Cyber Resilience Play: Commvault Launches Automated Active Directory ‘Forest Recovery’

‘’The really hard problem for customers is scaling forest-level recovery. Think of it as a tree, with multiple domains within a forest partitioned off based on things like work groups or geography. Every shop does it a little bit differently. The trick is, they’re all linked together. And if you can’t get the forest back, which is the entire AD environment ecosystem, it’s really of limited use,’ says Alan Atkinson, Commvault’s chief partner officer.

Data protection and cyber resilience software developer Commvault Tuesday launched an addition to its Commvault Cloud platform aimed at ensuring that Microsoft Active Directory data can be automatically and swiftly recovered in the event of a cyber event.

The key to the new Commvault Cloud Backup & Recovery for Active Directory Enterprise Edition is what is known as “forest-level” recovery, said Alan Atkinson, chief partner officer for the Tinton Falls, N.J.-based company.

“We’ve had AD recovery for some time, and it’s actually been a very well received offering,” Atkinson told CRN. “I’d say it’s actually gotten considerably hotter with the whole cyber resilience emphasis, not only at Commvault, but just with the epidemic of attacks that have been going on.”

[Related: Commvault CEO On Cyber Resilience, Rubrik IPO, Cohesity Buying Veritas Unit]

Active Directory tends to be the first thing attackers attack, Atkinson said.

“Interestingly, they oftentimes don’t take it down,” he said. “They just compromise it to put in some rogue accounts or mess with permissions and such. But the really hard problem for customers is scaling forest-level recovery. Think of it as a tree, with multiple domains within a forest partitioned off based on things like work groups or geography. Every shop does it a little bit differently. The trick is, they’re all linked together. And if you can’t get the forest back, which is the entire AD environment ecosystem, it’s really of limited use.”

Over time, attackers have gotten more sophisticated, and forest-level recovery has become a tricky problem, Atkinson said.

“You can do it manually, which can take a really long time,” he said. “By ‘long time,’ I mean like weeks. And it’s compounded by the fact that, as I mentioned, attackers don’t always just disable it. It’s not always a denial-of-service-type of attack. It’s oftentimes more insidious, inserting rogue accounts or changing permissions inside of individual ADs so you don’t necessarily know what they did or when they did it. Trying to figure out how to bring all that back in a coherent fashion is a tricky problem. So we’ve automated it, and we’ve enabled runbooks.”

Those runbooks include developing a test plan and having a written plan of what to do in a recovery, Atkinson said.

“By automating these runbooks, you know your order of events and understand how your AD is laid out, and thus can automate the recovery,” he said. “This is also actually very useful for testing by automating an Active Directory penetration task.”

Attackers often attack the Active Directories and also go for their related backups in order to ensure the victim will pay to recover their data, Atkinson said.

“The mischief they cause varies in sophistication, but getting forest-level AD recovery in an automated, predictable fashion is really one of the first big steps to getting your shop back on its feet,” he said. “Having a forest-level, automated runbook-level ability is just something that we didn’t have until this announcement. It’s a pretty big deal.

“I would argue that if all you can do is active forest-level recovery, and you do it really well, that’s great, but that’s not enough,” he said. “Point solutions when you’re trying to build a cyber resiliency strategy are not really what you want. You want a minimal attack surface that can recover your entire shop.”

Atkinson said he doesn’t have an exhaustive list of every company providing this level of automation.

“But being able to bring back both cloud-based and on-prem forest-level Active Directory, and to be able to automate and test with a clean room, I don’t think there’s anybody else that can do it to the degree that we can.”

Having automated forest-level recovery with Commvault Cloud Backup & Recovery for Active Directory Enterprise Edition is extremely important given that Active Directory is one of the first applications a business needs to recover in a cyber event, said Giles Westie, founder and CEO of DataPivot, a West Andover, Mass.-based solution provider and Commvault channel partner focusing on cyber resilience.

“Granular forest-level recovery is really important for many use cases,” Westie told CRN. “There might be day-to-day recoveries, accidental deletions, who knows when mayhem might strike. It’s very important in a cyber event to get data back with the least amount of loss and with the absolute most granularity. And it looks like Commvault is giving us that now. It’s very relevant to my client base, and it resonates extremely well. It’s something we've been messaging, knowing this is coming. It definitely is in line with what the market wants.”

It is also important for such a technology to be part of a larger data resilience offering similar to how Commvault has done it, Westie said.

“Commvault is providing a comprehensive enterprise solution where customers can have a unified data protection solution, and Active Directory is their new offering,” he said. “Some solutions only do Active Directory. They don’t do the whole enterprise. So Commvault’s offerings are more complete, and it’s definitely much more enterprise than others.”

Furthermore, Westie said, Commvault has a very strong Microsoft partnership. “Their partnership with Microsoft is going to allow for vast, granular recovery for our clients, that’s what it’s all about: recovering at the speed you need and at the granularity you need,” he said.

Commvault Cloud Backup & Recovery for Active Directory Enterprise Edition is slated to be in general availability during the first half of 2025. It will be available as a separate SKU with its own separate charge.

Close