Cohesity strengthens anti-ransomware strategy

Sharp-shinned Hawk, Accipiter striatus.

Cohesity is piloting a DataHawk SaaS service and has set up a Data Security Alliance to buttress its anti-ransomware weapons to customers.

DataHawk combines threat protection via scans for attack indicators and malware, ML-based data classification to identify and detect sensitive or critical data, and its Fort Knox off-site virtually air-gapped secure vault service in the cloud. 

Mohit Aron, Cohesity
Mohit Aron

Mohit Aron, founder and chief technology and product officer, said IT and security teams are “working night and day to stay ahead of bad actors. The key to keeping businesses running is minimizing the impact of a potential breach, bringing data security directly into the operational workflow, securing data at the source, and restoring critical workloads rapidly.“

Cohesity previewed a DataGovern service in October last year. It used AI/ML to automate discovery of sensitive data and detect anomalous access and usage patterns, which could indicate ransomware activity. However DataHawk uses classification technology from BigID to discover and classify large sets of data to help minimize risk and understand the impact of an attack. 

Customers can save time chasing false positives and reach resolution faster with more than 200 built-in classifiers and ML-driven algorithms to analyze, tag, categorize, label, and classify data sets, Cohesity claimed. Predefined policies for data privacy and protection regulations like the General Data Protection Regulation (GDPR), Payment Card Industry (PCI), and Health Insurance Portability and Accountability Act (HIPAA) help customers identify and prioritize data sets.

Data Security Alliance

There are nine Data Security Alliance members along with Cohesity: BigID, Cisco, CrowdStrike, Mandiant, Palo Alto Networks, PwC UK, Securonix, Splunk, and Tenable. They can all integrate with Cohesity at an API level, and some are already doing that. powers Cohesity’s CyberScan to assess data backup environments to help ensure that a recovery situation does not introduce vulnerable conditions into production. BigID technology is being used in DataHawk.

An integration with Palo Alto Networks’ Cortex XSOAR is designed to provide faster ransomware response. Pamela Cyr, VP technical partnerships at Palo Alto Networks, said there is a “bi-directional flow of data and commands to rapidly detect and respond to ransomware. Cohesity confirms infection, and the Cortex XSOAR automation platform manages the enrichment and initiates a safe restore of business-critical data.”

Sanjay Poonen, Cohesity
Sanjay Poonen

Cohesity CEO Sanjay Poonen said: “Today’s non-stop and increasingly sophisticated cyber threats require an all-hands-on-deck approach. It’s not the responsibility of one vendor to solve all cybersecurity challenges… We are partnering with these industry heavyweights so they can leverage our platform, the Cohesity Data Cloud, to help customers easily integrate data security and resilience into their overall security strategy.” 

Cohesity formed a Security Advisory Council in September, with Mandiant CEO Kevin Mandia on its board of directors. Other members include: 

  • Alex Stamos, director of Stanford Internet Observatory, partner at the Krebs Stamos Group, and former CSO at Facebook and Yahoo!
  • Jason Chan, former VP of Information Security at Netflix.
  • Marianne Bailey, partner at Guidehouse, and former senior cybersecurity executive at the NSA.
  • Laura Barrowman, Cohesity board advisor and CIO at Credit Suisse.
  • Sheila Jordan, Cohesity board advisor and chief digital technology officer at Honeywell, former CIO at Symantec.

It has now appointed Kelly Bissell, EVP of Microsoft Security Services, to this council too.

Cohesity has three security-focused initiatives: DataHawk SaaS; the Security Advisor Council; and the Data Security Alliance. It sees no need to offer ransomware guarantees given its approach.

We see Cohesity setting up a web of enterprise security connections, integrations, and influencers for its data protection services. This is a different marketing and product direction from other data protection suppliers.

DataHawk is currently available for early access preview from the Cohesity Data Cloud platform with general availability planned in the coming months.