Protect and secure your data from cyber attacks
Data Protection
Data Security
Data Insights
The 5 Steps to Cyber Resilience
Cloud & SaaS
Enterprise
Industries
Snapshot threat tagging and sharper anomaly detection make detection smarter, while new threat hunting and scanning for Microsoft 365, self-managed deployments, Microsoft Azure, and Google Cloud extend it across your data.
In our latest Cohesity Data Cloud release, we’re shipping five new threat protection capabilities aimed squarely at the part of your environment attackers count on you ignoring: the backup estate. These new features are built to make threat detection on secondary data faster, easier, and more complete. And they reinforce Step 3 of the Cohesity 5 Steps of Cyber Resilience®: Detect and investigate threats.
The five capabilities follow two threads: the first two make threat detection sharper, and the next three extend it to every place your data lives—from SaaS, to self-managed and air-gapped environments, to the public cloud.
When Cohesity’s rapid threat hunting feature finds a match for an indicator of compromise, the system automatically writes a tag (Hashes Matched), which helps reduce the risk of attempting to recover with a potentially dirty snapshot. Previously, those results lived only in the scan report, leaving teams to cross-reference findings against backup inventory by hand.
Now, the tag travels with the snapshot. Your recovery workflows can consume detection results directly. Identifying and skipping a compromised copy becomes a filter, rather than a separate process. Your incident responders get traceable artifacts for the incident timeline, and the tags are built to flow into the SIEM and SOAR tools your security teams already use.
Modern ransomware is engineered to dodge statistical detection. For example, malware encrypts a few files per cycle, uses partial or header-only encryption, and leaves file extensions untouched, so nothing obvious trips an alert. Historically, anomaly detection needed a sizable anomaly (around 250MB or more) and often fifteen or more incremental backups to build enough confidence to generate an alert. That’s days of attacker dwell time.
This new release gives you entropy-based detection that inspects file-level data characteristics—the entropy signature of encryption—rather than relying solely on aggregate signals. The result: partial, header-only, and same-extension encryption now come into view, and suspicious activity can surface as early as the first incremental backup. Higher-fidelity detection also means fewer false positives.
This capability is rolling out through early access, so reach out to your Cohesity account team to get your hands on it early.
With detection now sharper, the next step is reach—making sure threat protection covers every place your data lives. Microsoft 365 is one of the most heavily backed-up SaaS platforms in the enterprise, yet efficient threat scanning has lagged. The reason is simple: sheer scale. A single M365 tenant can hold 30,000 to 50,000 objects across Exchange Online, SharePoint, and OneDrive. Conducting a threat scan on this amount of data won’t finish inside a daily backup window.
The solution—incremental scanning. Incremental scanning for M365 changes the math by scanning only the delta between snapshots. You can run scheduled, recurring scans, so malware injected between backup intervals is caught before a restore can reintroduce it. And because scanning runs on secondary data, there’s no performance hit for users in production. It closes a SaaS blind spot that’s been hard to cover until now.
For customers running Cohesity Data Cloud in a self-managed model—on-prem, air-gapped, or in regulated environments where SaaS isn’t an option—rapid threat hunting is now available. Search for known malicious file hashes (SHA-256) across hundreds of millions of files in under a minute, without standing up separate tooling or shipping data outside your trust boundary.
The use case is the one we’ve all lived through. It’s late on a Thursday. Your SOC team gets a flash bulletin about a campaign targeting your industry, complete with a list of file hashes to check for. With rapid threat hunting in Cohesity Data Cloud, an incident responder can drop those hashes into the search tool and learn—in seconds—whether those files exist in your backup estate today, and whether they were ever present in the last several months. Files are hashed on ingest and indexed for instant lookup, so the answer is one search away.
For IT practitioners, this means you can now offer the same proactive threat-hunting capability to security teams whether your deployment is SaaS or self-managed. No tradeoffs. Same speed. Same workflow.
Cohesity Data Cloud now brings several detection techniques to Microsoft Azure and Google Cloud backups:
Together, these three techniques deliver layered, defense-in-depth coverage for cloud workloads, fully integrated into the same dashboards and shared context IT and security teams already use.
Individually, each capability solves a concrete problem. Together they describe where threat protection on backup data is heading: detection findings that persist with the data, anomaly detection sensitive enough to catch surgical attacks early, and consistent threat hunting and scanning everywhere your data lives—SaaS, self-managed and air-gapped, and the public cloud.
That’s the thread running through all five new threat protection capabilities. You can use Cohesity Data Cloud to transform backups from cold storage you hope is clean into an active detection surface, a second opinion that’s out of band from where an attacker has persistence.
If detection in your environment stops at production, if anomalies only surface after days of dwell time, or if whole corners of your estate go unscanned, that’s not a tooling preference. It’s an exposure worth closing.
These capabilities are now part of Cohesity Data Cloud. To see them in action—or to get early access to entropy-based anomaly detection—connect with your Cohesity account team or request a demo.
Written By
Jared Ruckle
Sr. Director - Product Marketing, Solutions & Industry
Kamal Deka
Senior Product Manager