In today’s interconnected digital landscape, the traditional separation between data protection and cybersecurity teams no longer effectively serves organizations. This was clearly demonstrated during Commvault’s Recovery Range, an innovative, immersive experience I had the opportunity to participate in last week at the RSAC event in San Francisco. Commvault’s Recovery Range experience demonstrated the importance of collaboration between IT and security professionals in achieving robust cyber resilience. Following the immersion in Commvault’s Recovery Range, I was joined by Tim Zonca, VP of Portfolio Marketing, for a recap of the experience.

Commvault’s Recovery Range: A Conversation with Tim Zonca, VP of Portfolio Marketing, watch the full conversation here:

Breaking Down Silos Between IT and Security

The Commvault Recovery Range experience highlights a transformational moment in the cybersecurity space. As Tim and I discussed, organizations can no longer maintain separate “data people” and “security people” operations.

“It’s this moment in time as cyber resilience and cyber recovery become that much more critical because of the prevalence of ransomware, that IT teams and security teams who started working well together over the years, have to just get (even more) fantastic at that,” explained Zonca. Commvault’s Recovery Range creates an environment where professionals from both disciplines experience aspects of each other’s roles, helping them prepare collaboratively for potential attacks.

The Commvault and SimSpace Alliance

In April 2025, Commvault and SimSpace announced a strategic partnership to create the Commvault Recovery Range, powered by SimSpace. This groundbreaking collaboration marks the first hands-on cyber range that enables defenders to battle sophisticated cyber threats while equipping them with skills to navigate and rapidly recover from cyber crises.

Unlike traditional cyber ranges that focus primarily on detecting and containing attacks, the Commvault Recovery Range goes much further by modeling the defender’s own production environment. The platform leverages SimSpace’s award-winning cyber range technology and Commvault’s exceptional recovery offerings to provide a comprehensive training experience covering the entire incident lifecycle – from detection through validated cleanpoint recovery.

The immersive experience Commvault and SimSpace have partnered to create offers organizations the ability to experience first-hand the physical, emotional, and psychological experience of a real-world cyberattack and walk through as a team the challenges they will experience when attempting to recover after an attack and minimize downtime and costs. After having a front row seat to this immersive experience, I can attest that it’s not only an eye-opener, but also, without question, experiencing this together will be tremendously beneficial for data protection and cybersecurity teams.

The Real Cost of Cyber Attacks

While industry figures often cite recovery costs at approximately $14,000 per minute following a cyberattack, Zonca revealed that this estimate is actually somewhat conservative based on his customer conversations. In one striking example, Zonca shared that a Commvault customer quantified that every 15 minutes of downtime for one of their distribution centers costs them $1 million.

These staggering figures underscore why cyber resilience has become a board-level concern. As demonstrated in Commvault’s Recovery Range simulation, one of the first responses to a breach notification is typically a call from the CEO asking about recovery timelines. This creates immense pressure on teams to move quickly without being hasty — a delicate balance when dealing with compromised data.

Research shows an organization falls victim to ransomware every 14 seconds, with average downtime spanning upwards of 24 days — potentially costing enterprises millions in lost revenue, reputational damage, and operational disruption. Preparation that starts with the attack and ends with clean recovery can significantly reduce downtime and help maintain business continuity.

The Hasty Recovery Trap

Commvault’s Recovery Range simulation cleverly illustrates one of the most common pitfalls in cyber recovery: the pressure to restore operations quickly can lead to insufficient verification of clean recovery points. Our team initially felt confident about our recovery process and identified what we believed was a safe date from which to restore data, only to discover we had been compromised again.

“One of the things that people experience in the range is a common request we’ve gotten from customers: can you give us a safe place to do a compromised recovery, because we want to feel how damaging it could be to be so fast that you’re hasty,” Zonca explained. This highlights why organizations need both proper tools and practice scenarios to develop the right balance between speed and security in their recovery processes.

Commvault’s Recovery Range: An Immersive Learning Experience

The Commvault Recovery Range and its immersive learning experience delivers three key experiences for defenders:

Hands-on attack simulations. Defenders operate in a hyper-realistic environment mirroring their actual networks, infrastructure, and operations – complete with simulated users logging in and out, sending emails, and interacting with applications. During this high-fidelity experience, teams face sophisticated attacks like NetWalker ransomware that can be challenging to detect, forcing them to make strategic decisions under pressure.

Real-world recovery exercises. Participants face no-win recovery scenarios to learn the importance of validating backups, cleaning infected data, and executing swift restorations. Recovery exercises include using Commvault Cloud for threat scanning, Air Gap Protect for immutable storage, Cleanroom Recovery for on-demand recovery testing, and Cloud Rewind to automatically rebuild cloud-native apps.

Cross-functional team drills. The experience emphasizes that managing and recovering from attacks cannot happen in silos. CSOs, CISOs, CIOs, IT Ops, and SecOps must work together to develop a cohesive strategy for handling crises and restoring core services quickly.

Technology Solutions for Cyber Resilience

Threat Scan Technology

Commvault’s Threat Scan technology addresses the fundamental challenge in cyber incidents: you cannot trust the data as you might during other types of operational outages. The Commvault Threat Scan platform auto scans backup files continuously monitors for suspicious activity, malware, and anomalies, leveraging AI to detect AI-driven threats.

As Zonca shared, what Commvault is doing is not only collecting the signal and highlighting it to the people who use their technology, but they also have integrations with platforms like Splunk and CrowdStrike, which allow for information sharing between recovery experts and security teams, enhancing threat detection and response capabilities.

Some of the key features of Commvault’s Threat Scan technology include:

  • The automatic quarantine and skipping of infected files from backup content during the recovery process
  • Secure scanning capabilities using a signature-based malware engine, algos, and file comparisons that are built in, helping identify, label, and quarantine threats found within backups
  • AI-powered threat intelligence indicators that quickly help identify new threats
  • SIEM and SOAR integration with contextually relevant alerts that are integrated into existing SecOps tools
  • The ability to spot unknown threats like next-gen shapeshifting and polymorphic malware

Above all, the goal ofCommvault’s Threat Scan technology is to deliver on the ability to help quickly find the threats that live in backed up files, with greater accuracy, while also reducing the false positives that can often slow down security teams, recovering and restoring clean data automatically.

Security IQ Dashboard

Commvault’s Security IQ dashboard provides a comprehensive view of an organization’s risk profile and cyber resilience posture. It highlights areas where data may be inadequately protected or where anomalous behavior has been detected.

“This dashboard highlights those sorts of things, so you have one place across your entire estate to get a sense of the most risky portions of what you’re trying to protect for your organization,” Zonca explained. This single-pane visibility helps organizations prioritize their security efforts and ensure comprehensive protection across their data landscape.

The features of Commvault’s Security IQ dashboard include:

  • Security posture scoring that identifies and automatically classifies sensitive files across multiple data sources
  • Enforces multi-authentication workflows/approvals on critical backup, restore, and management ops
  • Facilitates advanced authentication, storage encryption, and compliance locks; all part of the zero-trust access design
  • AI-powered anomaly detection allows the spotting of unusual activity in real-time
  • Enables the removal of malicious files and facilitates the rollback of datasets to pre-infected states
  • Syslog integration enables the passing of critical logs and security indicators to key systems

The Path to Minimum Viability

A key aspect of the Commvault-SimSpace partnership is helping organizations understand their “minimum viability” – the critical applications, assets, processes, and people required to recover following a cyberattack. Minimum viability is essential for achieving continuous business operations. Tim and I were joined by fellow analyst Jo Peterson a few weeks ago for a deep dive into all things minimum viability, and it’s a conversation well worth checking out when you have time:

Tools like the Commvault-SimSpace Recovery Range make it easier for companies to determine their minimum viability by testing their skills in realistic scenarios. This preparation ensures that when an actual attack occurs, teams know exactly what to do to maintain business continuity.

The Cyber Resilience Mantra: Rewind, Recover, Rebuild

The Commvault Recovery Range experience concludes with Commvault’s resilience philosophy: Rewind, Recover, Rebuild. This approach enables organizations to continuously rebuild classic cloud applications, infrastructure, and data following an incident.

By combining immersive training experiences like Recovery Range with advanced threat detection and comprehensive security dashboards, Commvault is helping organizations transform their approach to cyber resilience — moving from siloed operations to collaborative, well-practiced response strategies that minimize both recovery time and financial impact.

As one customer noted when discussing Recovery Range, “[It] will make a huge difference for our resiliency planning. The realistic attack scenarios and recovery drills will help instill a sense of confidence in our recovery process and in understanding exactly what we need to do to get back up and running quickly — essential to keeping our business running smoothly.”

In an era where ransomware and sophisticated attacks continue to threaten business continuity, this integrated, immersive approach to cyber resilience has become essential for organizations of all sizes and across all industries. Planning, expecting, practicing, questioning, testing, experiencing — and then doing it all over again (and again, and again) — is the smart way to train and prepare today’s IT and security teams to know what best-in-class class resilience is, and demonstrate how working together benefits everyone.

Commvault is kicking off a worldwide roadshow in July, and if there’s a Commvault Recovery Range SimSpace experience near you, I highly recommend you register and participate. The dates and locations haven’t yet been announced, but will be announced on the Commvault site as soon as they are set so stay tuned!

 

This article was originally published on LinkedIn.

Read more of my coverage:

AI Trust Scores and Blockchain — the Foundations for the Golden Age of AI

Beyond the Copilot Button: How Agentic AI is Transforming Asset Management