Protect and secure your data from cyber attacks
Data Protection
Data Security
Data Insights
The 5 Steps to Cyber Resilience
Cloud & SaaS
Enterprise
Industries
New hash-based scanning and other built-in security capabilities empower IT and security teams in pre-and post-attack scenarios.
Ransomware groups Qilin, Akira, Play, Medusa, and many others continue to wreak havoc on enterprises around the world. While you diligently monitor production systems for threats, there’s more you can do to reduce your risk. Scanning your secondary data provides an additional line of defense.
Scanning backup data for threats also helps prevent reinfection during recovery. Malware, ransomware, and dormant vulnerabilities in backups can propagate post-restoration, undermining cyber recovery efforts. Regular scans help ensure clean restores, boost data integrity, and reduce downtime.
That’s why our customers use Cohesity Data Cloud’s threat protection capabilities across their secondary data estate in both pre- and post-attack scenarios.
Cohesity recently launched several new capabilities to help you uncover threats faster:
New! Rapid threat hunting: search for known malicious file hashes (SHA-256) across your backups.
New! Google Threat Intelligence is now the default threat library
Schedule threat scans – daily, weekly, and monthly
Run a full threat scan or a new incremental scan – the choice is yours
Manage Custom YARA Rules
Time is of the essence when scanning for malware. With our new rapid threat hunting, you can search for indicators of compromise across billions of files in under a minute! Use this new feature for:
What does this look like in the real world? Imagine it’s 11 p.m. on a Thursday, and your SOC team just got an email from the FBI about a late-breaking threat targeting your industry. The FBI recommends you check whether your environment has files that match certain hashes. This new feature is tailor-made for this scenario. Not only can you check whether those files exist in your environment today, but you can also find out if those files were ever present in your environment in the last few months.
Incident responders will appreciate this new capability because it can reduce the threat detection process to a single, near-instantaneous search operation.
Here’s how it works: Files are hashed on ingest and stored in an indexed table for fast searching. When the hash for an IoC file on a system is identified, it can be dropped into the search tool to find the location and systems containing the same file. This aids in determining the impact and blast radius for that particular threat.
This new feature is powered by multiple high-quality hash feeds—Cohesity Data Cloud uses these feeds to help you quickly identify suspicious or malicious files in their environment.
Cohesity Data Cloud now includes rapid threat hunting, powered by hash-based scans.
Your threat protection is only as strong as your threat intelligence sources. You need high-quality threat intelligence feeds to ensure you’re scanning for the latest threats.
At Catalyst 1, we announced that the built-in set of Mandiant IoCs from Google Threat Intelligence is now bundled into Cohesity Data Cloud. This is the industry-standard of threat intelligence—a rich, high quality threat feed that’s updated daily. You will enjoy better detection rates, fewer false positives, and enhanced visibility into emerging threats.
You can also bring in additional threat feeds from CrowdStrike Falcon Intelligence, Cohesity REDLab, CISA, and other options from the open-source community. After all, better threat feeds mean better threat protection!
Cohesity Data Cloud has long supported the best practice of running threat scans at regular intervals. Now, you have more control over how often these scans run. Execute your scan jobs daily, weekly, and monthly. Choose the right interval for you, based on the needs of your business, data from operational telemetry, and feedback from your peers in IT and Security.
Threat scanning is a best practice, and we want to give you the flexibility to scan multiple ways depending on your requirements.
A full threat scan enables you to perform threat scans on an object’s snapshot data and discover potential malware lurking in said snapshot. This is a good choice for new objects recently added to your Cohesity Data Cloud deployment.
Of course, the more data you scan, the longer the scan will take. (That’s just physics.) What if you don’t want to re-scan objects that you know to be clean? Use our new incremental scanning capabilities for this scenario.
You can now configure our threat scanning capabilities to only scan the delta between the previous and most recent snapshots. This improves your overall efficiency of threat protection, while still allowing you to identify potential threats in the data.
YARA rules identify malware or suspicious files based on specific strings, byte sequences, or behavioral characteristics. Security analysts can use Cohesity Data Cloud’s support for custom YARA rules to identify and classify malware families, threat-actor tools, exploit kits, and other malicious artifacts by scanning files, memory dumps, or network traffic for specific patterns.
Build your own YARA rules and use the aforementioned scanning capabilities to uncover potential threats before they can infect your systems.
Cohesity Data Cloud provides dashboards and shared context where IT and security teams can collaborate seamlessly. Deploy threat protection from Cohesity Data Cloud and enjoy:
To get started:
Written By
Jared Ruckle
Sr. Director - Product Marketing, Solutions & Industry
Kamal Deka
Senior Product Manager
