Cohesity added new capabilities to its data backup platform that prevent, detect, and respond to ransomware attacks. These features are generally available in the latest version the vendor’s DataPlatform.
The move also signals Cohesity’s first foray into the security sector — and follows a similar one by its competitor Rubrik, which rolled out its own anti-ransomware service over the summer.
Cohesity says the first step is prevention. And to accomplish this, Cohesity uses its existing immutable file system, SpanFS, to defend against ransomware by preventing any modification to backups. If an attacker tries to modify the backup, the platform will write the data to a new instance, keeping the original snapshot intact and preserved.
This prevention phase also uses a new capability called DataLock, which allows security officers to “lock” a backup snapshot. “This means even an administrator who has complete access to the system cannot go and delete those backups when it is in DataLock,” said Satinder Sharma, director of product management at Cohesity. The vendor also offers multi-factor authentication, another new feature to protect data even when passwords are compromised, he added.
New Anomaly Detection
Cohesity also added a new set of capabilities to detect ransomware. Cohesity’s software-as-a-service (SaaS) product Helios now provides anomaly detection that alerts the customer’s IT admin and Cohesity’s support team when the backup data changes or ingest rates fall outside the norm based on historical trends.
The vendor also offers integrated detection and alerts for file-level anomalies within unstructured files and object data. This includes analyzing the frequency of files accessed and the number of files being modified, added, or deleted by a specific user or an application.
And finally, in the event of an attack, Cohesity’s existing instant mass restore enables IT admins to recover hundreds of virtual machines (VMs) instantly, at scale, to any point in time. “This allows us to recover an entire environment in minutes versus days or weeks,” Sharma said. This is important because a speedy recovery reduces downtime and lost revenue due to a ransomware attack.
Additionally, the company’s Google-like search capability allows customers to locate and delete infected files across their global data footprint, including in the public cloud. “The key difference here is that there are others that offer global search, but they make you go to the individual workload and search for the file, then go to the next workload and search for the file,” Sharma explained.
Plus, the platform can also scale up to an infinite number of nodes without any detrimental impact on performance, Cohesity claims. This allows customers to store as many backups as they want right next to the production system for quick recovery.
Competition From Rubrik
Cohesity’s top competitor, Rubrik, launched its own anti-ransomware service in July. Like Cohesity’s new product, Rubrik’s Radar application aims to eliminate data loss and downtime from ransomware attacks. It’s built on that company’s SaaS platform Polaris and stems from use cases for the company’s original data management platform.
Sharma said Cohesity’s three-pronged approach — prevent, detect, and respond — to ransomware is what makes it unique. “Each one of those capabilities within those different areas are essential for ensuring comprehensive ransomware protection within an organization,” he said. “Those three areas make it a very unique and are why we are claiming it’s the first backup solution to offer a modern end-to-end solution to ransomware.”
And he played coy when asked if the new capabilities signal a move into the super-hot security space. “Security and compliance are two interrelated things that we have always been focused on,” Sharma said. “We started with data protection, and that automatically lends itself to those two areas of security and compliance. We don’t comment on the roadmaps but there are a lot of exciting things coming.”