Transcript
Responding to cyber threats isn't just a technical challenge. It's a race against time where every minute of uncertainty can mean greater risk to data, business continuity and reputation. For IT and security leaders, the pressure is relentless. Alerts pour in from multiple sources. Teams scramble to identify what's real. The margin for error is razor thin. The stakes are even higher for organizations in regulated industries, where compliance and auditability are non-negotiable. That's why Commvault's Arleigh Recover is specifically designed to help turn chaotic, high-risk incident responses into a consistent, guided and auditable process. Arleigh Recover empowers teams to move smoothly from detection to reliable recovery, reducing guesswork, lowering risk, and supporting continuous business operations even during sophisticated attacks. In this demo, you'll see how Arleigh Recover simplifies connecting threat detection from tools like Splunk with automated guided recovery workflows. A real-world scenario of responding to a ransomware alert on a virtual machine. Step-by-step walkthrough of Arleigh Recover's structured recovery process, balancing automation with human oversight. How Arleigh Recover helps enable safe, repeatable, and fully auditable actions. The user's experience. Clarity, control, and confidence at every stage. Imagine you're a senior IT operations manager at a global financial services firm. It's 9.30 a.m., and your team receives a high-priority alert from Splunk. Suspicious encryption activity on a critical VM, indicating a ransomware attack. Previously, this situation would have caused chaos, with emails flying in, manual checklists being used, duplicate and competing activities, and uncertainty about what to do next. But today, with Commvault Cloud and our Arleigh Recover agent, the process can be different. Let's take a look at how that process works. In this scenario, Splunk has detected signs of suspicious encryption activity on one of your virtual machines, indicating a potential ransomware attack. That alert has been automatically ingested and correlated within Commvault's Threat Detection Dashboard, alongside anomaly data and backup intelligence, providing a single, actionable view for initiating a response. Here, you can view several critical and high-risk alerts, each linked to specific resources. And importantly, the Arleigh Recover agent has already generated several response plans for these incidents, one of which we'll now open to walk through guided recovery. Instead of starting from a blank slate, we already have a ready-to-run response plan for this VM. Arleigh Recover automatically generates it when the Splunk alert is correlated, linking the detection directly to the asset and pre-building the appropriate recovery workflow. You can review the plan and click Review and Execute to open it in Arleigh Recover. This strong connection between threat detection and guided recovery helps reduce the risk of human error and the manual handoff that typically costs valuable time, giving teams a clear starting point quickly. Let's open the plan and launch Arleigh Recover. Arleigh Recover loads all event details from Splunk, including the alert ID, threat type, and impacted VM. It generates a step-by-step recovery workflow tailored for this specific system. This is the key shift. Instead of making you improvise, Arleigh Recover offers a guided path that's safe, consistent, and fully auditable. The plan is organized into five clear stages. Disable data aging. Select optimal recovery point. Select clean room target. Add validation tools. Review and execute. Each step is guided, helping you progress through recovery in a controlled and predictable way, balancing automation with human decision-making at every stage. The workflow begins by disabling data aging, which prevents backup data from aging out or being deleted during the investigation. Then, Arleigh Recover walks through selecting an optimal recovery point. Usually, the last snapshot validated is clean. And choosing the clean room target, where the VM will be safely restored for inspection. Each action is confirmed by the operator and logged automatically. Even during a stressful incident, this approach helps keep the process safe, consistent, and traceable, giving you confidence that every action is correct and accurately recorded. Arleigh Recover's design blends automation with human oversight, so you always know what's happening and why. Once the clean room recovery is complete, Arleigh Recover summarizes the outcome and provides clear next steps for your response team. Validate system integrity inside the clean room. Run antivirus or forensic tools if needed. Keep the environment isolated until all checks are complete. After validation, the system can be safely returned to production or preserved for deeper analysis. Throughout the process, every step is documented and linked back to the original Splunk event, creating a complete auditable chain of recovery. In just a few guided steps, we've turned a Splunk-detected ransomware alert into a structured, verified recovery process. Arleigh Recover helps bridge the gap between detection and action, generating a guided plan, walking you through recovery, and confirming that each step is intentional and documented. By connecting external threat data from Splunk with Commvault's Threat Intelligence, Arleigh Recover is designed to enable guided, consistent, and confident recovery, reducing reactivity and risk. With Arleigh Recover, cyber recovery becomes a more predictable and repeatable process, providing teams with better control and assurance when they need it most.