Cohesity gets closer to threat hunter CrowdStrike

Cohesity is deepening its strategic partnership with CrowdStrike so that customers threat hunting on backup copies can investigate incidents while preventing adversaries from enacting countermeasures.

CrowdStrike’s real-time threat-hunting software has a sensor function that is regularly updated with new threat details covering emerging malware and other invasive system activity. Even though a faulty Falcon sensor update, attributed to human error, in July sent 8.5 million Windows systems into meltdowns, grounding thousands of flights worldwide, delaying medical services, and downing some US states’ 911 emergency services, the supplier’s services are still highly valued.

Cohesity CTO Craig Martell, who was the first Chief Digital and Artificial Intelligence Officer (CDAO) for the US Department of Defense, stated: “Elevating your organization’s threat detection and response is crucial in today’s threat environment, especially with AI at the disposal of cyber adversaries. Secondary data estates offer a perfect opportunity for minimizing attackers’ advantages and, together with CrowdStrike, our customers can enhance their threat hunting and response while also automating defenses across their security stack.”

Craig Martell, Cohesity
Craig Martell

Cohesity has its own threat-hunting capability with DataHawk. This combines threat protection, via scans for attack indicators, and ML-based data classification to identify sensitive or critical data. It set up a DataHawk integration with CrowdStrike and its Falcon LogScale dashboard in November last year for faster correlation, investigation, and response to incidents in one location. This provided closed-loop detection and response for attacks directly within the CrowdStrike Falcon platform.

A Cohesity spokesperson told us that in 2023, 75 percent of attacks were malware-free, making detection and containment difficult. Adversaries have moved to using more effective means, such as credential harvesting and exploiting vulnerabilities to break through legacy defenses while using AI and other advanced technologies to evolve their techniques rapidly.

We’re told that by implementing Cohesity’s clean-room design and integrated tooling, customers gain specialized forensic capabilities to analyze malware, investigate breaches, and understand attack vectors without risking contamination in the broader IT environment.

Daniel Bernard, CrowdStrike
Daniel Bernard

CrowdStrike chief business officer Daniel Bernard said: “Our continued partnership with Cohesity and latest joint efforts reflect our shared commitment to cyber resilience. To stay ahead, enterprises benefit from streamlining threat intelligence and response efforts while also harnessing their vast secondary data to gain security insights.”

Cohesity competitor Rubrik linked up with CrowdStrike in March, feeding data to CrowdStrike’s Falcon XDR (Extended Detection and Response) product. Commvault has a Metallic-CrowdStrike integration and Veeam also has a CrowdStrike integration. Druva has developed its own threat-hunting service as well and a CrowdStrike integration plays a part in this.

Cohesity says it’s the only backup vendor that provides multiple modes of threat scanning: its own in-built threat feed, custom YARA rules, and now through CrowdStrike. It reckons it has the largest security ecosystem in the industry as it works with 23 security partners. Cohesity presents itself as a data protection time machine, telling us: “CrowdStrike is the leader in detecting adversaries, but the picture they operate on is always the present state. With Cohesity, we now bring the past into visibility, allowing analysis on secondary storage against newly characterized threats. This integration brings the same high standards that SecOps teams place on their primary data, to the backups.”

Get more info on the Cohesity-CrowdStrike partnership here when the blog goes live later today.