Good morning all. My name is Wolf. I'm principal sales engineer here at CommonWell in Germany. And in the next 50 minutes or so, I'll take you to a quick ride on how a modern data management solution will help you to provide a cyber resilient infrastructure.
Well, let's have a look at some statistics first. In, the first ones in these are, in my opinion, the most, most important. It's first one is the average dwell time. The dwell time is the time of an actor inside your infrastructure of an organization before submitting recognizes that there's some person that is not allowed to do, to be there from the latest IBM costs of a data breach report. This dwell time is about 204 days. So 204 days. Somebody is inside the organization doing damages, doing all he wants to do before he gets known that that's there. Okay?
Even if you don't think, don't wanna believe in, in IBM, when you go to a friends and CrowdStrike, they go down to 180 days and even Sophos goes down to 100 days depending on who you wanna believe in the story. And the concept behind that is still the same. You have to assume a breach every day. You can have as much as security surrounding securities, whatever you want. You can be guaranteed that someday you will be breached. And this is really important if you take this into consideration when you go to work every morning, this will change your day.
The second interesting point for us is how many days an enterprise might need before it comes back from an incident. And this is 21 days only for the really critical systems, for your main systems, not for all your infrastructure. It's about 21 days. And if you think about how long your enterprise, your organization can survive without your critical systems, 21 days is really a lot.
And it's our objective to help bringing that number down. With an enterprise management solution, 68% of businesses that paid a a ransom were compromised again within a month. This is due.
If you are attacked under attack, let's say a bad actor has encrypted 250,000 files and you pay the ransom, you will get 250,000 keys. But nobody will tell you which key is for which file. So what normally takes place, you will take all your IT stuff together, giving them these keys and starting to decrypt the files. And at that moment, you're taking your eyes of the ball. You don't look about where the security lack is. How does the bad actor came into the game? And the bad actor on the other side is on the dark side, on, on the Darknet.
And he is posting, Hey, I got all the information about this company.
Just send me five bitcoins and I provide you with all I know about this. And believe it or not, they are getting five bitcoins in hundreds of times. And during even a couple of hours, you will be on the second attack and the next and the next and the next. The other thing around this, 96% of businesses who paid the ransom, they don't get all their data back. They're getting back an average roughly 60% and nobody knows which 60% that are.
So you have to judge if the ransom you pay is really worth getting 60% of the data back. So here's again a point where modern data management solution will help you to get roughly 100% of your data back. 62% of all attackers do not use malware any longer to go into an organization.
I mean, that's mostly why the most people here on, on the room, they are, they are dealing with that.
They are not hacking your environment, they're just logging in because they got some credentials that are real, that are good, that are known. And that's a real interesting point. And finally, more from the, from the operation side, from the business side, every organization needs a cyber insurance today, but cyber insurance is getting more and more difficult and expansive to get for people.
When I think back to the days when we first talked to customers about getting cyber insurance and how we can com support them, it was about they told us four or five, four to 10, five to 10 questions they have to answer on cyber insurance. The last customer we talked about this told us it's about 494 questions. So roughly 500 questions he has to answer with yes or no, mostly is there a pam, is there immutable storage in all this stuff?
And even when you think about upcoming DORA two oh, NI two oh Dora and GDPR, it's get more and more difficult to get insight on or get an cyber insurance as well.
From our talks with customers, prospects on C level, we asked for them what is building their agenda. And all these guys saying, okay, we are orientating ourself on cyber N, the NIST framework or MI C ref, and all these items you see on this page are part of a cyber resilience strategy they have to be paid attention on and they have to be actioned on.
And the interesting thing for us as comm is that we are mostly in every item that is on this slide, we are able to support customers meeting these requirements. And it not only because it's fancy at the moment to jump on the security train and and shouting me too, it's because we are 27 years on the market. We have 27 years of experience in providing data management, providing data security, and it's a mature platform. And the only thing we are doing at the moment, we are not buying new technology.
We are just expanding our existing tools technologies to meet all these requirements and to improve what we can do here. I mean, a modern data management solution today has to cover lastly the complete life cycle of enterprise data. Because all you need is is the data that's where your business belongs, belongs to. So I think we all agree that it's not a question if an organization will be attacked, it's only again, the question when it will be attacked and how fast it can recover.
So modern data, so data management solutions must provide protection barriers, security barriers that go far beyond only immutable storage. So you have to provide monitoring, alerting mechanism for initial access. If a bad actor is on the door, as is knocking on the door, how can you help to identify and alert people? You have to provide procedures monitoring the online, the inline backup process instead of is there anything lateral movement is there, for example, privilege access or even worth?
Is there anything of impacting my backup data?
The data that I have and the management and all this has to be part of the existing security, security framework. So integration is key in this kind. So we sell the Commvault, we see ourselves as part of the NIST risk management framework. And that's why we built based on our platform, a cyber resilience whiteboard, let's say. It starts all with our zero trust architecture. There are based on multifactor authentication, multi person authorization, semi integration, pam, role based access control and all this stuff.
We have deep integration with CyberArk for password and access management as well as entrust key management. KMS based on K-K-M-I-P to encrypt passports and data. Most of our customers or all of our customers have their crown jewels. They have their workloads based on virtual machines, file system, file service database and all this stuff.
And they all think, yeah, we are good.
We are, we are backing up all our data, we're securing all our data, our all, all of our critical data. But to be honest, most of them don't really know what they have in, in real, in reality. This is where come out can help as well coming into the play with our risk analysis. So we are scanning production and backup data, looking for sensitive data, looking for PII for GDPR related stuff for pattern. You define what is in the environment and then we provide you with the information. Where is this data located? Where is it stored? Who is access to us and how is it used?
And you can deciding on the your own regulations is the data where it's located now really has, has it to be there or has it to be removed, relocated or anything like this.
In addition, we built an early deception system. So this is from the product side, it's threat wise. Threat wise works with lures, with threat senders, with fake assets. So we are placing faith fake assets around your real systems. This is think about like a, like a minefield. So you have more and more assets that are simulating, that are acting like they are real systems.
And this is increases the possibility for a bad actor who is looking around in the network that he gets in combination in contact with this asset, with the fake asset, with this sensor, and comes back and starts alerting the environment. You can do forensics, you can do see where the bad actor is going through your network. What is he doing? Is he placing malware somewhere? And you're starting alerting, integrating in the existing security framework, providing countermeasures against such bad actors.
The next layer is the security IQ dashboard.
So we provide an overview of the security posture of the environment. We have so many security related configuration possibilities that mostly the customer has not all in in place yet. So you can have an overview how to increase the security poster, the whole security of the environment by configuring additional settings, by adding additional, additional options to the same. And everything that is taken place in the environment is locked. So we have a audit lock where all interaction is locked and can be taken for forensic analysis. The next layer is more or less the data management itself.
So we are doing anatomy, animal lead detection as well on the live system and on the, on the backup data, it depends on life file activity. It's advanced canary files that are, that are taken into consideration. Cyber deception laws and threat sensors, agentless VM CMDR file activ suspicious or encrypted file detection, MT type miser and file entropy detection.
So this is the the scan on the production side. And even if there is an suspicious information, something that you might know might mean, might, might believe it's it's going wrong, you can start threat analysis.
So doing an analysis and deep analysis of the data under, under management taking for example, functions like view corrupt versions or quarantine these versions and restore it to a isolated environment for a, for a forensic analysis, signature based malware scan. So doing really malware scanning off the backup data to get the zero infections even recognized a couple of days will be past their, their public public date. And AI buy zero day malware detection is also part of the environment. The latest layer or the the, the last layer in this case is our storage agnostic approach.
So this is based on our own hyperscale technology, immutable storage that we provide.
You can, you can write your data to as well as support for nearly any object based storage that is offering object lock, bucket lock and and things like this in combination with that cyber vaulting in using airgate solution cloud storage, nearly any provi, any vi any vendor that's available in the market. And clean room support. So isolated recovery environment where you can recover your data too and do forensic analysis, do scanning of the data.
So that's a rough and really quick tour through what a data management platform can do in this, in this combination. And just two, three words about Commvault, who we are about the company.
Yeah, we are the trusted leader in cyber resilience. We're the number one in Gardner market leader, market quad leader for 12 years running, sorry. We are safeguarding more than three exabyte of data of cloud data at the moment and we are the only FedRAMP high certified platform on the market at the moment. How we get there, what about over 1,400 patents pending that are first to unified data protection for on-premise for cloud and hybrid? So for the whole workload environment, we're the first to integrate ransomware protection directly native into the platform.
The only one to offer unique architecture with any, to any portability and defense in depth. And lastly, we are the only vendor to offer cyber recovery, clean room recovery capabilities at the moment at the market. So that's it the really, really quick ride. So open up I think a minute for questions.
Wow. First of all, thank you very much Wolf. It was really impressive and thought provoking please. Round of applause for our speaker.
Thank you.
And of course, of course. Raise your hand if you have a question. Okay. I have a a short question for you.
Yeah, that was a really long and impressive list of features, but how can you ensure that your customers actually know how to apply all those features in the right order according to all the best practices? Is it something you do for them?
Yeah, so we are doing training, we are doing our own professional service consulting. We have a couple, a lot of of certified partners who are able to implement the platform to implement all the security settings that are available. We are providing health checks, we are providing ransomware readiness, cyber resilience, readiness checks. So we are doing a lot for our customers that the platform and the capabilities the platform is providing are really used.
Well, thank you very much.
Thank you.
Okay, you too.
