Commvaults new Cyber Deception Platform
In late September Commvault announced their new Cyber Deception Platform: Metallic ThreatWise. Metallic ThreatWise aims to surface unknown and 0-day attacks from bad actors before they get your company’s resources.
What is Cyber Deception?
Cyber Deception is the act of deceiving cyber criminals. Real servers that look like they have real company assets (not actual company assets), like file servers with company financial data, are set up to lure bad actors to attack and hack them. However, as soon as the asset is touched alerts are sent out to key stakeholders so they are away that a threat is in their network. The assets don’t have to be attacked, they just need to be interacted with.
Why is Cyber Deception important?
Most cyber-attacks today involve some form of data theft, exfiltration, or leakage. Most cyber attacks aren’t known until long after the act occurred. Also, most data protection tools are, while critical, meant for after the attack has happened, and do little to prevent the theft in the first place. This is where Metallic ThreatWise, from Commvault, comes in. Metallic is already an industry-leading data protection tool and now combined with the introduction of ThreatWise, businesses can get real-time alerts as soon as attacks begin, and take steps to recover as soon as the attack begins.
What is Metallic ThreatWise?
Now, at first glance you might think “this is a honeypot,” but you’d be wrong! Honeypots take administrative overhead, usually require a setup and licensing, and can only detect known vulnerabilities.
Metallic ThreatWise allows you to deploy real-looking assets, like virtual machines, application servers, database servers, IoT devices, and more. These are all things bad actors would be really interested in. These decoy servers sit in your network just waiting to be engaged with by bad actors.
When the decoys are interacted with comprehensive alerts are sent out to key stakeholders – so the right people get the message right away. Alerts include information about how the decoy was attacked and any associated lateral movement.
And, it doesn’t matter what the attack is! Metallic ThreatWise is not using a database of known vulnerabilities. It doesn’t only alert you if the object is compromised via a known vulnerability. It could be a zero-day that’s never been seen in the wild before!
Metallic ThreatWise can also be integrated with popular industry tools so remediation can begin as soon as attacks are detected.
Deployable at Scale
Metallic ThreatWise can deploy decoys at scale in seconds. The decoys are indistinguishable to threat actors. The threat actors won’t know that they are interacting with a decoy. Why is scale so important here? Well, different threat actors are interested in various types of assets. Having a large variety of decoys available will attract different threat actors. Deploying a variety of decoys will lure the threat actors away from your actual data. And, being able to deploy them quickly without the administrative overhead will allow your teams to keep working on what’s really important to your business.
How can I get Metallic ThreatWise?
ThreatWise will be available as an add-on for Metallic SaaS and Commvault installed software.
My Thoughts on Metallic ThreatWise?
I think this is a huge game-changer! Being able to deploy decoy assets at scale with speed is an entirely new way of approaching this. Being able to deploy a number of different decoys at scale adds variety. It’s not just a database or file server. Why not both? How about IoT devices? With a number of different decoy resources deployed it’s highly likely that threat actors will come across a decoy before they get to real resources.
Commvault is really disrupting the Data Protection space with Metallic ThreatWise and I’m going to make sure to continue to watch what they do!
Disclaimer: While I actually took the time to get to know the product/service and all it can do for me and you, please know that this content is sponsored.