IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
International Women’s Day
392 opinions Read now

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Enterprise datacenter cybersecurity cloud backup ransomware recovery
#
Malware
#
Data Protection
#
DR

Commvault, CrowdStrike link backups to Falcon SIEM

Thu, 26th Feb 2026
Author image
By Mark Tarre, News Chief

Commvault has expanded its partnership with CrowdStrike with a bi-directional integration between Commvault Cloud and CrowdStrike Falcon Next-Gen SIEM. The aim is to give security and IT teams shared visibility into signals linked to backup integrity and recovery readiness after cyber incidents.

The integration connects telemetry from Commvault's data protection and recovery environment with CrowdStrike's security monitoring platform, creating a two-way flow of information. Both vendors say this will speed decisions on whether backups are clean enough to use during recovery.

Attackers are increasingly moving quickly across hybrid estates, spanning cloud workloads and on-premise infrastructure. As a result, recovery workflows and backup validation have become more central to incident response. Security teams may detect suspicious activity early, but recovery planning still depends on confidence that backup data is trustworthy and that restores won't reintroduce malware or compromised files.

Commvault and CrowdStrike previously integrated with the CrowdStrike Falcon platform to help identify backup sets that may have been exposed during an attack. That work also enabled automated flagging of at-risk backups, reducing the time spent manually checking recovery points.

Two-way telemetry

The expanded integration feeds Commvault-generated security and integrity indicators into Falcon Next-Gen SIEM, including AI-powered anomaly alerts. This gives analysts integrity-related context alongside broader endpoint and workload signals from CrowdStrike.

At the same time, Falcon Next-Gen SIEM signals can be used with Commvault capabilities it describes as threat scanning, data integrity analytics, and Synthetic Recovery. The combined view is intended to guide which backups to use and when to begin restore operations.

The integration targets a common pressure point during cyber incidents: security teams focus on containment and investigation, while IT teams focus on restoration. When they work from separate tools and datasets, organisations can lose time validating recovery points and coordinating next steps. A shared operational view can reduce handovers and rework during high-pressure response windows.

Recovery focus

Both companies also pointed to reinfection risk. Restoring from an infected backup can restart an incident, extend downtime, and increase costs. The bi-directional link is positioned as a way to build higher confidence in known-clean recovery points using shared evidence, rather than relying on one team's judgement in isolation.

The integration is also meant to improve blast-radius assessment-understanding which systems and datasets were affected and which remain trustworthy. By surfacing backup-integrity signals inside the SIEM, the vendors say security and IT teams can speed triage and investigation during an incident.

"Driving clean and trusted recoveries is now a business imperative," said Pranay Ahlawat, Chief Technology and AI Officer at Commvault. "By bringing together CrowdStrike's security insights with Commvault's deep AI-powered data intelligence, we're making it easier for security and IT teams to collaborate, identify threats earlier, and make informed trusted recovery decisions that can keep organizations moving."

CrowdStrike described the integration as a way to combine security signals with what it calls data-trust context, supporting operational decision-making during incident response, including prioritisation and business-impact assessment.

"In today's threat environment, speed and confidence are everything," said Daniel Bernard, Chief Business Officer at CrowdStrike. "By bringing Commvault's recovery intelligence into CrowdStrike Falcon Next-Gen SIEM, we're giving organizations a unified operational view that connects security signals with data trust. This context helps leaders understand the true business impact of an attack, prioritize response, and move faster from detection to recovery - with Falcon Next-Gen SIEM as the AI-native platform where those decisions come together."

Access and rollout

The integration is available through the CrowdStrike Marketplace at no additional charge. Customers can activate it within existing Commvault Cloud and Falcon Next-Gen SIEM deployments.

Commvault has made unified resilience a central theme in its product strategy, emphasising cyber recovery alongside data protection. CrowdStrike has expanded Falcon into broader security operations workflows, with Falcon Next-Gen SIEM positioned as a hub for aggregating and analysing security telemetry. Both companies say the expanded integration adds shared visibility to support recovery planning during incidents as organisations refine cyber recovery processes.

Related stories
Tricentis unveils AI Workspace for agentic quality testing
Qevlar AI raises USD $30m to expand autonomous AI SOC
Tech Mahindra & Rubrik launch AI cyber recovery service
Entrust launches cloud cryptographic security platform
Thrive unveils governed AI workspace & adoption model

Top stories

Virtana launches system-wide observability for AI chaos
Mastercard unveils AI 'Virtual C-Suite' for small firms
Audit firms step up AI adoption while seeking safeguards
NTT DATA unveils global Nvidia-powered AI factories
Tricentis unveils agentic AI Workspace for safer releases