Backup and security. No more silos in the age of ransomware.

The integration of backup (data protection) and cybersecurity in the face of an avalanche of cyber threats is crucial for the functioning of an organization.

Traditionally, data protection focused on hardware failures and human error, while security departments concentrated their efforts on defending against intrusions. Today, in the age of ransomware, these two areas are inextricably linked, and their mutual isolation poses the greatest risk.

Lack of full visibility and automatic response to attacks

Despite being equipped with advanced SIEM/SOAR tools, SOC teams often lack full visibility into the most critical target of an attack—backup systems. As a result, attackers can operate unhindered in a “blind spot.”

In this context, technological synergy is the solution. Data protection systems such as Commvault must become an active component of the security infrastructure:

• Two-way communication. Commvault, as an audit repository, provides SIEM/SOAR systems with key information about anomalies and administrative actions, such as sudden attempts to change retention or delete backups.
• Automatic response (SOAR). Automation tools allow you to trigger “playbooks” directly in the backup system. For example, detecting suspicious user activity at night can automatically log them out, lock their Active Directory account, and enable write-once read-many (WORM) on backups—thus cutting off the attacker from critical data.

Risk of contamination and release into the infected environment

In the event of a major incident, rushing to restore data from a backup carries risks. If the last backup already contained malware, the organization may become reinfected, falling victim to a so-called loop attack. In addition, third-party companies require forensic analysis (often taking days or weeks) before allowing the environment to be restarted.

To overcome this risk, mechanisms for data verification and isolation are essential:

• Malware scanning. Commvault enables you to scan backups for malware and anomalies, ensuring that recovery is performed from the last clean copy.
• Isolated playback. It is crucial to test and play back environments in isolated networks, which allows for secure verification without the risk of re-infecting the production environment.

Internal threats and Zero Trust

In the world of cybersecurity, you can’t trust anyone—not even administrators. Many attacks exploit stolen privileges or deliberate actions by disgruntled employees.

Here, it is necessary to implement the principles of Zero Trust Architecture in the backup system, which Commvault achieves by:

• Two-person authorization – the requirement for confirmation by a second administrator of critical operations, such as deleting backups, preventing a single administrator from sabotage.
• Isolation and immutability – implementation of the Air-Gap (network isolation) and WORM (Write Once Read Many) principles, which physically (or logically) prevent an attacker or administrator from changing or deleting backups for a specified period of time.
• Cyber Deception (ThreatWise) – this solution actively supports shortening the attack phase by deploying fake traps (Decoys) in the network. Touching a decoy (e.g., pretending to be an SQL server or a file with passwords) immediately triggers an alarm, enabling a rapid response before the attacker reaches critical resources.

Integrating backup and security is no longer an option, but a strategic necessity. A modern data protection system must be an active guardian that not only allows for quick recovery, but above all participates in detecting and mitigating attacks.

Want to learn more about how Commvault solutions support organizational security? Read also:

• Backup is not everything
• Backup – what it is and why it is essential for the security of your data

Are you looking for an experienced partner to implement advanced backup and security solutions? Write to us. Softinet’s team of specialists will answer all your questions.