We use Commvault to back up our directory, web, and application servers.

We haven't had to use Commvault in a real-life disaster recovery scenario, but it has been very good in testing.

I like Commvault's immutable backups. It integrates with other solutions in our IT infrastructure very well.

The user creation and management capabilities could be improved.

I have used Commvault Cloud for six months.

I rate Commvault 10 out of 10 for stability. We haven't had any problems, so we will see.

I rate Commvault Cloud 10 out of 10 for scalability.

We had the vendor through the setup for us. S

I think the biggest advantage is time savings.

I rate Commvault Cloud five out of 10 for affordability.

I rate Commvault Cloud eight out of 10. It's easy to use. We've used Commvault before, so we know they're good. We haven't had any problems with it or any issues with the setup

Our company integrates Commvault Cloud, a backup and recovery software solution, for customers. While Commvault Cloud itself resides in the cloud, each customer has the flexibility to choose their preferred cloud provider.

Commvault Cloud has been reliable for our customer's data backups – I haven't encountered any problems, and restorations have consistently been stable.

Commvault Cloud streamlines operations with its built-in scheduler, but we can also leverage external scheduling tools through its Bay REST API. This allows for comprehensive disaster recovery processes, including source and replication monitoring, for both backups to the cloud and failovers back from the cloud, ultimately optimizing our disaster recovery workflows.

Commvault Cloud cuts operational expenses by eliminating the need for on-premise software installations, and its integration with multiple cloud storage providers allows us to leverage the most cost-effective options for our backups.

Commvault Cloud's deduplication technology and compression capabilities solved our challenge of backing up massive data volumes by eliminating redundant data and significantly reducing storage requirements.

Commvault Cloud stands out for its ease of use and reliable backups, along with its ability to handle large data volumes for VMs, servers, and applications. It offers flexibility with disaster recovery features, efficient storage management, and strong compliance capabilities for governance.

Commvault Cloud currently lacks support for backing up Proxmox environments, which limits its functionality. This is an area where the software could be improved.

I have been using Commvault Cloud for three years.

I would rate the stability of Commvault Cloud ten out of ten.

I would rate the scalability of Commvault Cloud nine out of ten.

While technical support offers a quick response time in English, French-language assistance comes with a wait due to limited availability.

The initial deployment of Commvault Cloud is straightforward. The cloud version is much easier than the on-prem one because Commvault has reduced the product to the primary use for end users.

Commvault Cloud deployment time varies depending on what you're backing up. Simple setups, like backing up Microsoft Mailbox or SharePoint, can be done in one to two hours, while more complex on-premises installations for VMs or servers might take half a day up to one day.

Two to three people are required for the deployments. This includes one person from the customer's IT department and an end user of the application.

We implement Commvault Cloud for our customers.

I would rate the price of Commvault Cloud seven out of ten with ten being the cheapest.

I would rate Commvault Cloud nine out of ten. Commvault Cloud is one of the best backup products I have used. When I install Commvault Cloud in a customer's organization, I never worry about it not working. It helps me sleep at night.

We handle Commvault Cloud maintenance for our customers, ensuring smooth operation. While issues are rare, we often assist customers with restoring data, as infrequent use can lead to forgetting the process. Additionally, we perform biannual agent upgrades to maintain optimal performance.

I recommend Commvault Cloud to others.

We use the deception piece of Commvault, not the backup solution.

We use deception decoys across our corporate networks and across our OT networks to emulate vulnerable systems so that if a threat actor were to get inside and start scanning the network, the hope is they would bump into one of these, and we would get the alert, and we would be able to react and know some of these inside. Most of what we deploy in terms of decoys have some level of vulnerabilities that threat actors would be interested in, such as an old version of an operating system.

Building and deploying a decoy is fairly straightforward. If there is any work involved, it is just tuning the noise in terms of what happens inside your network. Most people probably do not realize how many times they are scanning their own network internally, and that decoy is going to feel like it is getting scanned, but that scan is being done by a dedicated device that you want to scan. You then build your exception rules in to not trigger on that and trigger on other devices when it is scanning. We have built the alerts back into our automation platform, so if we get alerts, our automation platform will do some runbook evaluation that is automated and then hand it off to an analyst if they think it is a real event.

They do a good job of building the decoys and deploying them, and then giving you good insights. When something happens, you can look at how the decoy was connected or attached to a scan and figure out if that is a real threat or not.

I like the coverage. We have 250 locations across the US, and we deploy decoys across every one of those networks.

We saw its benefits immediately. The first time we got it and deployed it into one of our operating plant environments, the plant engineer noticed right away that there was a foreign device on his network that he did not really realize was out there. It was a support vendor coming in, and that vendor was scanning parts of his network that he did not realize. They were not necessarily doing it maliciously, but it gave him great insight, so he was sold on the product right away as we were. Shortly after implementation, we did our regular PAN and Red Team testing. I can say with 100% confidence that every time we do one of those, those teams come in and they tip over one of the decoys, and we see them fairly quickly.

The decoy side protects my data because I get early insight into if there is a threat actor in my environment and it is moving laterally because they typically will hit one of these decoys, so it gives me quick access. If a ransomware threat actor was in my environment, they would be moving laterally trying to get to a vulnerable system, so before they ever get to the point of deploying the ransomware payload, they are going to hit a decoy. I am going to get early insight, and hopefully, I can get them out of there.

In terms of its effect on the total cost of ownership (TCO), as with almost any security product, we are mitigating risk and protecting revenue. The total cost of ownership is an overhead when it comes to security. You want to spend as much as you think is necessary to mitigate high-risk areas. Otherwise, it is just money out the door. You are protecting revenue, but I would not put a TCO on it.

It has helped our organization reduce or avoid downtime a great deal. It has avoided a potential downtime because the decoy typically gets the threat actor. My threat actors are PAN Test and Red Team people. They are identified before they can get too far and cause a scenario where I have downtime because of whatever they are doing in the environment.

The expanse of the decoys that they have is valuable. They cover everything on the corporate side that you would think of, such as Windows, Linux, and even applications like SAP. They also go into the OT environment and emulate OT devices as well.

If I were to ask them to work on something, it would be the fidelity of the alerts that occur. They should tell me if it is a real event or not. It is easy for it to identify that something hit it but give me more information. They can build AI into the engine so that I get better output from an alert to tell me if I should really be interested in that or not.

We bought TrapX before Commvault acquired them, so we have been a customer of the deception technology, and a specific one, for over seven years.

It is very stable. We do not have a problem with availability or uptime on the product.

It is very scalable. We started with hundreds, and now, we have got thousands of decoys. The only thing that you have to be careful about is the more decoys, the more alerts. Can you handle them, tune them, and get them cleaned up so that you are effectively looking at real alerts when they come in?

I am the CISO here. I do not contact them, but my team certainly has used their support organization before.

We have not used any other solution. We have been a TrapX customer from early on when they were just coming out.

It was originally on-premises. They have since come out with the cloud version, and we are migrating to it right now. It should be done by the fifteenth of March, which will make it a lot easier because before, I had to buy hardware and deploy assets across my environment. Having a cloud solution is a much better model for me.

The deployment for the cloud one has been good so far. It has been going fairly well. We are on-prem, and we are moving to the cloud. I do not know if it would be different if I was deploying the cloud only and I had never deployed it before. I would imagine it would be easier than what I did in the past with on-premise equipment. I was building servers and VMs and allocating those types of resources to run this environment.

When we started, we did get help. We had professional services included. They were early to the market, so it kind of made sense. For this deployment in the cloud, we are just doing it ourselves.

I have one person doing the migration, and that one person does other things too. The lab time is going to be about 15 days, but he is not working a hundred percent on that. He has got other responsibilities. It is not difficult.

All the time, we have only had one engineer dedicated to this platform. Our SOC uses the output, but the person who manages it day to day takes upgrades, performs the upgrades, and does those types of things. There is just one person, and that is a part-time person, not a full-time person.

The maintenance is largely around what decoys you have deployed and the tuning of those decoys. Some of the maintenance is just internal processes, such as when the decoy gets tipped over, what exactly did that? Did somebody start up a new engine or a new scan internally that we did not know about? We have to manage that change process to make sure that we put an exception on the decoy so that it does not get alerted when it is not necessary.

Originally, it was really attractive when we were deployed on-prem. They have since built and moved it to the cloud, which I am a big fan of. I have all my security tools in the cloud, but it came with a significant increase in pricing. We ended up negotiating a better price because we have been a long-term customer, and I have also spoken on their behalf quite a few times, but if I have to buy it at its current rate, I am not sure if I would be a customer. It is expensive.

We did look at a couple, but I cannot say what they were because it was a while ago.

To those evaluating this solution, I would advise looking at the maturity of their security organization. Do they have a SOC and are they going to be able to address the alerts that they are going to get on the decoys? If it is just more noise on top of the noise they are already dealing with, they probably should not put this type of technology in until they clean up their environment and have a good handle on the alerts they are getting. That is because you cannot put it in and ignore it. It is a decoy. Something is hitting it, and that something might be real, and you need to take action on it.

I would recommend Commvault to others. They have been an easy organization to work with. They have good technical support, and I still like their technology.

Overall, I would rate it an eight out of ten.