I didn’t make it to Moscone for #RSA2026 this year. But between the press drops, livestreams, and briefing materials, there was plenty worth unpacking — particularly from Commvault.
Some years, RSAC is a steady stream of incremental updates dressed up in expo-floor theatre. This year felt different — at least from where I was sitting, which was decidedly not San Francisco.
Commvault came in with a clear narrative thread: ResOps — the idea that resilience and operations need to work as one unified function, not as siloed teams talking past each other after a breach. Their booth theme, “The ResOps Rumble,” leaned into it hard with live demos simulating real attack scenarios. Theatrical? Sure but that brought in a fun flare to it. But the underlying message was commercially sharp.
Two announcements stood out for me:
Identity Resilience extended to Okta.
Commvault expanded its identity coverage beyond Active Directory and Entra ID to include Okta — bringing automated, policy-driven backup and granular point-in-time recovery to one of the most widely deployed identity platforms in the enterprise. The key differentiator: recovery targets only the affected objects (users, groups, policies), not a full environment rebuild (And thats super painful). For anyone who’s ever sat through a blown Okta config incident, this matters. Early access is slated for April 2026, with general availability in Mid 2026. Read the full press release →
Expanded Threat Scan with layered detection.
The updated Threat Scan capability adds “defence-in-depth” to backup data — combining IOC-based hunting (hashes, YARA rules) with deep file inspection using ML, heuristics, and AI-enabled encryption detection. Integrated with Synthetic Recovery, it means you’re not just restoring super fast, you’re restoring clean (and thats equally as important if not more). Available now at no additional cost to existing Threat Scan customers — a meaningful commercial signal. Read the full press release →
There was also a bi-directional CrowdStrike Falcon integration announced in the lead-up to the show — connecting data security, identity resilience, and cyber recovery into a shared operational view. When CrowdStrike identifies a threat, Commvault can act immediately, reducing the gap between detection and clean recovery. The ecosystem play is clearly intentional.
Also worth watching: Commvault’s partnership with CloudSEK, which pipes real-time dark web credential intelligence directly into Active Directory vulnerability assessments. With 24B+ stolen credentials circulating underground (Yikes!), the proactive exposure signal is a genuinely useful addition to the identity protection stack. Available Mid 2026.
In closing
RSAC 2026 reinforced what the industry has been circling for a while — perimeter defence alone isn’t the game anymore.
The conversation has decisively shifted to recovery readiness, and who can get you back operational faster when the inevitable happens. Commvault’s positioning at this year’s show felt less like a vendor pitch and more like a maturation moment.
The ResOps framework is a genuine attempt to collapse the wall between security operations and recovery teams — two functions that have historically spoken different languages and answered to different stakeholders. Whether it lands as a category or just a campaign remains to be seen, but the product depth behind it is hard to dismiss.
From identity resilience spanning Active Directory, Entra ID and now Okta, to AI-assisted clean recovery (Check this post on this feature) and dark web credential intelligence piped directly into the workflow — the platform is moving in a coherent direction. Cyber resilience is no longer a feature on a spec sheet. For Commvault, it’s the whole bet
I’ll be tracking the Okta GA closely. The identity attack surface isn’t getting smaller.