A fresh approach to modern application resilience: Cohesity’s clean application recovery

“What’s the best way to improve my cyber resilience?” We get this question all the time from the world’s largest organizations. Even as each organization is unique, our answer is consistent. We recommend our five-step cyber resilience model and are now providing more solutions so you can improve your resilience posture.  Follow these five steps:

• PROTECT ALL DATA. Ensure global governance. Identify all unprotected workloads. Ensure your backups are immutable, encrypted, and MFA protected—this is your biggest security risk.
• ENSURE DATA IS ALWAYS RECOVERABLE. Harden all your data platforms. Ensure a 3-2-1 secondary data strategy. Add a cyber vault so your data can be recovered even in the face of a cyberattack or a disaster.
• DETECT AND INVESTIGATE THREATS. Look for threats in your data. Turn on scanning to detect malware or anomalous changes in data. Travel back in time to investigate. Regularly conduct threat scanning and threat hunting, at speed and at scale. 
• PRACTICE APPLICATION RESILIENCE. Preparation is not enough. You need to practice application recovery plans regularly, as if you're in the middle of a cyberattack.  Automate these exercises with cyber recovery orchestration: initiate, investigate, mitigate.
• OPTIMIZE DATA RISK POSTURE. Constantly look for risks in your environment inside and outside your secondary data. Mitigate these risks.

Let’s talk about Step 4: “PRACTICE APPLICATION RESILIENCE.” The heart and soul of this step is the ability to prepare, practice, and recover from incidents. In this step, you take preparation to the next level by practicing your cyber incident response and recovery processes. After all, you don’t want to be executing your response strategy for the first time in an actual attack, when your systems are down and the pressure is on. You may think, “Practicing investigation, containment, remediation, and then bringing everything back online is a time-consuming process. How can I regularly test and still do my day job?” Automation is crucial—it’s what drives efficient practice and simplifies incremental improvement in your response capabilities. We’re investing a lot in this area to help you.

Cohesity RecoveryAgent: Helping you recover cleanly, quickly, and efficiently

To this end, we’re excited to share the latest evolution of our cyber recovery orchestration offerings for Application Resilience—a new approach to help you cleanly recover your applications after an unplanned disruption or destructive cyberattack. We recently announced Cohesity RecoveryAgent, our agentic orchestration tool designed to help customers automate all the aspects of recovery for both data center and cloud. RecoveryAgent is currently available to select customers in Tech Preview and is expected to be generally available in the second half of calendar year 2025. We’re excited for customers to use it to manage granular recovery across multiple domains in complex hybrid environments, including on-premises, cloud, PaaS, and containers. Now, we want to share more about what RecoveryAgent will do to help you recover applications cleanly, quickly, and efficiently. Let’s get into the details. 

A new era in application resilience

To bring your applications back after an attack, you need a “clean” copy of that application's configuration and data—not necessarily the “latest” copy. This is where many traditional approaches fall short. Traditional approaches are based on disaster recovery. In these scenarios, recovering from the most recent configurations and data is sufficient. However, with cyber recovery, if you try to bring your apps back online with a recent configuration, and/or recent data,  vulnerabilities can be re-introduced. Consequently, recovery will fail, and your business will continue to be down. IT teams often rush to recover from a cyberattack without fixing the root cause. This “rush to recovery” results in reinfection and prolongs the damage to your organization.
That’s why we’re offering a fresh approach to application resilience, powered by RecoveryAgent and the modern ecosystem of DevOps tools to help quickly bring applications back online from a “last known good state.”

Cohesity RecoveryAgent orchestrates incident response and recovery processes.

We’re extending our Recovery Agent capabilities to help you recover applications cleanly, quickly, and efficiently. Fast recovery from cyberattacks requires practicing full application recovery that includes automated orchestration, infrastructure recovery, data recovery, and clean room testing of applications. This applies to applications running in your data centers and the cloud. Here are five highlights of our vision for clean application recovery:

• Clean infrastructure recovery: Rather than simply “rewinding” the recent configuration backups, which could restore vulnerabilities and misconfigurations, Cohesity’s clean infrastructure recovery allows for the recovery of trusted configurations, with options to restore configurations from backup.
• Coverage for data center applications recovery and clean room: For on-prem to on-prem, or on-prem to cloud recovery, RecoveryAgent will allow you to automate infrastructure config recovery, data recovery, and clean room recovery with significant potential cost savings, based on widely used DevOps tools. (More on this below.) The instant mass restore capabilities of Cohesity Data Cloud provide further potential cost savings.
• Recover your “Minimum Viable Company”: We pioneered the digital jump bag^TM for cyber resilience, a collection of your important assets to help you recover from a cyberattack. You should keep configuration files and any other required data in your digital jump bag, to help you “reboot the company.” Our methodology around a digital jump bag has been co-innovated with several marquee customers, and is state-of-the-art in product, process, and people as best-practice in our industry.
• Partner-managed recovery and incident response: RecoveryAgent allows our amazing partners to develop incident response blueprints and manage recovery on your behalf. Our partners are already using our Clean Room blueprints for their own capabilities. Our approach to application resilience can also be templated and used by our partners.
• Use Cohesity CERT (Cyber Event Response Team): Our team of cybersecurity experts is available to all Cohesity customers 24/7. CERT works alongside you and your incident response vendors in the event of a cyberattack. Together, we help ensure your data is restored, your applications are back online, and your business quickly resumes operations with minimal downtime. Our CERT team works closely with Google-Mandiant, Palo Alto Unit42, Arctic Wolf, PWC, Accenture, and other leading security incident response teams. Our focus is on data protection/data security event response, and we triage with their larger focus on broader incident response.

During cyber incident response and recovery, IT practitioners, platform engineers, incident responders, and security professionals all have crucial roles to play in getting systems back online. Application owners are internal customers of these teams, as the organization rallies to get the business back online.

Watch the video below, Cohesity + Veritas: Inside the Innovation Engine

Why DevOps tools unlock application resilience: The multicloud era demands a modern approach

DevOps tools from the open-source community (like Terraform and Ansible) and hyperscale cloud vendors are designed for the era of API-driven infrastructure. More specifically, these tools are perfect for the application resilience use case because they tend to adhere to these core principles:

• Declarative configuration: Defines the end state of your infrastructure and application resources, not the procedural steps to achieve it. Infrastructure as code (IaC) codifies infrastructure resources in reusable, versionable configuration files, enabling consistent and repeatable deployments. 
• Security baselining: Infrastructure as code (IaC) automation significantly bolsters cloud security by minimizing manual errors, a common source of vulnerabilities and misconfigurations. Automated pipelines test and validate this code before deployment, catching potential issues early. IaC enables rapid, reliable remediation of identified vulnerabilities by simply updating the code and redeploying, ensuring that the entire infrastructure adheres to security best practices and reducing the window of exposure. 
• State management: These tools maintain a state file that tracks the current state of infrastructure, mapping configuration to real-world resources. This is crucial to determining the “last known good state.” With Cohesity’s modern approach to application resilience, we can compare the last config state from the DevOps pipeline, and the current config (with Terraform, Ansible, CloudFormation Templates, etc.). Legacy approaches to this problem just leave you guessing at what the last known good state might be.
• Immutability: Encourages immutable infrastructure patterns, where changes result in replacing resources rather than modifying them in place, reducing configuration drift.
• Community and ecosystem: Tools like Terraform and Ansible benefit from a strong open-source community, providing extensive documentation, modules, regular enhancements, and integrations.
• Cloud-native frameworks: All the major cloud providers have native tools for standing up infrastructure and application resources (AWS CloudFormation, Azure Resource Manager, Google Cloud Deployment Manager). Terraform and other tools support multiple cloud providers and other infrastructure services (e.g., Kubernetes) through a unified provider model. When every enterprise has a multicloud strategy, this framework is incredibly attractive.

We explored other ways to solve the application resilience use case. Modern infrastructure as code and cloud provisioning tools proved to be the most attractive option as measured by the speed of recovery, security, and cost savings. Furthermore, Cohesity has strategic relationships with the top hyperscale cloud vendors. AWS and Google are equity investors in Cohesity—Microsoft is also a strategic partner. IBM, who now owns Red Hat and HashiCorp, is a strategic OEM partner of our platform. We are working with all these partners—AWS, Microsoft, Google, IBM—on our modern approach to application resilience in contrast to legacy approaches to this in the past.

What’s next: Request Tech Preview access to Cohesity RecoveryAgent

We’re excited about this vision for clean application recovery, and how it’s going to help you recover your entire application environment—apps, infrastructure, and data. If you’re ready to learn more, contact your account team for tech preview access to Cohesity RecoveryAgent. Cautionary Statement Regarding Forward-Looking Statements: Any forward-looking statements in this release are based on management’s current expectations and beliefs and are subject to change/update without notice. Any unreleased services or features referenced in this blog post are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Cohesity Global, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.

Learn more:

• Get our white paper to learn what to put into your digital jump bag
• Register for the webinar, Cyber incident response readiness: From preparation to action.