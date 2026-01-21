Cohesity has unveiled Identity Threat Detection and Response (ITDR) capabilities that expand its Identity Resilience portfolio, providing a more comprehensive approach to securing and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID.

Identity is foundational to enterprise security, underpinning all access. Without it, operations grind to a halt, and organizations are at risk. Attackers constantly seek to exploit misconfigurations, privilege escalation paths, and weak controls to gain access to sensitive data. Cohesity is confronting this challenge head-on with purpose-built capabilities that can proactively strengthen identity security posture, stop identity-driven attacks in real time, and accelerate recovery with precision.

“Identity is at the heart of cyber resilience. When identity systems are compromised, the impact can be immediate and business-wide,” said Vasu Murthy, chief product officer, Cohesity. “By bringing together threat detection, automated response, and rapid recovery across Active Directory and Entra ID, Cohesity delivers an industry-leading solution with a single, unified view of hybrid identity risk. This enables organizations to reduce risk, stop identity driven attacks faster, and recover with confidence before, during, and after an attack.”

Before an attack, Cohesity continuously inspects identity posture, detects misconfigurations, flags risky changes, and identifies identity-based attack patterns early to minimize the attack surface and shine a light on lateral movement attempts across hybrid AD environments.

During an attack, automated remediation capabilities can immediately respond to malicious changes across AD and Entra ID and execute critical rollback actions that can’t wait for human intervention. Security teams can also build custom rules, alerts, and automated workflows to halt attackers in their tracks.

After an attack, Cohesity helps accelerate incident response by converting complex identity change data into natural language, enabling rapid investigation, search, and rollback at the object and attribute levels. Teams can trace attacker activity, isolate and evict attackers, and prevent repeat intrusions with granular, point-in-time forensics.

New capabilities in this launch include:

Vulnerability assessment: Continuous monitoring of AD and Entra ID for indicators of exposure (IOEs) and compromise (IOCs), powered by expert threat intelligence.

Continuous monitoring of AD and Entra ID for indicators of exposure (IOEs) and compromise (IOCs), powered by expert threat intelligence. Automatic rollback: Automated remediation actions that reverse malicious or risky identity changes in real time.

Automated remediation actions that reverse malicious or risky identity changes in real time. Tamperproof tracking: Immutable tracking of identity changes, even if logs are turned off or bypassed.

Immutable tracking of identity changes, even if logs are turned off or bypassed. Service account protection: Detection and remediation of dormant, misconfigured, or overly privileged service accounts.

Detection and remediation of dormant, misconfigured, or overly privileged service accounts. Entra ID change tracking: Near real-time visibility into role assignments, group membership changes, and user attribute modifications.

Near real-time visibility into role assignments, group membership changes, and user attribute modifications. Compliance reporting: Pre-built templates aligned with GDPR, HIPAA, PCI, SOX, and other regulatory frameworks.

Pre-built templates aligned with GDPR, HIPAA, PCI, SOX, and other regulatory frameworks. SIEM/SOAR integrations: Seamless connectivity with Splunk and Microsoft Sentinel to enrich SOC workflows.

“What we hear most from customers is how difficult identity incidents are to detect and prevent,” said Justin Hall, VP of Strategic Partner Growth, Pellera. “Cohesity gives teams innovative solutions to spot risky identity changes early, respond automatically when needed, and cleanly recover their identity systems quickly, helping customers stay operational even in the face of sophisticated attacks.”