Overview

Dasera is a data security posture management (DSPM) platform that automates data security and governance controls, on-prem and in your cloud, to protect your data throughout its entire journey. We provide visibility, control, and remediation for structured, semi-structured, and unstructured data across cloud and on-prem databases, data lakes, and data warehouses. With Dasera, you get robust Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Detection and Response (DDR), enhancing compliance and audit readiness.

Follow these instructions to easily integrate Commvault and Dasera, incorporating the latter’s DSPM insights to identify security gaps in your data protection program and ensure the safeguarding of your most sensitive assets.

Integration Benefits

Dasera’s platform excels in continuous data discovery, classification, and real-time policy enforcement across cloud, on-premises, and hybrid environments. It monitors data usage and user behavior to detect and respond to threats while automating compliance and security policy enforcement. Integrating Dasera with Commvault allows organizations to leverage automated alerts from Dasera to trigger secure backup and recovery operations, ensuring sensitive data is consistently protected and recoverable.

Commvault complements Dasera by providing robust backup and recovery solutions designed to protect data from loss and cyber threats such as ransomware. It offers secure, encrypted backups and ensures rapid recovery, maintaining data integrity and availability.

Both platforms support extensive data environments, enabling seamless data protection across various cloud and on-premises infrastructures. By integrating Dasera’s real-time monitoring and alerting with Commvault’s backup capabilities, organizations can automate incident response and recovery processes, reducing downtime and mitigating risks.

This combined solution offers enhanced visibility and control over data assets, ensuring comprehensive data governance and security throughout the data lifecycle. Organizations benefit from operational assurance through streamlined compliance monitoring, efficient data management, and the ability to quickly recover from data incidents. The integration of Dasera and Commvault ultimately provides a powerful, cohesive approach to managing, protecting, and optimizing data, enhancing both security and operational performance.

There are many key benefits:

• Enhanced Data Discovery: automate sensitive and critical data detection across cloud, on-prem, and hybrid environments, improving oversight and control of your data landscape.
• Resilient Data Security Posture: proactively identify and rectify vulnerabilities within cloud workloads, ensuring comprehensive data protection and swift incident recovery.
• Comprehensive Security Coverage: ensure end-to-end protection with a unified security posture view across both applications and sensitive data.
• Improved Risk Management: helps prioritize security efforts by focusing on critical data and application vulnerabilities.
• Efficient Incident Response: enables swift, coordinated responses to security breaches, minimizing damage.

…which lead to several core advantages and value outcomes:

• Unified Data Visibility and Control: comprehensive monitoring of all data assets, enhancing governance and risk management.
• Enhanced Data Security and Compliance: improved defense against cyber threats and simplified compliance with regulatory standards such as GDPR and CCPA.
• Optimized Data Protection Strategies: Commvault’s scalable backup and recovery solutions complement Dasera’s classification and protection of overlooked data assets.
• Proactive Risk and Configuration Analysis: identification of misconfigurations and security gaps with immediate remediation capabilities, ensuring data integrity and security.
• Streamlined Operational Efficiency: reduction in manual efforts and minimized risks, accelerating the time-to-value for data management initiatives.
• Proactive Security: continuous monitoring and real-time alerts help prevent incidents before they occur.

Supported Services

The Dasera / Commvault integration supports the following services:

• AWS RDS
  • MariaDB
  • MySQL
  • Oracle
  • PostgreSQL
  • SQL Server
  • Aurora

Setting Up Dasera

If you don't already have access to Dasera, please email support@dasera.com and include the following information:

• Your request for a new Dasera-hosted application
• The full name and email address for the user you wish to be application administrator

Your assigned support representative will respond with the following:

• Details on how to access your new Dasera application.  
• A link for accessing our private knowledge base.

Generating Commvault Access Token

Within your Dasera instance, click on Administration → Integrations from the left-hand navigation. Click on the Commvault option. A drawer will open with instructions for connecting with Commvault.

Follow the links to the Commvault console to sign in and access the Access Tokens tab. After inputting a name and generating a token, copy and paste the value into the Commvault Access Token field pictured above. Input your Commvault tenant URL.

Click Connect to complete the connection and start integrating with Commvault. You can also disconnect at any time by editing the connection and clicking Disconnect from the Integrations page. You'll see a popup to confirm Commvault data removal upon disconnecting.

Configuring Dasera

Once you have access, there are two main configuration activities to perform in Dasera. Once complete, information will flow between systems:

1. Onboard your AWS Infrastructure Connections
2. Connect your data stores

Links to specific knowledge base articles are included below, or you can email support@dasera.com for assistance.

Onboard Infrastructure Connections

Unlike Commvault, which connects to AWS using AWS KMS keys, Dasera connects to AWS using IAM roles. This is necessary to provide us with the full permissions necessary to fully-analyze your data stores and provide accurate classification. These roles can be created using either CloudFormation or Terraform.

Each AWS account you onboard as a Commvault Database Instance must also be onboarded as a matching Dasera Infrastructure Connection. See the following articles for specific steps, depending on your preferred tool (be sure to first authenticate to our KB using the link provided by Dasera support):

• Onboarding AWS Infrastructure via CloudFormation
• Onboarding AWS Infrastructure via Terraform

Once your AWS accounts are connected, Dasera will then auto-discover your AWS data stores and ingest any associated AWS tags.  

Connect Data Stores

Each data store you wish to monitor in the Commvault Command Center must also be connected as a matching Dasera Data Store. See the following articles for specific steps (be sure to first authenticate to our KB using the link provided by Dasera support):

• Connecting to AWS RDS MariaDB Data Stores
• Connecting to AWS RDS MySQL Data Stores
• Connecting to AWS RDS Oracle Data Stores
• Connecting to AWS RDS PostgreSQL Data Stores
• Connecting to AWS RDS SQL Server Data Stores
• Connecting to AWS Aurora MySQL Data Stores
• Connecting to AWS Aurora PostgreSQL Data Stores

Once your data stores are connected, Dasera will analyze and classify their fields based on a number of different signals and inputs. This activity includes applying Data Tags to better describe your data stores. For example, if we detect healthcare-related data, we might tag the data store with “HIPAA” and “PHI.”

More information on how classification works is available in our Classification Management article. 

Using the Commvault Workflow

When the Commvault integration is active, a new system-controlled workflow called “Send to Commvault” is newly-available:

When this workflow is assigned to a policy, each generaated alert will also be forwarded to the Commvault Command Center as an anomaly alert that shows within the Monitoring > Threat Indicators section.  From there, users can make decisions to recover data stores from specific point-of-time backups, depending on the alert's context:

Recommended Policies

The “Send to Commvault” workflow can be used with any policy (built-in or custom) with the exception of “Data Store Discovered” (as Commvault already performs this action on their side). 

To get you started quickly, browse the tabs below for some recommended starter policies which you can configure which will provide Commvault with security insights that only Dasera can provide:

Data Modified

In this scenario, Dasera will notify Commvault that a specific set of users have performed an unexpected delete operation on a sensitive data store.  In response, users could perform one or more of the following actions:

1. Locate copies of data
2. Trigger removal of backups
3. Revoke access (specific user(s) or all)
4. Apply masking

This could be easily-modified to check for employee tags vs. specific users, sensitivity levels vs. compliance tags, etc.

 

 

Misconfiguration

In this scenario, Dasera will notify Commvault that one or more misconfiguration risks have been detected for a data store, specifically encryption and public inaccessibility. 

 

 

Data Exfiltration

In this scenario, Dasera will notify Commvault that an unexpectedly large number of rows have been selected, which should be investigated for possible data exfiltration.   In response, users could perform one or more of the following actions:

1. Locate copies of data
2. Trigger removal of backups
3. Revoke access (specific user(s) or all)
4. Apply masking

 

 

Troubleshooting

If you don't see your latest tag assignments represented in Commvault, please open a support ticket by emailing support@dasera.com.