Fight AI with AI is our current theme: Balaji Rao, AVP, India & SAARC, Commvault

In the ever-evolving landscape of cybersecurity, the adage "Fight AI with AI" has become more than just a mantra - it’s a strategic imperative. As cyber threats continue to advance in sophistication, leveraging artificial intelligence (AI) is increasingly vital for bolstering defensive capabilities. AI enables organizations to automate tasks, streamline analyses, and detect malicious activities swiftly and efficiently. By harnessing AI-driven tools and technologies, cybersecurity professionals can proactively identify and mitigate emerging threats, staying one step ahead of cyber adversaries. However, while AI offers significant defensive benefits, it also poses challenges, as threat actors exploit AI for nefarious purposes. Thus, the battle against cyber threats demands a multifaceted approach, where AI serves as both a shield and a sword in the ongoing struggle to safeguard digital assets and protect against evolving cyber threats. In a recent conversation with Dataquest, Balaji Rao, AVP, India & SAARC, Commvault spoke about some of the threats that organisations face at present, how AI can be used to combat these threats, and what Commvault has to offer for enterprises considering the evolving threat landscape. 

DQ: Could you elaborate on the specific cyber threats that organizations are facing today?

Balaji Rao: I believe organizations are currently facing a spectrum of cyber threats. Ransomware appears to be at the forefront, but there are various other types of malware constantly evolving, akin to mutations, becoming increasingly sophisticated each day, leveraging the latest technologies, among other factors. Recent incidents have highlighted vulnerabilities in certain products, such as compromised router software enabling unauthorized access to organizations. This underscores the importance of not only implementing robust security measures but also ensuring that vendors and partners adhere to similar standards to mitigate potential threats originating from their end.

These threats may stem from product vulnerabilities, inadequate patching and maintenance practices, or even breaches through compromised executive emails, providing adversaries with valuable information for exploitation. Additionally, there's evidence of cyber attackers utilizing AI to enhance their infiltration techniques. In essence, the landscape of cyber threats is diverse and continually expanding.

DQ: As AI evolves, it presents both opportunities and challenges for enterprises in terms of cybersecurity. Could you discuss how AI serves as a double-edged sword, potentially amplifying both defensive capabilities and vulnerabilities?

Balaji Rao: Yes, the theme of combating AI with AI is currently prevalent in our approach. The rationale behind this is that AI offers the capability to automate tasks and processes, thereby enabling quicker and more efficient operations. For instance, when addressing an issue, such as identifying the root cause within numerous log files containing extensive data, employing AI can streamline the analysis process significantly. By automating this task, we can expedite the detection and resolution of potential threats, crucial for minimizing the time to resolve alerts, which is paramount in cybersecurity.

Utilizing AI to combat AI is imperative. Our current tools incorporate AI-driven functionalities, empowering customers to analyze vast amounts of data swiftly, detecting any signs of malicious activity efficiently. This capability enables organizations to proactively identify and mitigate potential AI-based threats. However, while AI offers considerable benefits, there are also risks associated with its misuse by threat actors.

Malicious entities leverage AI for nefarious purposes, such as crafting sophisticated phishing emails with minimal effort. This evolution mirrors the progression from traditional ransomware tactics to AI-driven ransomware, highlighting the adaptability of cyber threats. Despite these challenges, it is imperative for organizations to leverage AI capabilities internally to bolster cybersecurity defenses, providing valuable intelligence to cybersecurity teams to counter emerging threats effectively.

DQ: Can you provide insights into Commvault's strategic approach to helping organizations effectively mitigate the risks posed by AI-driven threats?

Balaji Rao: In the realm of cybersecurity, our approach is primarily defensive rather than offensive. However, within the domain of data protection, there exists a unique area that is often overlooked by many users. Typically managed by a select few, this space holds critical importance, as in 98% of cases, organizations rely on clean data copies from it to sustain operations following a breach. Investigations into breaches can be prolonged, and determining the extent of infiltration, particularly by ransomware, poses significant challenges. The evolving landscape, marked by shortened dwell times due to automation, complicates threat detection and response efforts. Recognizing this, we have implemented measures to provide early warnings to our customers.

By deploying decoy data within the backup environment, we can detect and alert cybersecurity professionals to potential threats. This integration of data protection and cybersecurity enhances resilience against malicious actors. Leveraging AI, we scan data for malicious activity, offering insights that traditional tools may overlook. These proactive measures, including deception tactics and AI utilization, serve as crucial early warning signals, empowering organizations to preemptively address ransomware threats and mitigate breaches effectively.

DQ: The DPDP Act has been passed in India. How do you seethes impacting the field of cyber security?

Balaji Rao: In many organizations today, there's a lack of specific procedures for storing sensitive information differently. Our software addresses this gap by proactively identifying critical data, including intellectual property, during the backup process. Users are prompted to consider alternative storage methods, fostering smart data segregation practices. Given the increasingly stringent regulations and hefty fines associated with mishandling Personally Identifiable Information (PII), organizations are advised to safeguard such data more securely. Our approach mirrors the security measures employed to protect against breaches, establishing a fortified vault where confidential data is housed. This vault, equipped with robust immutability features, remains isolated from normal application and storage processes, ensuring data integrity. Additionally, a dedicated network segment and malware scanning further fortify defenses.

Similar to a bank locker, this setup enables swift data restoration in the event of a breach while minimizing the risk of exposure. However, the emphasis should be on preventing breaches altogether, necessitating vigilant data management practices. Establishing clear policies for PII data storage and retention, coupled with regular identification and deletion of obsolete data, is paramount. Compliance requirements vary across industries, dictating distinct retention periods. While some sectors, like pharmaceuticals, may necessitate extended retention due to prolonged product life cycles, others, such as banking, adhere to different standards. Despite defined retention policies, adherence remains a challenge for many organizations, highlighting the need for stringent data governance practices.

DQ: How do you see AI reshaping conventional paradigms in cybersecurity, and what implications does this have for organizations?

Balaji Rao: As mentioned previously, I foresee a future where not only our organization but multiple tools within the ecosystem will leverage AI. The extensive integrations we're implementing with various cybersecurity tools will facilitate the exchange of AI-driven intelligence. With every vendor now emphasizing AI capabilities, it becomes a pivotal aspect of the cybersecurity landscape. However, while combating AI threats with AI is crucial, the focus must also extend to recoverability. Despite the exponential rise in cybersecurity investments over the past few years, the prevalence of AI-driven threats continues unabated, as evidenced by our persistent vulnerability as the third most-hit country in the Asia Pacific region.

To address this challenge, the emphasis should remain on maintaining the ability to recover swiftly from breaches. This involves ensuring the availability of clean, protected copies of data stored in secure vaults or similar environments. Boards and stakeholders are increasingly concerned with the speed of recovery, demanding prompt restoration within specified timeframes. Testing these recovery processes regularly is essential, yet often overlooked by organizations. Ransomware attacks are inevitable, but having the capability to restore operations within hours significantly mitigates their impact.

We once worked with a global organisation, and this example demonstrates the effectiveness of rigorous testing and improvement in recovery times. By gradually refining their recovery processes, a global organization managed to reduce downtime from three days to a mere eight hours in the event of a ransomware attack. Such success stories highlight the importance of prioritizing recoverability alongside cybersecurity measures.

Furthermore, uncertainty surrounding the source and extent of malware infections complicates restoration efforts. To address this, we offer Clean Room Recovery, providing organizations with a secure, ransomware-free environment in the cloud for swift restoration. This service enables organizations to burst up multiple virtual machines quickly, facilitating efficient restoration of business operations. Flexibility is key, allowing organizations to choose their preferred restoration location, whether it's within their infrastructure, a service provider, or popular cloud platforms like Azure or AWS.

In essence, while the cyber threat landscape continues to evolve, the focus on enhancing recoverability capabilities ensures organizations can swiftly restore operations in the face of adversity. Clean Room Recovery not only aids in rapid restoration but also facilitates proactive cyber resilience testing, ultimately strengthening an organization's ability to withstand and recover from cyber attacks.

DQ: How does Commvault use AI in helping enhance organisations’ ability to combat these threats?

Balaji Rao: Certainly, we're engaged in various endeavors utilizing AI. One key aspect, as mentioned, involves analyzing logs and automating processes. However, we also leverage AI for a particularly critical scenario. Picture this: a breach occurs, creating a high-stakes, intense situation involving C-level executives and halting significant portions of the organization's operations.

In such moments of crisis, swift recovery is imperative. However, determining which data copy remains untainted poses a daunting challenge. This decision holds immense weight, as restoring infected data could exacerbate the situation, especially with executives breathing down the CIO's neck in a high-pressure war room scenario. The urgency to act decisively without knowing the timing of the breach adds to the complexity.

Enter AI. With AI-driven insights, we provide clarity by identifying the last known clean data copy. This capability is akin to a lifeline amidst chaos, offering the CIO a renewed sense of direction and control. This use case exemplifies our commitment to leveraging AI in critical situations, providing invaluable support precisely when it's needed most.

And also regarding AI, there's one more aspect to consider—not only its role in security but also its application in training or assisting people, for example. That's where Arlie comes in. Arlie functions akin to Siri, serving as our AI assistant. You can ask Arlie to provide information such as which backups failed last week, and promptly receive a report on the failed backups. Additionally, Arlie is equipped with code generation capabilities.

So if you inquire about integrating with the Palo Alto source, Arlie will generate the necessary code for integration swiftly and effortlessly. Arlie is efficient; you don't even need to type your queries, just speak in English, and it delivers the results. While this functionality will naturally evolve over time, it's already quite impressive. You can ask Arlie various insightful questions, request training-related information, and much more. This not only enhances efficiency but also changes the way we interact with technology.

Furthermore, this technology serves another valuable purpose—customers no longer need to rely solely on OEM support for answers, akin to navigating a call center for assistance. With the potential for self-service as we refine this feature, Arlie becomes a powerful tool in streamlining processes. This is yet another compelling application of GenAI, extending beyond security and automation to include learning and providing assistance with a wide array of inquiries. As time progresses, we anticipate witnessing further advancements in this area.

DQ: Final thoughts..

Balaji Rao: So, one crucial aspect we haven't discussed yet is the rise of hybrid cloud environments and the increased exposure of the attack surface compared to the days when data resided solely in private data centers. Today, hybrid cloud setups have become the standard, with most customers adopting three or more clouds, including at least two hyperscalers, and often utilizing the services of multiple MSPs.

This shift means that data is now dispersed across various locations, leading to the utilization of multiple tools. Consequently, when facing cybersecurity incidents such as breaches, the complexity of recovery is amplified. It's no longer just a matter of dealing with ransomware; it's about safeguarding the entire enterprise's data spread across diverse environments.

To tackle this challenge effectively, organizations must first gain comprehensive visibility and control over their data. This involves categorizing data, particularly sensitive information like personally identifiable data (PII), and then implementing solutions that can seamlessly navigate multiple cloud environments. Traditional approaches might not suffice, making Software-as-a-Service (SaaS) solutions increasingly attractive due to their scalability and compatibility with hyperscaler architectures.

In this hybrid landscape, where on-premises infrastructure remains significant alongside cloud deployments, achieving a unified view of data through a single platform becomes paramount. This unified perspective is essential for implementing robust cybersecurity and data protection policies across the enterprise.

At Commvault, we've responded to this need by offering a comprehensive solution called Commvault Cloud—a unified platform that integrates both on-premises and SaaS capabilities. With over two decades of expertise in data management, combined with advanced cybersecurity features powered by AI, Commvault Cloud stands out as a unique platform-based approach unmatched by any other vendor in the industry.

This platform provides transparent and seamless protection for a wide range of assets, including critical applications like O365, SFDCs, SAP, as well as on-premises databases, desktops, and multi-cloud environments. Moreover, it incorporates robust security measures that continuously monitor and communicate with various security tools, ensuring comprehensive protection against evolving cyber threats.

By bridging the gap between traditional infrastructure and the evolving cybersecurity landscape, Commvault Cloud emerges as a true cyber resiliency platform—one that empowers organizations to navigate the complexities of modern data management and cybersecurity with confidence.