Commvault, a leader in unified resilience at enterprise scale, recently announced an expanded integration with Microsoft Security to better connect threat detection with trusted recovery. The new integration uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations (ResOps) and enable real-time data insights, helping organizations move quickly from identifying a threat to validating and restoring clean data faster with greater confidence.
This announcement is particularly relevant for enterprises across the UAE and Saudi Arabia, where the cyber threat landscape is intensifying rapidly. Ransomware affiliates targeting GCC countries have increased underground recruitment efforts by 44%, reinforcing the urgency of integrated and automated cyber resilience strategies. At the same time, regulatory frameworks across both markets are evolving rapidly to mandate stronger resilience postures.
In the UAE, the National Cyber Security Strategy (2025โ2031) marks a decisive shift from voluntary compliance to mandated resilience, requiring organizations to demonstrate end-to-end capabilities spanning detection, response, and recovery. Similarly, Saudi Arabiaโs National Cybersecurity Authority, through Essential Cybersecurity Controls (ECC-2:2024), now requires government entities and critical national infrastructure operators to implement robust incident response and business continuity practices. Together, these developments reflect a broader regional investment in operational cyber resilience and sovereign security readiness, where organizations must not only defend against threats but also prove their ability to recover rapidly and securely.
Against this backdrop, the Commvault and Microsoft integration enables closer alignment between security and recovery teams through coordinated workflows. Security alerts from Commvault Cloud are ingested into Microsoft Sentinel data lake where security operations center (SOC) analysts can enrich these incidents with partner intelligence to access impact and validate scope. In the coming quarters, these insights can drive automated, policy-based recovery workflows to accelerate and orchestrate clean recovery at speed.
As part of this announcement, Commvault is introducing two integrated capabilities that directly bridge the gap between threat detection and trusted recovery. The first is a modernized Microsoft Sentinel Connector, which streams alerts and signals generated from Commvault Cloud Threat Scan and Risk Analysis. It includes malware detections, backup anomalies, and sensitive data exposure into Microsoft Sentinel in real time. This enables security teams to correlate backup-layer intelligence with broader threat signals, improving early detection of ransomware patterns while seamlessly integrating into existing SOC workflows without added complexity.
The second capability is Commvault’s Investigation Agent within Microsoft Security Copilot, purpose-built for cyber recovery investigations. The agent autonomously analyzes suspicious activity and draws on Commvault’s recovery-layer intelligence to determine the full scope of an incident, including impacted hosts, anomalous encryption patterns, and validated restore points. By correlating these insights with broader Microsoft security signals, the solution eliminates manual intervention, accelerates decision-making, and significantly lowers mean time to clean recovery (MTCR). For organizations operating under UAE and Saudi regulatory frameworks, this capability also enhances audit readiness and supports compliance reporting requirements.
โThis isn’t just an integration โ it’s a blueprint for the future of agentic ResOps,โ said Michelle Graff, SVP, Global Channels and Partnerships at Commvault. โAs attacks continue to evolve, siloed approaches donโt work. Seconds matter. By uniting and automating critical workflows, Commvault and Microsoft are ushering in a modern approach that can diminish the time between detection and recovery, advance the collaboration between IT and security teams, and keep enterprises running in a state of continuous resiliency.โ
โIn todayโs threat landscape, the need to connect AI-enabled intelligence with automated recovery has never been greater,โ said Krishna Kumar Parthasarathy, CVP Sentinel Platform, Microsoft Security. โThe combination of Microsoftโs Security Copilot, Microsoft Sentinel, and Commvaultโs Threat Scan and Risk Analysis gives enterprises access to a unified approach that can transform ResOps.โ
Availability
Commvaultโs updated Microsoft Sentinel connector and Investigation Agent in Security Copilot are currently in early access with general availability expected this summer.
