Commvault, Rubrik, Cohesity Lead Data Resilience: ForresterData Protection and Security Converge; Veritas and Veeam Fall in Latest Rankings
Data resilience stalwarts Commvault, Rubrik and Cohesity have pulled ahead of rivals Veeam Software and Veritas atop the latest Forrester Wave.
See Also: A Guide to Passwordless Anywhere
"The companies that are in the lead are focusing on all the things that you need to do when it's a security-related disaster versus an application failure or hardware failure," Forrester Wave author Brent Ellis tells Information Security Media Group.
Commvault, Rubrik and Veritas took the gold, silver and bronze, respectively, for the strength of their current data resilience offering, but Forrester's concerns about Veritas' strategy in the space - where the company tied for last with IBM - caused it to drop the company to being a strong performer overall. Commvault, Veeam and Rubrik had the strongest offerings the last time Forrester assessed the space in 2019.
"Commvault is a big company, but they're still winning new customers," Ellis says. "So that sets them apart, especially since they already had a good product and a strong feature set."
The strategy category also saw ranking shifts. Cohesity jumped from third in 2019 to first this year, and Veeam catapulted from sixth to tied for second despite the weakness of Veeam's current offering, which ranked only above Zerto and IBM among the nine vendors evaluated. Commvault retained second place for data resilience strategy, while Rubrik slipped from first in 2019 to tied for fourth this year.
"Veeam doesn't force you to use some security stuff," Ellis says. "For instance, you're not forced to use an immutable file system. They support it, but I gave stronger scores on the security aspect to things where it's secure by default. This is really reflecting what our enterprise clients need."
Over the past three years, Ellis says, pretty much every vendor in the data resilience market has added anomaly detection, immutable file system support and multifactor authentication for destructive actions or major changes. But leading vendors are taking it to the next level by restoring to alternate infrastructure, using a disaster recovery site or giving investigators a containerized environment.
"They have to address where the security and the operations workflow overlap and try to reduce the friction there in order to get businesses back up and running faster," Ellis says.
Outside of the leaders, here's how Forrester sees the data resilience market:
- Strong Performers: Druva, Veeam Software, Dell Technologies, Veritas
- Contenders: Zerto, IBM
Three vendors were either added or dropped from the Forrester Wave, all of which have gone or are going through acquisitions since the last edition came out in 2019. Zerto broke into the list after getting acquired by Hewlett Packard Enterprise for $374 million in 2021, Actifio fell off the list after its 2020 buy by Google, and Micro Focus fell off after its August 2022 purchase agreement with OpenText.
How the Data Resilience Leaders Climbed Their Way to the Top
Commvault Brings Automation, Security to the Table
The lines between data protection and data security have blurred, and Commvault has been bringing these two worlds closer together through additions such as its early warning cyber-deception defense mechanism, according to Senior Vice President of Products Ranga Rajagopalan. Automation is a key way to reduce risk and increase efficiency, and Rajagopalan says Commvault has focused on simplification.
Commvault also has a broad range of backup support capabilities and has tightly integrated its backup and restore functions together, according to Rajagopalan.
"In today's hybrid cloud world, data has never been more valuable or more vulnerable, and customers need a proactive data protection strategy to stay safe from bad actors," he said in a statement.
Forrester says Commvault offers subpar coverage around mainframe applications and data, though the analyst firm says the company does provide data dumps to a virtual tape library. In addition, reference customers told Forrester they're annoyed about the management differences between the appliance version of the software and workloads in the Metallic.io offering.
Commvault did not respond to multiple requests for comment from ISMG.
Rubrik Doubles Down on Cyber Recovery
Organizations have long had an automated process detailing their course of action in response to a physical disaster such as a data center blowing up as well as frequent testing of availability and recovery capabilities, says Vasu Murthy, Rubrik's vice president and head of products. But few enterprises simulate what a ransomware attack would mean for data access and practice recovering from that, Murthy says.
Unlike when a physical disaster occurs, recovery from a cyber disaster takes place in the same data center and needs to restore the most complete backup rather than the most recent one since the malware infection might predate some snapshots. Instead of purely minimizing data loss, cyber recovery scans to determine which backup version is the cleanest and creates a clone for forensic investigators (see: Rubrik's Bipul Sinha on Surpassing $400M in Subscription ARR).
"We all need to meet the common baseline of backing up and recovery," Murthy tells ISMG. "But customers come to Rubrik when they have a security focus. If they're afraid of ransomware and they want to improve the security of their systems, Rubrik is their number one choice."
Forrester says that eligibility for Rubrik's ransomware recovery warranty requires working with the company's customer success function on a regular basis to validate that components are set up and installed correctly. Murthy says securing customer data requires more than just a single vendor or product, and Rubrik therefore needs to ensure clients are following practices such as using a retention log.
"By far, this is the most advanced platform that's out there for data protection and data resilience," Murthy says.
Cohesity Goes All-In on Data Isolation
Cohesity's new FortKnox creates a simple-to-use, cloud-based vault for data that's immutable and has controls to ensure a threat actor can't unilaterally make policy changes, says Chief Solutions Officer Matt Waxman. FortKnox combines the efficacy of a virtual air gap with the recovery speed of a cloud with multiperson authorization built in so that a quorum is required to enact any policy changes in the vault.
Waxman says Cohesity has also added more capabilities around advanced malware scanning and data classification to ascertain the blast radius around the leakage of sensitive data and ensure malware isn't reintroduced during the data recovery process. The advanced malware scanning automatically scans based on a curated feed instead of forcing customers to manually enter YARA rules and run searches.
"We actually rated higher than any of the other leaders in terms of market presence," Waxman says. "What's actually driving that is the size of our average deals. Our sweet spot is really large, global, at-scale environments. Scale is a huge part of how we differentiate ourselves from the others."
Reference customers told Forrester that Cohesity costs more money than their previous backup tools. Waxman says Cohesity delivers value from a total cost of ownership perspective since it requires less hardware and labor than competing technology and can handle databases, file systems and cloud-based applications from a single underlying platform.
"The comments around pricing need to be looked at through the lens of per workload or per terabyte that you're storing," Waxman says. "And there, we're as competitive as anyone."