Commvault Expands End-to-End Identity Resilience: Detect, Log, and Reverse Hard-to-Detect Threats in Active Directory

Rhea-AI Summary

Commvault (NASDAQ: CVLT) expanded its end-to-end Identity Resilience portfolio to detect hard-to-find threats in Active Directory, log and audit identity changes, and rapidly roll back malicious or unwanted modifications to a trusted state.

The company also announced integration of its Active Directory forest recovery with Cleanroom Recovery, enabling isolated AD forest restores and recovery-plan testing without disrupting production. These advancements debut at SHIFT 2025 with early access beginning in early 2026.

Positive

• Detect, log, and rollback integrated for Active Directory threats
• AD forest recovery integrates with Cleanroom Recovery for isolated restores
• Recovery-plan testing without production disruption
• Early access availability beginning in early 2026

Negative

• Limited availability initially as early access only beginning early 2026

Insights

Enterprise Cybersecurity Strategist

Commvault extends Active Directory protection with detection, audit trails, and real-time rollback, plus isolated forest recovery testing.

Commvault links vulnerability assessment, identity-change logging, and anomaly detection to surface hard-to-detect threats in Active Directory. Teams can see who changed what, when, and where, then reverse suspicious modifications directly from the change log without hunting for recovery objects.

Integrating AD forest recovery with Cleanroom Recovery allows recovery in an isolated environment and lets teams test plans without touching production identity systems. Key dependencies include deployment coverage across AD estates and the quality of detection rules; incomplete coverage or noisy signals could limit effectiveness.

Watch for early access availability in early 2026, adoption signals from customers at SHIFT Nov 19, 2025, and any customer case studies showing successful rollback time and audit completeness within the first 6–12 months.

Data Protection Product Analyst

The offering unifies identity change control with backup recovery, reducing friction during AD compromise and recovery exercises.

The product combines change logging, vulnerability assessments, and rollback from an audit trail into a single workflow. This reduces manual forensics and accelerates return to a trusted state by removing the need to locate discrete recovery points.

The Cleanroom integration adds an isolated testing capability, which raises readiness by enabling non-disruptive rehearsals of forest recovery. Effectiveness depends on test scope and fidelity; expect meaningful evidence only after end-to-end drills and measurable recovery-time metrics.

Concrete items to monitor: early access feedback in early 2026, published recovery-time or rollback success metrics, and any technical notes on supported AD topologies and scale during the next 3–12 months.

Also announces integration between Commvault's Active Directory forest recovery offering and Cleanroom Recovery, taking readiness to a new level

NEW YORK, Nov. 12, 2025 /PRNewswire/ -- SHIFT 2025 – Commvault (NASDAQ: CVLT), a leader in unified resilience at enterprise scale, today announced an expansion of its end-to-end Identity Resilience portfolio – enabling customers to find hard-to-detect threats in Active Directory (AD), automatically log and audit malicious changes, and then rapidly roll back changes to a trusted, clean state.

The company also announced advancements to its Active Directory forest recovery offering that helps teams test recovery plans in good times, so they are ready for the bad times.

AD is one of the hottest threat vectors for bad actors to exploit. Nine out of ten attacks¹ target AD because it controls access to data, systems, and applications – without it, business operations can grind to a halt. Bad actors often launch attacks that fly under the radar – like stealing credentials, exploiting broad permissions, and accessing sensitive data and systems.

Introduced as part of the Commvault Cloud Unity platform release, Commvault's latest identity resilience advancements help enterprises rapidly address these challenges from every angle.

• Detect weaknesses and threats: Uses integrated vulnerability assessment, identity change, and anomaly detection to track risks across users, groups, and policies in AD.
• Log and audit the changes: IT and security teams can see who made what changes, when, and from where – and maintain an audit trail that logs all important change events.
• Reverse unwanted changes in real time: From the change log itself, teams can identify suspicious modifications and quickly roll them back – without needing to locate recovery points or objects manually.

"Active Directory serves as the core of our business operations and if compromised, key business functions could be impacted," said Erich Beter, Senior Director, Information Security, Jazwares. "Commvault's innovation with Identity Resilience will allow us to detect and roll back malicious identity changes as they happen so that we can maintain reliable authentication and access control while strengthening our overall cyber resilience."

"When identity systems are compromised, the consequences can be severe. Unauthorized access to user accounts and sensitive information are known to be key causes leading to data breaches, financial loss, and unauthorized activity," said Fernando Montenegro, VP of Cybersecurity & Resilience at The Futurum Group. "Commvault's capabilities that help enterprises spot hard-to-detect threats in Active Directory and roll back safely to a trusted state can play an important role in addressing identity-based attacks."

AD Forest Recovery + Cleanroom Recovery
Commvault is also integrating its AD forest recovery offering with Cleanroom Recovery.

By integrating these technologies, customers can now recover AD forests in an isolated cleanroom and test their recovery plans in advance, without disrupting their identity systems in production.

"Commvault's end-to-end Identity Resilience portfolio provides game-changing protection and recovery to customers. And, with Commvault, we go much further," said Rajiv Kottomtharayil, Chief Product Officer, Commvault. "We unify identity resilience with data protection and data security on one platform. That means a lower overall TCO for customers and a single, reliable recovery plan for their entire enterprise, not just one workload."

Availability 
These Identity Resilience advancements will be introduced at SHIFT 2025 and available in early access beginning in early 2026. To learn more, watch this short demo.

Learn More at SHIFT 2025
This announcement complements other significant announcements at SHIFT 2025, including the company's Commvault Cloud Unity platform release and other distinctive innovations that are changing the game in cloud native data protection and cyber recovery.

To get a first-hand look at all of these announcements, please join Commvault at SHIFT 2025 virtually on November 19 (register here).

About Commvault
Commvault (NASDAQ: CVLT) is a leader in unified resilience at enterprise scale. In a constantly evolving threat landscape, Commvault keeps customers ready by unifying data security, identity resilience, and cyber recovery, on one cloud-native, AI-enabled platform. Customers trust Commvault to conduct the fastest, most complete recoveries – not just their data, but their entire business. Purpose-built for the agentic enterprise, Commvault also enables organizations to safely embrace AI while protecting against AI-driven threats.

¹ Sheridan, K. (2021, May 3). Researchers Explore Active Directory Attack Vectors. Dark Reading. https://www.darkreading.com/vulnerabilities-threats/researchers-explore-active-directory-attack-vectors

View original content to download multimedia:https://www.prnewswire.com/news-releases/commvault-expands-end-to-end-identity-resilience-detect-log-and-reverse-hard-to-detect-threats-in-active-directory-302612261.html

SOURCE COMMVAULT

FAQ

What new Active Directory protections did Commvault (CVLT) announce on November 12, 2025?

Commvault announced integrated detection, identity change logging, and real-time rollback for Active Directory as part of its Identity Resilience portfolio.

When will Commvault (CVLT) Identity Resilience features be available for early access?

The Identity Resilience advancements are available for early access beginning in early 2026.

How does Commvault (CVLT) combine AD forest recovery with Cleanroom Recovery?

Commvault integrates AD forest recovery with Cleanroom Recovery to perform isolated restores and test recovery plans without affecting production.

Will Commvault (CVLT) let teams roll back AD changes directly from logs?

Yes. Teams can identify suspicious modifications from the change log and quickly roll them back without manually locating recovery points.

Does Commvault (CVLT) offer recovery-plan testing that avoids production impact?

Yes. The integrated AD forest recovery plus Cleanroom Recovery enables testing recovery plans in an isolated cleanroom without disrupting production identity systems.

Where and when were Commvault's (CVLT) Identity Resilience announcements presented?

The announcements were introduced at SHIFT 2025 on November 12, 2025, with additional SHIFT 2025 sessions on November 19.