Enterprise Strategy Group - Experts & Thought Leaders

Commvault, a pioneering provider of cyber resilience and data protection solutions for the hybrid cloud, announced the availability of Cloud Rewind™ on the Commvault Cloud platform. This unique offering, which integrates cloud-native distributed application recovery and rebuild capabilities from the Appranix acquisition, gives cloud-first organisations a secret weapon to transform their cyber resilience capabilities. Commvault’s latest research When organisations are attacked, restoring the data is only half the battle. The truly laborious task is actually restoring the distributed cloud applications, which are used to run and power that data. Think of it like this: a typical enterprise organisation may use as many as 371 cloud applications spanning various services like finance, HR, and operations. After an attack, organisations often can’t resume “business-as-usual” operations until many of those applications are rebuilt in a step-by-step, systematic, time-consuming way. The majority of enterprises report that it takes more than a week to return to normal operations, according to Commvault’s latest research. That’s too long. But, with Cloud Rewind, that’s all changing. Cloud-native application Cloud Rewind offers a truly unique approach that transforms and simplifies cloud cyber recoveries Cloud Rewind offers a truly unique approach that transforms and simplifies cloud cyber recoveries. It’s designed to quickly restore an organisation’s entire cloud application and data environment – including all the necessary cloud infrastructure configurations – in a highly automated way. By combining data recovery – the sole focus of traditional data protection tools – with cloud-native application and infrastructure rebuild automation, Cloud Rewind helps customers get back to business within minutes after a cloud services outage or ransomware attack, akin to a “cloud time machine.” Advanced Cloud Rewind capabilities Cloud Rewind introduces an advanced set of unique capabilities designed to help businesses bounce back from cyber incidents with exceptional speed and efficiency. Reduce organisational risk with resource discovery: automatically identifies and catalogs all cloud components in use, offering full visibility into what assets need protection and recovery. So that nothing critical is missed in the recovery process, even in complex, multi-cloud environments. Reduce operational confusion and toil with app-centric dependency mapping: analyses and defines the intricate relationships between various cloud components. This feature accelerates the task of piecing these dependencies together after an incident, making the rebuild process much faster. So, when a system is restored, all connected resources and services are aligned, with little to no human involvement. Keep security teams in-sync with drift analysis: helps return restored systems to their correct state by identifying and correcting any deviations (or “drifts”) from the original configuration. This proactive capability keeps tabs so that restored systems are aligned with their secure and functional state after an incident. Automated cyber recovery testing with Recovery-as-Code: captures not only the data but also the full map of applications, infrastructure, and networking configurations. This means that systems can be restored with their complete operational blueprint intact, reducing guesswork for a thorough recovery. Avoid wasting cloud resources with on-demand cloud reconstruction: puts it all back together, helping customers swiftly rebuild both the data environment and its supporting infrastructure. This provides organisations with a secure and operational cloud environment, ready for immediate use following a disruption. Integrated application-centric cyber recovery and disaster recovery: Cloud Rewind integrates with Commvault Cloud data resilience capabilities to help organisations rapidly recover from short-term failures to debilitating cyber-attacks with a few clicks. Cloud Rewind supports all major public and private cloud platforms, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, for true customer cloud choice. Cyber Resilience Dashboard Complementing Commvault’s cloud-native rebuild technology is its new Cyber Resilience Dashboard Complementing Commvault’s cloud-native rebuild technology is its new Cyber Resilience Dashboard. This dashboard provides continuous ransomware readiness assessments that make it easy for organisations to understand where they have gaps in their resilience plans. It also delivers actionable insights to improve resilience and recovery readiness. The dashboard provides a view across the entire data estate, assessing components such as testing frequency and success, and availability of immutable air-gapped copies of critical data. Leveraging that information, organisations receive a grade based on their readiness to recover and recommendations on improving it. Supporting quotes “Commvault’s Cloud Rewind enhances data management by covering every step of a data breach—protection, recovery, and rebuilding,” said Venkata Sudhakar Nagandla, SVP & Global Head-IT Infrastructure & Cloud, Allcargo Group Companies. “Additionally, we can achieve better RTO and RPO to meet our business needs without requiring a parallel hot standby IT infrastructure and with minimal manual effort.” “What we are doing with Cloud Rewind is unlike anything offered on the market today. In the ransomware era, recovering data is important, but it’s table stakes,” said Brian Brockway, CTO, Commvault. “We’re ushering in an entirely new chapter in cyber resilience that not only expedites data recovery, but recovery of cloud applications. This is the gold standard in recovery for a cloud-first world.” “With Cloud Rewind, Commvault helps organisations quickly recover in the case of a cybersecurity incident,” said Melinda Marks, Practice Director, Cybersecurity, Enterprise Strategy Group. “Its resource discovery, dependency mapping, drift analysis, and automated cloud reconstruction capabilities provide much-needed relief for teams to save them from the intricate and time-consuming process of rebuilding their applications. For enterprises managing hundreds of cloud services, this is a huge advantage for minimising downtime after a breach.”

Invicti, the pioneering provider of application security testing solutions, announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As development teams embrace the productivity benefits of AI code assistants, API creation accelerates further. But while AI code assistants are boosting developer productivity, they cannot yet generate secure application code or secure APIs consistently, propagating the risk from vulnerable APIs deployed into web services. API security testing 76% of organisations report having an average of 26 APIs per application deployed According to ESG’s report Securing The API Attack Surface, 76% of organisations report having an average of 26 APIs per application deployed. Many of these APIs are undocumented and unmonitored, so the security challenge is now about confidently and quickly finding APIs, testing them for vulnerabilities, and performing remediation.  With Invicti API Security, organisations can realise comprehensive API discovery alongside proactive API security testing. Multiple discovery methods Invicti API Security includes multiple discovery methods to enable comprehensive identification of known and undocumented APIs, including: Zero-configuration discovery to identify API specifications, scanning cloud environments for accessible paths API management system integrations to fetch and sync accurate and latest API specifications into inventory Network API traffic analysis to identify and reconstruct API calls into API definition files based on observed traffic Advantages of web application security These web application security uses can be deployed jointly with API find and security testing “With the Invicti Platform’s extensive API discovery capabilities, we are able to deliver a tool consolidation option, combining web application and API security into a single solution,” said Neil Roseman, CEO at Invicti. “As tool sprawl and budgetary constraints grow, CISOs can rely on the Invicti solution to address the growing API security concerns in addition to reducing their team’s tool complexity.” For decades, Invicti has provided the advantage of web application security testing coverage, accuracy, speed, and scale. The combination of continuous automated discovery, proof-based scanning to verify critical vulnerabilities for developers, and recently added Predictive Risk Scoring to advance prioritisation efforts provide customers with a unique set of benefits. These web application security benefits can be deployed together with API discovery and security testing.  Customers’ sensitive data “Our research shows that security pioneers are increasingly concerned with API security and their ability to secure their customers’ sensitive data. This is because as developers build feature-rich applications with integrations and communications to resources, the APIs, especially unknown shadow APIs, create rapidly proliferating attack surfaces,” said Melinda Marks, Practice Director, Cybersecurity at ESG. “The Invicti approach applies a multi-layer discovery method to thoroughly identify APIs, helping organisations deliver secure applications.” Invicti API Security is available to Invicti customers across both Acunetix and Invicti (formerly Netsparker) product lines to extend their use of the Invicti platform. New customers can purchase the product as a web application and API security combination, or a standalone API Security option.

Invicti, the pioneering provider of application security testing solutions, announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organisations gain a strategic view of their overall application security risk. Predictive Risk Scoring allows organisations to determine which web applications should be scanned first and proactively prioritise remediation efforts. This new capability remaps the application security testing process to profile and calculate a risk score on all discovered web applications–before any scanning begins. New advancement in AppSec Risk management and prioritisation are ongoing challenges in application security with the high volume of vulnerabilities that are discovered across web applications and APIs. While vulnerability severity helps order which vulnerabilities might require attention over others, there’s still a lack of information around exploitability and risk. Risk control and prioritisation are ongoing challenges in application guard with the high volume “Everyone working in cybersecurity needs to work faster, with more confidence that they are doing the right thing to protect their organisations. This new advancement in AppSec testing helps make that a reality,” said Neil Roseman, CEO at Invicti. “CISOs can now look at their application attack surface using a risk-based approach, guaranteeing that their AppSec program is focusing efforts in the right areas.” Advantages of this innovation Predictive Risk Scoring addresses the gap in vulnerability severity information by applying an AI model on discovered assets and calculating risk score from a set of 220 parameters with a minimum 83% confidence level. Among many advantages of this innovation, no scanning resources are required and no customer data is required to assess the risk score. “Protecting applications is crucial for companies of all sizes but it’s challenging with the complexity and noise in the application security market, amplified with the adoption of AI. Now more than ever, security teams need to prioritise their efforts to address to the riskiest issues, with speed and scale,” said Melinda Marks, Practice Director, Cybersecurity at ESG. “Risk-based prioritisation can help organisations best deploy their resources and optimise efficiency to secure their environments to support business growth.” Predictive Risk Scoring is currently available to Invicti customers using both Acunetix and Invicti (formerly Netsparker) product lines.