Cohesity released the Cohesity Anti-Ransomware Solution, a series of new capabilities available for the latest version of Cohesity DataPlatform that combats ransomware attacks. This solution offers the set of capabilities of any modern-day backup vendor with a multi-layered approach that can prevent, detect, and if necessary respond to attacks.
Legacy backup infrastructure, which often functions as a data insurance policy, has become a prime target for attackers that exploit common weaknesses associated with these products. To counter ransomware threats, organizations need to reconsider their backup strategy and deploy a solution that prevents backup infrastructure from becoming a target, detects attacks in real time, and if necessary provides a response to recover at scale, in order to avoid substantial downtime.
“Legacy backup solutions are ineffective against today’s ransomware attacks, which have become a top concern for almost every organization,” said Raj Rajamani, vice president of product management, Cohesity. “Real protection requires an integrated approach that combines proactive defense measures, intelligent monitoring, and the power to restore massive amounts of data immediately.”
Multi-layer protection delivers defense against ransomware attacks
Cohesity provides three layers of security that empower organizations to prevent, detect, and respond to ransomware attacks:
Prevent: Cohesity’s immutable file system, SpanFS, serves as the core defense against ransomware by keeping backup jobs in an immutable view. If an attacker tries to modify the backup, Cohesity DataPlatform will write the data to a new instance, keeping the original snapshot intact and preserved.
Customers also have access to additional protection with Cohesity DataLock, a new feature that allows security officers to “lock” a backup snapshot so that even someone with the highest level of access cannot modify or delete the backup. Cohesity also offers multi-factor authentication, another new feature that helps ensure that data is protected even when passwords are compromised.
Detect: Because no barrier is 100 percent impenetrable, Cohesity is rolling out an entire new set of “detect” capabilities that uncover suspicious activities. Cohesity Helios, a SaaS-based secondary data and application management solution, provides anomaly detection that alerts the customer’s IT admin and Cohesity’s support team when the backup data changes or ingest rates fall outside the norm based on historical trends.
In addition to monitoring backup data change rates to detect potential ransomware attacks, with this announcement, Cohesity is also offering the integrated detection and alerts for file-level anomalies within unstructured files and object data. This includes analyzing the frequency of files accessed and the number of files being modified, added, or deleted by a specific user or application to ensure a ransomware attack is detected.
Respond: In the event of a successful attack, recovering any compromised data becomes the most vital function. Cohesity’s instant mass restore enables IT admins to recover not just files but hundreds of virtual machines to any point in time – a process that typically takes legacy or even modern backup solutions days, if not weeks. In these critical moments, backup solutions are only as good as how quickly they can recover the data – a quick recovery reduces the chances of downtime and lost revenue due to a ransomware attack.
Cohesity also provides the capability for customers to locate and delete infected files across their global data footprint, including in the public cloud. In addition, customers benefit from the platform’s ability to scale up to an infinite number of nodes without any detrimental impact on performance, which allows customers to store as many backups as they want right next to the production system for recovery.
These capabilities are now generally available to all customers using the latest version of Cohesity DataPlatform (Pegasus 6.1.1.).
“Protecting data against ransomware has become a crucial challenge for enterprises as traditional backup solutions have become targets themselves. ESG research shows that the vast majority of enterprise end-users have expressed concern about backup cross-contamination caused by cyber-attacks. Cohesity’s end-to-end proactive solution, with its laser focus on preserving backups from cyber-corruption combined with restore flexibility capabilities, is a notable improvement over more reactive approaches that can leave backups exposed.” ― Christophe Bertrand, Senior Analyst, ESG.
“Our organization has experienced two attempted ransomware attacks that have been resolved with limited downtime and expense using Cohesity DataProtect. Both incidents involved SharePoint mapped drives that were CryptoLocked and required restoration of the entire database using the previous Cohesity backup and instantly resolved the issue at no additional cost.” ― Ben Price, Associate CIO, Administrative & Residential IT, University of California, Santa Barbara.
“Ransomware is one of the greatest enterprise threats right now and as it becomes more targeted and sophisticated, organizations have realized that a reactive approach is insufficient. Instead, they need a mitigation strategy that focuses on holistic prevention with rapid detection and response. Cohesity is not just the only solution that provides the necessary tools for this, they also provide mass restoration from immutable backups that gives me confidence that if/when we face a ransomware attack, we will be able to avoid any downtime or disruption to our business.” ― Jon McFarland, Security Analyst, 1st Security Bank.
“Several of our customers have had to deal with ransomware attacks and Cohesity has been vital in helping them avoid substantial downtime or payments to restore their data. Cohesity’s comprehensive solution offering prevention, detection, and response ensures that enterprises have what they need to overcome increasingly sophisticated ransomware attacks and keep focused on running their business.” ― Arnoud Kamphuis, Infrastructure Engineer, Fundaments B.V.