KEY HIGHLIGHTS

  • ResOps (Resilience Operations) reframes cyber resilience as a continuous, proactive operating model—not a reactive restore strategy.
  • Commvault’s Satori acquisition adds real-time structured data governance and AI pipeline security to its Commvault Cloud Unity platform.
  • Hyper Threat Hunting delivers medium-fidelity signals in minutes, scanning millions of files to surface threats before recovery begins.
  • Deep Inspection targets sophisticated, polymorphic threats engineered to evade known IOCs, automatically blocking compromised data from production recovery.
  • Synthetic Recovery builds the cleanest possible composite recovery point from across multiple backup versions, excluding malware while maximizing data completeness.
  • Data Access Governance and AI classification are available now, embedded in Commvault Cloud with single sign-on access.

The cybersecurity conversation has changed, fundamentally and probably permanently. At RSAC 2026, Commvault made a series of announcements that collectively tell a single, coherent story: in an AI-powered threat landscape, traditional backup and recovery is no longer sufficient. What organizations need is a comprehensive resilience operating model anchored by real-time data governance, AI-aware threat detection, and verified clean recovery. I sat down with Michael Fasulo, Senior Director of Portfolio Marketing at Commvault, and José Gomez, Global Field CTO of Satori, now a Commvault company, on our Security Square podcast to unpack what this means in practice.

Watch the full episode here:

ResOps: An Operating Model, Not a Product

One of the most important clarifications Michael made early in our conversation: ResOps —Resilience Operations — is a discipline, not a SKU. It’s a structured operating model that brings together people, processes, and tools to ensure critical services remain operational and recoverable, before bad things happen. ‘Most people think this is something you buy. It’s not,’ he said. ‘It’s about how organizations put these pieces together to drive continuous resilience.’

What makes ResOps resonate with practitioners is that it codifies what many security and IT teams are already doing but it reframes the activity from reactive to proactive. Where traditional frameworks placed recovery on the right side of the incident timeline, ResOps moves it left. Testing, validation, and confidence-building in recovery happen before an attack, not after. In an AI era where threats move faster than human response cycles, that shift is operationally significant.

The platform delivering ResOps at scale is Commvault Cloud Unity, which bridges on-premises, cloud, hybrid, and multi-cloud environments, including OCI, GovCloud, China regions, and data sovereignty deployments where many competitive solutions hit asterisks and exceptions.

The Satori Integration: Structured Data, AI Pipelines, and Real-Time Governance

The Satori acquisition fills what has historically been a critical gap in data resilience: structured data security and AI data governance. Where Commvault’s core strength has been unstructured data protection, Satori brings real-time governance, classification, and access control to databases, AI training pipelines, and LLM-powered applications.

José walked us through what this looks like in practice. Traditional classification tools work on samples, running analysis in the background while data transactions continue unimpeded. Satori intercepts communications in real time, whether from human users or AI agents, classifying data at the moment of request. If an agent queries a database containing PII, Satori can identify it, apply policy, and obfuscate or block the sensitive elements before they reach the model. Critically, this works in both directions: preventing sensitive data from being ingested into AI systems and preventing it from being surfaced if it was already inadvertently vectorized.

The question has shifted from whether your data is backed up to whether you know where all your sensitive data lives, and who, and what, is accessing it. With enterprises deploying AI agents that act autonomously on behalf of users, the compliance and audit implications are significant. Agents don’t appear in traditional user access logs. Satori changes that.

Both the Data Access Governance module (real-time structured data controls) and Data Posture 360 (unified structured and unstructured visibility in a single pane) are available now, integrated into Commvault Cloud with single sign-on and available as add-ons to existing packages.

Threat Scan Expansion: Hyper Threat Hunting and Deep Inspection

The second major RSAC announcement from the Commvault team was the expansion of Commvault Cloud Threat Scan with two new capabilities: Hyper Threat Hunting and Deep Inspection. These address a problem that should make every security leader uncomfortable: the reality that the median dwell time for a non-actor-disclosed breach is 24 days. That means that attackers have nearly a month to embed malicious code across infrastructure, including backup environments, before detection. If IOC and threat intelligence isn’t applied to backup data before restoration begins, organizations can recover right back into compromise.

Hyper Threat Hunting is designed for speed. Using hashes and security team-defined rules, it can scan millions of files in minutes, delivering a medium-fidelity signal that something is wrong before deeper analysis begins. It’s the wide-angle photograph of the crime scene,enough to confirm an incident occurred and trigger the next phase of investigation.

That next phase is Deep Inspection, designed for sophisticated, polymorphic threats and zero-day exploits engineered to evade known indicators of compromise. Once flagged, Deep Inspection doesn’t just surface the threat; it changes the product’s default behavior, preventing compromised data from being recovered into production unless explicitly directed to a clean room environment for forensic purposes.

And the best part of this news? Both capabilities are included at no additional cost for existing Threat Scan customers. In addition, Threat Scan is available as both a standalone offering and as part of the Commvault Cyber Resilience Bundle.

Synthetic Recovery: The Secret Sauce

Tying it all together is Commvault’s Synthetic Recovery capability, and it’s where the threat detection story becomes a recovery story. When multiple backups are compromised across a dwell period, traditional approaches meant stepped restores, rolling back to prior versions and accepting data loss, or restoring the latest backup and hoping for the best. Synthetic Recovery eliminates that tradeoff.

By combining threat signals, deep scan results, and backup metadata, the platform builds a composite recovery point: the most complete, cleanest possible version of your data assembled from good files across multiple backup versions, with malware excluded. Users can send this synthetic point directly to production, or route it through a clean room for additional validation before promotion. The recovery surface shows exactly how many files are being pulled forward and from which versions, giving security and recovery teams the data they need to make confident decisions even under active threat conditions.

The Bottom Line

As my conversation with Michael and José reiterates, what Commvault demonstrated at RSAC this year is a vision of cyber resilience that’s genuinely integrated, not a backup vendor adding security features, but a platform where data governance, threat detection, and clean recovery are designed to operate as a continuous, closed loop. The addition of Satori extends that loop into structured data and AI pipelines, which is exactly where enterprise exposure is growing fastest.

José’s closing advice was direct: get visibility into your data. You can’t protect what you can’t see, and with AI agents acting on behalf of users at scale, the definition of ‘who is accessing your data’ has fundamentally changed. Michael’s guidance, as always, was equally direct: don’t neglect the basics. Encryption, access controls, and locked-down infrastructure remain the foundation. Everything else is built on top.

For organizations on their AI journey. which is to say, all of them, the time to get serious about resilience operations is now.

Read more of my coverage:

Commvault & TIME: Elevating the CISO into the C-Suite Spotlight

The 2026 Threat Landscape Is Here — And It’s Faster, Smarter, and More Dangerous Than Ever

 

This article was originally published on LinkedIn.