The 7 tenets of modern threat protection

Today’s cyber threats are existential threats to your business, and the bar for resilience against them keeps rising. Cohesity is here to help you keep pace. 

We recently announced the upcoming inclusion of Sophos’ malware scanning as part of Cohesity Data Cloud. It’s the latest in a series of innovations designed to help you improve resilience, rapidly respond to cyberattacks, and recover to a secure state, all while keeping operational costs firmly under control.

Today, advanced threat detection is a core capability of a cyber resilience platform - it is no longer an optional add on. Platforms like Cohesity Data Cloud complement the frontline defense and investigation capabilities of modern SOCs, helping to detect attacks and ensuring rapid, clean recovery from incidents. 

In response to this market evolution, we’re making all our capabilities for detection, investigation, response, and recovery automation part of Cohesity Data Cloud Enterprise Edition. This means we are retiring Cohesity DataHawk as a separate product. 

Through the lens of our advanced platform capabilities, let’s explore seven tenets of modern threat protection—why they matter, and how Cohesity Data Cloud helps you deliver better resilience outcomes as a result. 

1. AI-powered anomaly detection

If you are simply searching for malware, you're missing an opportunity for detection based on potentially dangerous signals, i.e. anomalies. Your resilience platform should automatically flag threats that may be lurking in your data estate. 

Why it matters: Every minute of dwell time costs millions in downtime and recovery.

Cohesity’s built-in AI capabilities continuously monitor every backup snapshot for behavioral red flags—sudden encryption, mass deletions, entropy spikes, or suspicious extensions. The Cohesity Data Cloud then tags, trends, and visualizes these findings instantly. You can roll back to the precise moment of (potential) compromise and recover clean data in minutes. The outcome? Earlier detection that dramatically reduces the blast radius, with faster mean-time-to-recovery, and the confidence that your backups are now an active defense layer, not just passive storage. 

2. Advanced threat scanning

Basic signature scanning that was adequate yesterday barely scratches the surface for today’s requirements. Sophisticated adversaries bypass these defenses with identity-based attacks, living-off-the-land techniques, and zero-day exploits. You need multiple scanning options at your disposal, supported by fresh threat intelligence to ensure you’re able to stay ahead of determined adversaries. 

Why it matters: You can’t defend what you can’t see—especially across petabytes of backup data. 

Consider these capabilities under the backdrop of a few use cases: 

• You’re an IT Ops practitioner and were just notified of a new threat from your SOC team. With Cohesity Data Cloud, you can use hash-based search to quickly see if artifacts linked to adversary activity are present in your environment.  If they are found, you can enumerate the impacted machines, browse the snapshot history, identify the infection date, the blast radius, and proceed to eradicate the threat. 
• Ransomware-as-a-service platforms have EDR evasion techniques baked into their code.  You can use scanning in Cohesity Data Cloud as a second line of defense. Threat feeds provide YARA rules that help find indicators of adversary activity in your infrastructure. Scan using the most up-to-date content, or write your own custom rules to search. 
• Use Cohesity Data Cloud to analyze timeseries snapshots. This helps you uncover registry key changes and other potentially malicious configuration changes over time. 

IT and security teams have access to advanced threat hunting without leaving the Cohesity Data Cloud console. What’s more, these capabilities are passive – meaning that an adversary isn’t likely to be tipped off to these activities. Theresult: Earlier detection of advanced threats, fewer false negatives, and the ability to hunt proactively. Backups becomea powerful intelligence asset that strengthens overall cyber resilience. 

3. SIEM / SOAR integration 

Security operations centers juggle dozens of siloed tools, creating alert fatigue and delayed response. Modern attacks move faster than human teams can manually correlate data.  

Why it matters: Fragmented visibility equals slower containment and higher breach costs. 

Cohesity sends rich, contextual backup intelligence (anomalies, scan results, timeline data) into leading SIEM and SOAR platforms - Cisco, CrowdStrike, Splunk, Microsoft Sentinel, Palo Alto Networks, ServiceNow, and more.  

Incidents are pre-enriched with exact snapshot timelines and recovery options. The payoff: unified situational awareness, automated playbooks, and response times that match attacker speed—delivering measurable resilience through faster, smarter, coordinated defense. When you integrate Cohesity’s rich intelligence into your security fabric, you turn siloed tools into a unified, automated shield—delivering the speed, context, and resilience every modern organization needs to confront the next attack. 

4. Scan across a wide range of data types

Other backup vendors only scan certain file types and sizes for threats. That’s problematic, since today’s ransomware can hide anywhere - in large databases, documents, and non-executable files. This leaves entire data sets at risk. 

Why it matters: Partial visibility equals partial protection. Threats slip through the cracks. 

Cohesity Data Cloud scans a wide range of files, extensions, and sizes across Windows and Linux environments. This comprehensive approach addresses hidden risks, is designed to provide assurance, and enables true “assume breach” readiness—resulting in higher confidence during audits, faster compliance, and dramatically improved cyber resilience when recovering from attacks. 

5. Unconstrained scope for scans 

Some backup vendors limit the scope of your scanning options. Why? To minimize their internal infrastructure costs. This forces you and your teams to ration protection. In a world of constant new variants and evolving IOCs, this creates dangerous gaps. 

**Why it matters**: You should never have to choose between safety and cost. 

Cohesity helps you run scanning operations with precision—for example, automatically triggering a scan when an anomaly is detected. But sometimes, you need to scan a larger swath of your data estate. And Cohesity’s unique approach removes these artificial ceilings—no quotas, no “only 2 hunts per 5,000 VMs,” no monthly snapshot limits.  

Cohesity Data Cloud is designed so you can run scans on any snapshot, any time. The result is continuous risk assessment and proactive threat elimination. You have the freedom to hunt for the early stages of an attack, before data is exfiltrated or encrypted. This approach delivers superior resilience without compromise or surprise bills. 

6. Run scans when you want: On-demand, scheduled, or trigger-based 

Other products only allow manual scans or rigid scanning schedules that don’t adapt to live threat intelligence. Attackers evolve daily. Your defenses must keep pace. 

Why it matters: Stale intelligence equals preventable breaches. 

Cohesity empowers you to launch rapid scans against the latest feeds with one click (on-demand), via scheduled, recurring scans that pull fresh intelligence, or automatically based on triggers (such as a new threat feed update or upon detection of an anomaly). No manual entry, no scanning against yesterday’s threats.  

What’s more, you have the power to use the right scanning technique for the right circumstance: hash-based scanning, YARA rules, plus threat feeds from Google Threat Intelligence and malware scanning using Sophos. And when those scans surface files with an unknown risk profile, you can use our secure sandbox analysis to assess the danger in an integrated workflow. 

7. High performance scanning at scale 

Scanning with other products can bog down backup and restore operations, forcing painful choices between security and SLAs. Large-scale environments can’t afford performance hits during critical recovery windows. 

Why it matters: Security that slows down protection is self-defeating. 

Cohesity Data Cloud gives you the power of choice. Our architecture can handle routine scans with ease. And when you need to boost scan performance – say for an exabyte-scale forensic scan across all file types – our architecture gives you the option accelerate the scan, without constraints. 

Now is the time: Level-up your threat protection 

These seven tenets aren’t checkboxes. They’re the foundation of a cyber resilience platform that helps you respond and recover —turning your data estate into an essential component of your resilience strategy.  

They’re the exact reasons forward-thinking IT and security teams are quietly replacing their old backup systems with Cohesity Data Cloud—and sleeping better at night. 

The question isn’t whether cyber criminals will attack your systems. The question is whether your current solution can help you bounce back quickly, or if it will collapse like a house of cards. 

Be sure to connect with us at RSAC.  
 
Ready to see what real modern threat protection feels like?

• Request a free trial
• Read product documentation (customers only)
• Watch a demo