Cohesity adds malware incident response partners to CERT service

Cohesity has added incident response partners to its Cyber Event Response Team (CERT) service to help customers diagnose and set up a recovery response to a malware attack faster.

It set up its CERT service in 2021, stating that it had partnered with the world’s leading cybersecurity incident response (IR) firms. Now it has announced a formal list of IR partners: Palo Alto Networks (Unit 42), Arctic Wolf, Sophos, Fenix24, and Semperis. CERT, available to all Cohesity customers as part of their existing subscription, can share customer-approved operational data – including logs, reports, and inventories – with these IR partners. It has developed a methodology that utilizes native platform capabilities and integrations with its Data Security Alliance to provide greater insight into data breaches.

Sanjay Poonen

Sanjay Poonen, Cohesity CEO, stated: “With ransomware, data breaches, and other cyber threats becoming an unavoidable reality, organizations need the assurance that they can bounce back faster, stronger, and smarter … We’re doubling our commitment to our customers by ensuring they have the expertise and tools to navigate and recover from cyber crises effectively.  Cyber resilience is the cornerstone of modern cybersecurity, and we are committed to helping our customers achieve it.”

An example of such an incident affected the divisional manufacturing plant and R&D center of a global auto parts enterprise. The company used Cohesity backup and its FortKnox immutable isolated data copy vault. The company was hit by ransomware in late 2023, which encrypted all the VM images hosted on ESXi servers. 

The manufacturer contacted CERT the morning after the attack and CERT worked in partnership with Fenix24 to contain and investigate the threat. The threat actor was identified and the IR team found that more than 100,000 files were locked up. Cohesity CERT worked with the division’s IT department and Fenix24 to bring data back from the FortKnox service, validate that the threat had been mitigated, and ensure that remediation steps were successful. 

CERT is available 24×7. “Personnel from Cohesity CERT and its partners are seasoned cybersecurity experts with specialized knowledge in incident response, threat intelligence, and forensics,” we’re told.

Kerri Shafer-Page

Kerri Shafer-Page, Artic Wolf’s VP of Incident Response,  said: ”Cohesity’s quick response toolkit gives us access to all kinds of data that can enable a more comprehensive investigation and quicker recovery. Partnering with Cohesity CERT adds valuable expertise in backup and recovery and helps us ensure our  joint customers are resilient no matter what attackers throw at them.” 

Competitor Commvault also has multi-vendor cyber resilience partnerships, set up in 2023, with:

  • Avira (part of Gen): AI/ML-driven threat intelligence, prediction, analysis and anti-malware technologies. 
  • CyberArk: Identity security platform.
  • Darktrace: Machine learning-based anomaly detection with integration with HEAL and Commvault. 
  • Databricks: Data lake platform for data and AI. 
  • Entrust: Post-quantum cryptography and data encryption.
  • Microsoft Sentinel: SIEM. 
  • Netskope: Zero trust-based Secure Access Service Edge (SASE) web content filtering. 
  • Palo Alto Networks: Threat intelligence repository leveraging Cortex XSOAR to shorten incident response times. 
  • Trellix: Threat detection and response with Intelligent Virtual Execution (IVX) sandbox to analyze and inspect malware in an isolated environment.

Rubrik has a Ransomware Response Team (RRT), a virtual team of experienced people in its global support organization. RRT is available 24x7x365 and composed of critical incident managers and senior support staff. Rubrik’s executive leadership is part of this virtual team and has visibility of every recovery RRT is involved with.

Veeam Software has integrating its data protection reporting with cybersecurity software vendor Palo Alto Networks to enable customers to respond quicker to attacks.

Get more information on Cohesity CERT here.