requirements
Juniper Security Director Cloud works well with Juniper and third-party solutions
Juniper Security Director Cloud has intelligent policy management and can make reactive changes based upon threat analysis

Juniper Security Director Cloud is an as-a-Service subscription-based solution meaning there is no need for additional hardware or complex initial configuration. As mentioned above I was particularly impressed with how it offers customers support for a number of third-party technologies as well as the wealth of solutions within Juniper’s portfolio.

Core to Juniper Security Director Cloud is the belief that the network itself should become threat-aware.

Utilising in-built intelligence, Juniper Security Director Cloud is able to protect every connection from client to workload from on-premises to the cloud.

Juniper Security Director Cloud utilises a unified policy set irrespective of the device, but importantly the automation capabilities allow for deduplication, rule precedence and error avoidance within the policies. Critically, Juniper Security Director cloud is not only able to help you monitor your estate, but also make reactive changes based upon threat analysis.

Many organisations are looking for solutions that are able to simplify and centralise security operations. Not only should they help reduce the burden of multiple siloed solutions, but should also look to use intelligence and automation to help proactively protect the network. This is exactly what Juniper Security Director Cloud sets out to achieve. For organisations that are looking to implement SASE (Secure Access Secure Edge) principles, the fact that Juniper Security Director Cloud supports third- party solutions will allow for Juniper Secure Edge solutions to be implemented alongside existing solutions whilst transitioning.

Juniper is also ever innovating in this space and recently announced the addition of CASB (Cloud Access Security Broker) and DLP (Data Loss Prevention) into their Secure Edge offering.

It was good to learn more about Juniper’s approach to security and SASE. For me I am really looking forward to seeing this technology in action. A single unified approach to policy and intelligent threat analysis coupled with reactive changes is a very powerful mix. I hope to be able to share some demonstrations of this technology with the Tech Doodles readers soon.

You can learn more about Juniper Connected Security at Black Hat 2022 on booth #2240.

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Juniper to create content following the Juniper Networks Analyst, Influencer and Media Global Summit 2021. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Juniper Networks.

Networking, SecurityBarry CoombsAugust 2, 2022Juniper, Juniper Networks, Networking, SecurityComment

Flowmon Anomaly Detection System - Network Detection and Response

Today, the increase in cyber-security attacks and their related risk is top of mind for many IT professionals. As such, full consideration needs to be made regarding the appropriate protections that should be in place to mitigate this risk best.

Flowmon positions its Anomaly Detection System (ADS) module at the core of these efforts, ensuring that threats can be detected and responded to as early and quickly as possible.

When speaking to Flowmon, they highlighted the Security Visibility Triad, a framework used by Gartner and others to help examine the three key areas that should be in place to ensure you have true security visibility. The Security Visibility Triad talks about the importance of 1. SIEM and UEBA, 2. Network Detection and Response, and 3. Endpoint Detection and Response. Flowmon focuses its efforts on the Network Detection and Response area of this triad.

Flowmon ADS is a module for the Flowmon product set that is most commonly utilised for network visibility and troubleshooting. Because of this, the ADS module fully leverages the network architecture of Flowmon to collect its data from the network. Furthermore, it utilises network flows, enhanced with layer 7 application data provided by its probes for a unique view of what is going on within the network. You can read more about Flowmon in my previous blog.

Flowmon ADS does not rely on legacy signature-based approaches to detect the anomalies within the captured flows. Instead, it uses machine learning for wide-ranging detection, including zero-day threats.

Typical anomalies detected and alerted upon by Flowmon include:-

Attacks
- Port scanning, Dictionary attacks, DoS/DDoS, Telnet
Traffic Anomalies
- DNS, DHCP, ICMP, Multicast
Internal Security
- Viruses, Malware, Ransomware, Botnets
Unwanted Applications
- P2P Networks, Instant Messaging, Anonymisation Servies
Device Behaviour
- Change of device behaviour profile
Operational Problems
- Delays, Excessive load, Unresponsive services, Broken updates

Whilst how Flowmon detects the anomalies and the breadth of what it is able to detect is truly impressive, the biggest stand-out area for me was how the product allows this information to be used.

With many security products, such as NDR and SIEM solutions, they can be very good at collecting data, but in reality, they simply overload an already overworked administrator with information they can’t use. This is where Flowmon ADS is different.

Flowmon ADS not only detects the threats from the noise using machine learning but also does true route cause analysis. This allows administrators to quickly understand the type of threat, the source, the affected resources and the recommended actions.

With many sources speaking about the amount of time a threat actor may be within your network prior to detection, it is important that IT teams have the right tools to understand exactly what is happening across their network. For me, this is where Flowmon comes in, giving true visibility to Security Operations (SecOps) teams and others in IT to ensure that any threats are quickly and easily neutralised.

For more information about Flowmon ADS and how it can help with Network Detection and Response please check out their website.

Below you can see my doodle covering the subject

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Progress to create content covering the Flowmon product set. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Progress.

Security, ArchitectureBarry CoombsMarch 8, 2022Flowmon, NDR, SecurityComment

VMworld 2019 Barcelona - Security Keynote

Security, Virtualisation & Cloud, EventsBarry CoombsJanuary 15, 2020VMware, VMworld, Keynote, SecurityComment

VMworld Europe 2018 - Tuesday General Session

The first general session at VMworld 2018 covered every aspect of VMware’s execution of their vision, from the application to the device on any cloud and most importantly with intrinsic security.

My doodle live from the general session is below

You can watch this general session back at the following link =>

https://www.vmworld.com/en/europe/learning/general-sessions.html

Workspace, Security, Storage & Data Protection, Events, Virtualisation & CloudBarry CoombsNovember 7, 2018Cloud, VMworld, NSX, VMware, Security, VMworld 2018, SANComment

Ivanti Update with Simon Townsend

This morning I attending an update from Ivanti covering their product portfolio and strategy. Ivanti have a large portfolio of products based upon a number of acquisitions of companies such as Heat Software, AppSense, Lumension, LANDesk and many more. Ivanti other solutions are EUC / IT Operations, Secure Management and Operational Security. For me as ever an important aspect of the Ivanti portfolio is the ability to combat common security issues within organisations including, patching, user rights management, application whitelisting and more. Also following the RES Software accusation automation is an element of their portfolio that I am looking forward to understanding much better.