Cohesity and Nutanix team up for a refreshed approach to clean room

When a cyberattack hits, IT teams need a way to quickly restore their minimum viable operating capability, on trusted infrastructure, without risking reinfection. This requires setting up and connecting clean rooms, backup tooling, and security workflows. Today, this process is too often done manually, in the middle of an incident. It may work, but it’s slow, brittle, and hard to repeat.

Cohesity and Nutanix address this market challenge with a modern approach that is effective, repeatable, and fast. Our joint solution combines the best of both companies, including:

• Cohesity Clean Room Solution, with threat protection, anomaly detection, and RecoveryAgent orchestration
• Nutanix infrastructure‑level clean room instantiation, using Nutanix Flow and modern automation

Together, we help deliver a cyber recovery architecture that:

• Spins up a trusted, isolated Nutanix environment on-demand.
• Uses security insights to pick known‑good recovery points.
• Restores critical applications at scale using instant mass recovery.

This approach is designed to help deliver better cyber resilience outcomes for your organization: reduced risk, rapid recovery, and a superior total cost of ownership.

Why incident response is so challenging

During a ransomware or destructive attack, organizations run into the same three issues that delay RTO:

1. Uncertain recovery points: Backups may contain malware, and it’s hard to know which copies are truly clean.
2. Manual clean room setup: Isolated infrastructure and networks are often assembled under pressure, with scripts and one‑off playbooks.
3. Disconnected workflows: Security tools, forensic analysis, and recovery operations all run in parallel, but rarely as a single, coordinated process.

What’s missing is a solution that ties security‑driven clean copy selection, automated infrastructure isolation, and large‑scale recovery orchestration into one repeatable flow.

Our joint solution: A closer look

Cohesity established a baseline set of capabilities in our Clean Room Solution, and we have extended this concept for Nutanix customers, using the unique capabilities of the Nutanix portfolio.

Let’s review the specifics in more detail.

Cohesity Data Cloud provides the underlying data for restoration, plus intelligence and the control plane for cyber recovery, including:

• Threat scanning and anomaly detection on backup data to help identify clean, malware‑free restore points.
• Security signals that feed RecoveryAgent blueprints, so only trusted copies are eligible for recovery.
• Instant mass restore to bring back multiple critical applications in parallel, without waiting for full rehydration.

The result is recovery of your most critical apps and infrastructure that is both fast and durable, even in large incidents.

Nutanix: Clean Infrastructure and network enforcement

Nutanix delivers the trusted environment where those workloads run:

• Automated clean room instantiation at the infrastructure layer.
• Nutanix Flow policies for network segregation and micro‑segmentation.
• Strong isolation between production, clean room, and forensic environments.

Your recovered workloads land on infrastructure that is built to be clean and locked down from the start.

How it works: The end‑to‑end cyber recovery flow

Let’s examine how the joint solution works in a real scenario: ransomware recovery for Tier‑0 and Tier‑1 applications.

1. Cyber event detection: A cyber incident is identified by security tools or the incident response team, triggering a cyber recovery workflow. 

2. Clean copy identification: Before any restore happens:

• Cohesity Data Cloud scans backup data for indicators of compromise and anomalies. 
• Known‑good recovery points are identified and tagged. 
• Threat-intelligence enhanced recovery point recommendations help teams identify the most likely clean restore points by analyzing threat intelligence, anomaly signals, and historical scan data—even if scans weren’t run ahead of time. 
• Blueprint‑driven clean room creation. 

Cohesity RecoveryAgent then runs a cyber recovery blueprint that:

• Calls Nutanix APIs to instantiate a clean room environment.
• Applies flow‑based isolation policies automatically.
• Helps avoid unintended connectivity back into production.

3. Instant Mass Restore: Once the clean room is ready:

• Cohesity performs an instant mass restore for the prioritized set of applications.
• Multiple workloads are brought up in parallel.
• Application dependencies and business priorities are honored in sequence.

4. Operate and validate in isolation: Within the Nutanix clean room, teams can:

• Check application and data integrity.
• Run security tools and perform forensic analysis.
• Provide controlled access for business continuity, if needed.

5. Promotion back to production (optional): After validation is complete:

• Workloads can be moved or rebuilt into production or a new environment.
• Flow policies are adjusted to gradually restore network access.
• All steps are logged for audit, compliance, and post‑incident review. 

This reliable, repeatable flow can help accelerate your incident response. 

Strengthen your cyber resilience

Here are three reasons why the Cohesity-Nutanix clean room is an upgrade from your status quo. 

1. Security‑first recovery:  With this solution, recovery choices are driven by threat and anomaly data, not just backup recency. This way, only vetted, clean copies participate in recovery workflows.
2. Built for scale: Data volumes are growing exponentially. Cohesity’s instant mass restore enables parallel restoration of many critical applications.  You get your business back online faster, and avoid the traditional, slow “one‑VM‑at‑a‑time” model.
3. True joint orchestration. Infrastructure isolation (from Nutanix) and data recovery (from Cohesity) run as one coordinated plan. This reduces hand‑offs and minimizes errors in the middle of a high‑stress event.

The latest chapter in a deep partnership

The joint clean room solution is the latest innovation between our two companies. Here are a few recently-released highlights designed to help you protect Nutanix environments at scale:

• Cohesity enables seamless AHV VM recovery with preserved MAC addresses: when VM’s experiences downtime, it returns not only quickly but with all the right access controls, network configurations, and security measures seamlessly preserved, ensuring continuity, not just a simple reboot. 
• Through our integration with Nutanix Prism Central, organizations can now manage protection policies across their entire Nutanix footprint from a single console. No more configuring each cluster individually. VMs are automatically enrolled or excluded without manual overhead. And with native support for Nutanix Files via Change File Tracking (CFT)—often the most operationally critical and hardest to protect at scale—you now have the same efficient, consistent coverage as your VM workloads.
• With Nutanix Kubernetes Platform (NKP), organizations are moving more applications into modern, containerized environments, and Cohesity is extending application-aware protection to Kubernetes natively—discovering namespaces, labels, and persistent volumes, and enabling recovery that rebuilds entire application contexts, not just individual files or VMs. This closes the gap between VM-centric backup and the way modern Nutanix environments actually run.

Come see us at .NEXT 2026

At .NEXT 2026, we are committed to deeper integration, stronger cyber resilience, and a modern protection strategy for Nutanix customers, and those capabilities are now available.

While there, you can request a meeting or visit us at the Cohesity booth. And be sure to check out our Chief People Officer, Rebecca Adams, and other top women leaders from Nutanix, Cribl, and Intel in a candid conversation on AI-era leadership, team building, and driving change in enterprise tech. 

• Women in Technology: Leading at the Forefront of the AI Era | Wednesday, April 8 | 2:00 – 3:00 PM

This blog post may contain forward‑looking statements subject to risks and uncertainties. Such statements are not predictions of future events or guarantees of performance, and actual results may differ. Any unreleased services or features referenced in this blog are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Cohesity, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.