Commvault plugs AI anomaly alerts into CrowdStrike Falcon SIEM

Data protection vendor Commvault is integrating its AI-powered anomaly alerts and other security capabilities into CrowdStrike software to enable faster, more precise responses to cybersecurity events.

CrowdStrike provides real-time malware detection and response, helping to stop breaches, ransomware, and other cyberattacks. IT partners worldwide use its services to detect and respond to cyber threats in the data they manage. It is widely used in data protection and cloud file services, collaborating with, for example, Commvault, Nasuni, Pure Storage, Rubrik, and Veeam.

Commvault integrated CrowdStrike's malware-detecting Falcon XDR into its Commvault Cloud in January last year. It meant that a CrowdStrike alert could be used by Commvault Cloud to trigger a ThreatScan check for affected data, and then restore compromised data to a known good state using its backups. 

Later, in April, Commvault and CrowdStrike strengthened their partnership to better coordinate cyber recovery and incident response services. Now the two are delivering bi-directional visibility between Commvault Cloud and CrowdStrike Falcon Next-Gen SIEM (Security Information and Event Management) to speed up incident detection and response.

Pranay Ahlawat, Chief technology and AI officer at Commvault, said: "By bringing together CrowdStrike's security insights with Commvault's deep AI-powered data intelligence, we're making it easier for security and IT teams to collaborate, identify threats earlier, and make informed, trusted recovery decisions that can keep organisations moving."

Commvault and CrowdStrike say that their "shared signals give IT and SecOps teams visibility into the integrity of backup data from within Falcon Next-Gen SIEM. This can streamline triage, help provide clear blast-radius assessments, and expedite identification of safe data to recover."

The combined Falcon Next-Gen SIEM, Commvault ThreatScan, and recovery features mean customers can restore clean data from known-good backups.

Daniel Bernard, Chief Business Officer at CrowdStrike, said: "In today's threat environment, speed and confidence are everything. By bringing Commvault's recovery intelligence into CrowdStrike Falcon Next-Gen SIEM, we're giving organisations a unified operational view that connects security signals with data trust."

The Commvault and CrowdStrike Falcon Next-Gen SIEM integration is available today through the CrowdStrike Marketplace at no additional charge. Customers can activate the integration directly within their existing environments.