• Products
    • Cohesity Data Cloud

      Cohesity Data Cloud

      A unified platform for securing, managing, and extracting value from your data, available as self-managed software and SaaS.

    • DataProtect

      DataProtect

      Simplify your data protection, ensure recovery, and defend against ransomware with a modern, hyperscale solution.

    • FortKnox

      FortKnox

      Isolate your data to further strengthen your ransomware protection and recovery strategy with our SaaS solution.

      • Highly secure data vault providing a “virtual air gap”
      • Immutability, quorum, and other features to protect data from malicious activity
      • Dramatically simple deployment and acquisition
    • DataHawk

      DataHawk

      Protect against ransomware with threat intelligence and scanning, cyber vaulting, and ML-powered data classification—all in one simple solution.

    • SmartFiles

      SmartFiles

      The smartest way to optimize cost, scale, and efficiency for your unstructured data. Manage, secure, and do more with your data with next-level software-defined file and object services for the hybrid cloud.

      • Software defined
      • Unified file and object services
      • Massive scale with optimized efficiency
    • SiteContinuity

      SiteContinuity

      Automated disaster recovery failover and failback orchestration strengthens business continuity strategies. Get always-on accessibility without adding infrastructure silos, operational complexity or cost.

    • Cloud Services

      Cloud Services

      Radically simplify the way you protect, secure, govern, and analyze data with a comprehensive portfolio of Cohesity Cloud Services offerings.

    • Marketplace

      Marketplace Overview

      Defend against cyberthreats and speed access to insights with apps from Cohesity and industry partners.

      • Analytics
      • Compliance
      • Data recovery and migration
      • Malware defense
    • Certified Platforms

      Certified Platforms

      Confidently run Cohesity software in your data center, in the cloud, or at the edge with certified solutions from Cohesity and our partners.

  • Support
    • Support Overview

      Support Overview

      We know you’re busy, so when something doesn’t work quite right, our experts are here to help you fix it, fast.

    • User Group

      User Group

      The Cohesity User Group connects a passionate community of data security and management professionals to engage in purposeful conversations, explore best practices, and build new friendships.

    • Cohesity Academy

      Cohesity Academy

      Build your multicloud data management skillset. Cohesity Academy delivers training, education, and certification in ways that make the most sense for both you and your business.

  • Customers
    • Index

      Customers

      Discover what customer-centric means at Cohesity. Learn why enterprises worldwide choose Cohesity to transform their data management.

Ransomware is the new ‘bad boy’ on the cybersecurity front. It has replaced Advanced Persistent Threat (APT) network attacks as the highest profile cyberthreat for IT departments of organizations big and small. For the purpose of this blog we define Ransomware as “computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to restore it”(ref: wikipedia). Ransomware used to target individuals but has now firmly established itself in the enterprise arena. In these cases, valuable enterprise data is encrypted by malware and only restored in exchange for a ransom payment. Recently, several high profile Ransomware attacks have found mention in the media as in here, here and here!

In most cases, targeted companies just pay up the hush money. Since there is no data breach per say, the incident typically doesn’t even get reported to federal agencies. This, however, is not going to last long, because the FHA is already smarting from a slue of ransomware attacks on hospitals.

Ransomware succeeds because every strategy to combat ransomware has one point of failure that has no real protection – humans. We expect humans to not be humans (i.e not fall for phishing or such attacks) to truly protect ourselves from Ransomware and that simply is not going to happen. So by default, backup systems become the option of last resort to minimize the effects of ransomware attack. However, any reasonably sophisticated Ransomware attack assumes that its intended victim will have a proper backup strategy in place. Therefore it is most likely designed to find and encrypt backups or destroy them as well. Even a very conscientious backup strategy will not protect the enterprise from this kind of ransomware attack if the backup system is not built to protect against such attack.

Cohesity provides robust protection against ransomware by keeping your backup data secure. But before we go into details about the Cohesity’s ‘secret sauce’, let’s make it absolutely clear that we are not hiding behind the semantics of what constitutes additional protection – because this seems to be case for every other backup vendor that claims to provide Ransomware protection.

  • We do not believe in security through obscurity doctrine. Therefore we don’t assume that backups are secure because they are hidden. In fact, we assume that machines that mount the backup will get compromised at some point.
  • We assume that in the case of Cohesity Views (backup job or file volume) that are mounted as SMB / NFS mount, when the server that mounts Cohesity is compromised, the ransomware will find Cohesity Views and encrypt them as well.

So what’s different about Cohesity as a backup system that can protect against this? Well, there are few fundamentally unique things that Cohesity does that no other secondary storage vendor can do. We can do that because we have built a completely new kind of file system, the Cohesity file system, designed for secondary storage workflows from the ground-up. Few of its key salient points are:

  • Cohesity is a scale-out storage platform that exposes itself via standard protocols such as NFS and SMB
  • The file system can take unlimited snapshots very quickly and store them with extremely low overhead
  • The file system allows you to have very large number of Views and clone these Views instantly with almost zero cost in terms of storage

We protect your backups via time-based snapshots. The original backup job is kept in an immutable View. That View is never made accessible or mounted by an external system. Only clones of that original View can be mounted externally. If worm burrows into the system, the best it can do is encrypt a clone of these snapshots. Extending this further, when we restore a snapshot, we clone it and only the clone is mounted on the server. So internal snapshots are never exposed.

The upshot: The system always has a clean copy. The Ransomware can delete the files in the View, but it cannot touch the immutable snapshot. And restoring a view that has been encrypted by Ransomware is as simple as restoring the snapshot!

Let’s tie all this up with a couple of concrete examples.

In the first example we consider Cohesity protecting DB servers:

  • Every 4 hours, the DB server dumps to a Cohesity View and we have one View per database (because we can have large number of Views without adding to the overhead).
  • The View is also scheduled to have a snapshot taken after every backup. This is a quick operation that takes only milliseconds to complete. This is also extremely space-efficient because it employs redirect-on-write technology.
  • The ransomware somehow finds the backup repository and encrypts the Cohesity View where DB server dumps are stored.
  • As the ransomware writes, Cohesity performs Redirect-on-Write and writes the data to a new place, not modifying the last immutable snapshot.
  • The admin can now simply restore the View to the last available snapshot just before the Cohesity View was encrypted and from the Cohesity View, restore the primary DB. But before doing that, the admin takes a snapshot of the encrypted View to be used as the forensic evidence of the incident which is again quick, painless and zero-cost.
  • Lastly we pre-empt any issues with the backups by indexing them. Indexing implicitly verifies the validity of a backup.

This is how we can easily recover from the ransomware attack without missing as much as a beat! We have also explained through a short video below.

The second example considers Virtual Workloads:

  • Cohesity also talks VADP API’s to backup VMware environments.
  • The Cohesity software again utilizes the Cohesity file system to clone and keeps the VMs fully hydrated in the backend even when doing incremental backups. Whenever a VM is to be restored, it is cloned and the clone is made available to ESX. When a ransomware somehow finds this and destroys the VM backup via NFS, it can only destroy the clone and the admin can easily clone the backup from the master copy and restore the VM.
  • Again Cohesity saves the day because we have proper and frequent backups and we also verify that the backups are OK by doing indexing on the VMs. Moreover the backup copies cannot be accessed by outside entities and we use the fast cloning to clone before exposing them.

To summarize what key features in Cohesity protected the company from the worst of Ransomware is:

  1. Cohesity has exteremely low RTO and RPO and enables proper backups by allowing a large number of them.
  2. Cohesity has fast snapshotting capabilities that is space and time efficient. This allows backups of backups.
  3. The snapshots are protected because they cannot be directly mounted and tampered with.

A well designed system assumes failures at various levels including (and most certainly) from humans. No matter how much a company invests in security products, the relentless nature of malware attacks almost guarantees that it will fall victim at some point of time. Backups are the only sure shot way to provide protection from catastrophic consequences. Cohesity’s unique approach to backups enabled by the Cohesity file system, purpose-built for secondary storage, presents a formidable foe to all ransomware attacks.

Authors: Vivek Agarwal and Ganesh Shanmuganathan

vivek-a
Vivek Agarwal
vivek-a
Vivek Agarwal

Head of Corporate and Business Development

Recent Blogs
See All Authors
Head of Corporate and Business Development
vivek-a
Vivek Agarwal
Head of Corporate and Business Development
vivek-a
Vivek Agarwal

Head of Corporate and Business Development

Recent Blogs
See All Authors

You May Also Like

Blog

Cohesity SmartFiles Breaks into The Top Echelon of File & Object Solutions

Learn more
X image
Icon ionic ios-globe

You are now leaving the German section of www.cohesity.com/de/ and come to an English section of the site. Please click if you want to continue.

Don't show this warning again