Business
Commvault Expands Threat Scan with Layered Threat Detection to Advance Verified Clean Recoveries
Delivers 'defense-in-depth' with rapid IOC-based hunting and advanced file level inspection; integrates threat hunting with Synthetic Recovery to unify
About this update from Commvault Systems, Inc.
[{"type":"text","content":"Delivers 'defense-in-depth' with rapid IOC-based hunting and advanced file level inspection; integrates threat hunting with Synthetic Recovery to unify resilience workflows TINTON FALLS, N.J., March 18, 2026 /PRNewswire/ -- Commvault (NASDAQ: CVLT), a leader in unified resilience at enterprise scale, today announced expanded threat hunting capabilities within Commvault Cloud Threat Scan. The enhancements help organizations rapidly identify risks within backup environments and recover validated clean data, reducing reinfection risks and prolonged downtime.\n \n \n \n \n \n \n \nAccording to recent reports, the median dwell time for a non-actor disclosed breach is 24 days1, giving attackers ample opportunity to silently embed malicious code across systems. While security operations teams often possess intelligence tied to specific indicators of compromise (IOCs) or indicators of attack (IOAs), that intelligence must also be applied across backup data before restoration begins. Without clear visibility into backup integrity, organizations risk reintroducing threats, extending outages, and compounding business disruption.Intelligence-Driven Threat Hunting at Enterprise ScaleTo address this challenge, Commvault now delivers two complementary scanning modes within Commvault Cloud Threat Scan:Hyper Threat Hunting enables targeted searches across backup data using threat hunting artifacts such as hashes and YARA rules to identify known indicators of compromise at scale. Hash-based hunting provides fast, index-based detection, while YARA-based analysis supports more targeted pattern matching for deeper investigation.Deep Inspection provides layered file-level analysis using malware signatures, machine learning, heuristic analysis, and AI-enabled encryption detection to uncover known threats, suspicious variants, and ransomware related activity that may evade exact-match indicators alone.Together, these detection modes allow close collaboration across incident response and recovery teams to isolate affected data and make informed recovery decisions. They can schedule recurring scans for continuous monitoring or conduct targeted searches during active incident response scenarios, providing flexibility for both ongoing protection and time-sensitive response.\"In an era where attacks adapt faster than defenses, our priority is to get ahead o...