Ransomware remains a “buzz topic” in 2021, and for good reason. Hackers not only continue to grow more sophisticated in their attacks, but they are also actively working to capitalize on the increase in remote working driven by COVID-19, as well as the pervasive desire for knowledge about the pandemic. Without a doubt, effective ransomware protection has become critical no matter where in the globe or in what industry you are. The challenge is that the very divergent angles of data protection, attack prevention, attack detection, damage control response, and rapid recovery all need to be addressed.
Ransomware attacks are practically inevitable, and the right backup solution can be invaluable from the standpoint of facilitating fast recovery when ransomware strikes. Furthermore, the right backup solution can help to deter an attack from happening to begin with, can help to avoid having to pay expensive ransoms and fines, and it can help to avoid data loss and downtime – which undermine organizations’ credibility in addition to adding yet more costs. With this in mind, Evaluator Group worked with Cohesity for in-depth validations of Cohesity’s ransomware protection capabilities.
To begin with, Cohesity demonstrated to Evaluator Group how it can prevent backup systems and backup data from being compromised. Cohesity allows for immutability and for data points to be designated as write once read many (WORM). Even more noteworthy, Cohesity showed a number of safeguards that it offers to further protect this data from loopholes around immutability and WORM, such as shortening retention periods and leveraging a factory reset command to delete this data. Additional detail is available in our in-depth Lab Insight Report, “Validation of Cohesity Accelerated Recovery from Ransomware”.
Cohesity employs user authentication, including two-factor authentication, and role-based access control (RBAC), including requiring two-person concurrence for root access to the cluster, to further protect access to the backup data.
These safeguards protecting access to the backup data minimizes the incentive for bad actors to make an encryption attack on production systems. Cohesity can further reduce the risk of production systems being compromised by allowing backups of virtual machines (VMs) to be scanned against known vulnerabilities through its CyberScan app. Cohesity demonstrated to Evaluator Group not only this scanning process, but also that the “vulnerability status” of each VM is presented in the Cohesity UI, and that a downloadable Tenable report for security teams is automatically generated. This insight not only indicates the health of the production environment as of the time of the most recent backup, but also can help backup administrators to identify the best recovery point in the event that a recovery is necessary.
Along a similar vein, Cohesity demonstrated its ability to analyze backup data for anomalous changes such as broad-spread encryption activity on a particular virtual machine, in order to help to identify if an attack has occurred. It showed that its UI provides a graphical view of these anomalies as well as additional details about the anomalous activity.
In the event that an attack occurs, Cohesity can help customers to mitigate the spread of damage. Specifically, Cohesity demonstrated its ability to conduct rapid parallel backups so that copies of data can be created quickly, before being overwritten during a restore. Also from the standpoint of damage control, we observed that users can conduct a global search across all VMs protected by Cohesity to identify the location of known bad files.
Cohesity also demonstrated that it can simplify the protection of Active Directory (AD), which is important in controlling the damage wreaked by ransomware because AD facilitates access to critical applications; bad actors may attempt to penetrate the AD environment and damage applications in order to pressure for payment of ransom. Some capabilities that stand out include the ability to protect group policies directly from Cohesity, and the ability to conduct granular restores of objects and other portions of the AD environment directly from Cohesity – all with RBAC. More detail is available in the full Lab Insight Report.
Lastly but far from least importantly, Cohesity demonstrated the ways it can help to get the business back online as quickly as possible following an attack. This is critical because organizations must mitigate downtime in the face of inevitable attacks. Arguably the most important differentiator is Cohesity’s Instant Mass Restore capability. During the lab validation, we witnessed that 100 Linux VMs were created and backed up – and that they were then recovered and powered on in less than three minutes. Cohesity also demonstrated its parallel recovery capabilities (which complement the previously mentioned parallel backup capabilities), as well as its instant NAS access (which in fact took less than a second to provide) and live mount capabilities.
In summary, the series of lab validations led Evaluator Group to conclude that Cohesity is an effective and differentiated solution suitable for enterprises struggling with the challenging task of protecting their environment and business against ransomware. For full details, access our complete Lab Insight Report, “Validation of Cohesity Accelerated Recovery from Ransomware”.
Krista covers data protection and management, with a focus on multi-cloud environments, for Evaluator Group. She brings more than a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Prior to joining Evaluator Group, Krista led the data center practice of analyst firm Technology Business Leadership. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland, and led market intelligence initiatives for media company TechTarget.