In a rapidly evolving threat landscape where AI-powered attacks are becoming the norm, traditional disaster recovery playbooks are falling short. In a recent episode of Security Square, our cybersecurity-focused podcast, I had a conversation with Commvault’s Senior Product Manager David Cunningham discussing why organizations are struggling with cyber resilience and exploring how innovative partnerships are addressing these critical gaps. One innovative partnership in particular we dug into in this conversation is the partnership between Commvault and CrowdStrikeannounced this past April, designed to deliver a unified set of services delivering best-in-class incident response, cyber recovery, and resilience to joint customers.
With CrowdStrike’s annual Fal.Con event in Vegas this coming week, it seemed like a great time to take a dive into how Commvault and CrowdStrike are helping customers not only enhance threat detection, but also how they are accelerating cyber response and recovery.
Check out the full episode here:
The Confidence Crisis in Cyber Recovery
When it comes to organizations’ confidence in their ability for cyber recovery, it’s not a rosy outlook. The statistics are sobering: 54% of organizations report lacking confidence in their recovery capabilities, while 55% struggle with siloed security and IT teams that increase operational risk. These numbers reflect a fundamental shift in the threat landscape that has caught many enterprises unprepared.
“The game has changed quite a bit,” Cunningham explained, drawing from his experience supporting major banks and technology companies. “Prior recovery plans focused on resiliency aspects like failover and data recovery, but there’s a critical component missing: the cybersecurity implications.”
The challenge goes beyond simply restoring systems. With Sophos’ research showing that 94% of cyber incidents target backup infrastructure, organizations need what Cunningham calls “clean recovery,” which is the ability to restore data to a known-good, uncompromised state.
The Reality of Dwell Time and Data Contamination
One of the most eye-opening aspects of our discussion centered on dwell time, which is the period between initial compromise and detection. With threat actors remaining undetected in systems for days to weeks (sometimes up to a month), traditional backup systems may unknowingly protect compromised data throughout this period.
“Because we have this continuous nature of our platform, at any given point there could be malware or encryption or corruption of that data that we’re protecting,” Cunningham noted. This reality underscores why organizations can’t simply restore the most recent backup and assume they’re secure.
Think about this in terms of a power outage. When the power comes back on, that doesn’t necessarily mean everything is good. A data breach is like a massive power outage and when you have a breach and need to restore data, you can’t simply flip a switch and assume that your data is safe.
The $14,000-Per-Minute Problem
The financial implications of inadequate recovery strategies are staggering. I mentioned a conversation I had with Commvault’s Tim Zonca at RSAC earlier this year, where he shared that industry experts conservatively estimate recovery costs at $14,000 per minute following a cyberattack, with average downtime spanning 24 days. When you add to the equation the reality that organizations fall victim to ransomware every 14 seconds globally, the math becomes terrifying.
This pressure creates what Zonca calls recovery as “the new competitive moat” and he’s right. Organizations that can recover quickly and cleanly from attacks maintain a significant advantage over those stuck in lengthy, manual recovery processes.
Breaking Down Operational Silos
A critical theme throughout our conversation was the dangerous disconnect between Security Operations (SecOps) and IT Operations (ITOps) teams. This isn’t just a technology problem, it’s fundamentally about people and processes.
“We’re seeing a merger here,” Cunningham observed. “A cyber incident may require some type of recovery. We have customers where security teams come to IT saying, ‘We need you to restore a bunch of data and scan through it because we need to find the clean version.'”
This collaboration requirement has driven Commvault to develop integrated solutions that bridge these operational gaps.
The Power of Continuous Testing
Research from ESG reveals a 97% higher risk of failure when resiliency isn’t regularly tested and validated. Cunningham’s philosophy is simple but profound: “You don’t know how effectively you can recover until you actually recover. You don’t want to be in a situation where you have to recover and realize you can’t effectively do it.”
Commvault’s Recovery Range provides a simulated environment where organizations can practice end-to-end cyber recovery scenarios, integrating security tools throughout the process. I had some firsthand experience with this training during RSAC, where my team and I quickly learned how even experienced teams can miss critical steps. It was a reminder that preparation is essential.
The Commvault-CrowdStrike Partnership
The collaboration between Commvault and CrowdStrike addresses these challenges through bidirectional signal sharing and integrated threat intelligence. CrowdStrike’s threat detection capabilities — with their claimed 100% detection and protection accuracy — feed directly into Commvault’s recovery platform.
“We can utilize their high-fidelity signals, which are indicators of attack, and map them to assets protected in our platform,” Cunningham explained during the podcast conversation. This integration gives customers early warning when protected data may be compromised, enabling proactive clean recovery operations.
The partnership extends beyond technology to include human expertise, with both companies maintaining referral systems to ensure customers get comprehensive incident response support.
Preparing for the Post-Quantum Future
Looking ahead, both companies are preparing for emerging threats, including post-quantum computing risks. Commvault is already implementing NIST-approved post-quantum algorithms to protect against potential “harvest now, decrypt later” attacks.
“You got to stay ahead as much as possible,” Cunningham noted, acknowledging the challenge of defending against AI-enhanced ransomware that can adapt in real-time using large language models.
The Path Forward
My conversation with Cunningham highlighted a crucial reality: cyber resilience isn’t just about having backups — it’s about having confidence in your ability to recover cleanly and quickly. As Cunningham put it, organizations need solutions that transform recovery “from a vulnerability to a competitive strength.”
For organizations struggling with cyber resilience, the message is clear: the traditional playbook isn’t enough. Success requires unified platforms, continuous testing, cross-team collaboration, and partnerships that bridge the gap between security and recovery operations.
If you’re attending Crowdstrike’s Fal.Con event, stop by the Commvault booth, #1504, and say hello to David and his team. While you’re there, I highly recommend you also make time to check out Commvault’s Recovery Range in person — you’ll see why I’m so bullish on it. I I can promise it will be an amazing learning experience for you and your team. And if you’re not at Fal.Con and want a demo of Recovery Range and/or you want to learn more about Commvault’s integration with CrowdStrike, reach out to David and he’ll be glad to help.
This article was originally published on LinkedIn.
Read more of my coverage here:
Mitel Accelerates Innovation Through Strategic Partnerships and Startup Collaboration
Command Zero: Reimagining Cybersecurity Investigations for the AI Era