What is Cohesity Threat Defense?

Unless you work for an insurance carrier, it is reasonable to assume that not many people are big fans of paying insurance premiums, especially when the premiums jump as much as 300% at the time of renewal. Thankfully, I’m not talking about our personal insurance premiums (while those also continue to rise, that’s a discussion for another day); I’m talking about cyber insurance that organizations purchase to hedge against potential cyberattacks, including ransomware. Interestingly, even after raising insurance premiums, organizations are unable to secure enough coverage and cyber business lines for the insurance carriers are experiencing declining profits.

So what is causing your cyber insurance premiums to skyrocket? It’s the evolving threat from ransomware attacks. As I covered in my previous blog, cybercriminals have changed their tactics. To ensure a monetary payout, hackers are no longer encrypting production data and deleting backup copies. Instead, they are now deploying the “double extortion scheme,” encrypting your production and backup data while at the same time stealing your confidential data and threatening to publish it on the dark web unless a ransom is paid. According to Trend Micro, to date, over 35 ransomware families have employed double extortion techniques, including Ryuk, LockBit, and more.

To counter these threats, organizations are increasingly adopting zero-trust strategies, as recommended by the U.S. White House executive order. While adopting zero-trust principles is a good start, it is not enough to protect your data and business reputation in this evolving cybersecurity landscape. The NIST Cyber Security Framework emphasizes adopting a multi-layered defense-in-depth strategy to help you survive an attack. Cohesity’s Threat Defense architecture follows and then goes beyond zero-trust to help organizations achieve cyber resilience.

So, What Is Cohesity Threat Defense?

Data is in the center of any organization. This data is generated by multiple sources and touched by many API integrations, business applications, and of course, users. At the end of the day, what matters are the outcomes you can achieve from that data —- whether resilience to recover from natural disasters, operational failures, or protecting your business against the evolving threat from ransomware attacks.

Threat Defense architecture is designed to help you enhance cyber resiliency and stay one step ahead of the cybercriminals. The key pillars of Threat Defense are:

• Data resiliency
• Access control
• Detection and analytics
• Data security integrations

Let’s dig into each of these key pillars.

Data resiliency: Your data drives your business and should be able to withstand any failures that may occur, including hardware problems, system or software corruption, human errors, natural disaster, or ransomware. To achieve data resiliency, Cohesity Threat Defense includes capabilities such as:

• Immutability: Baked into the foundation of Cohesity is SpanFS, a third-generation distributed file system, which stores all ingested data in internal Cohesity Views that are never exposed to any external application or users. Any attempts to modify an immutable backup snapshot will automatically create a (zero-cost) clone, which is also marked read-only. Further, Cohesity was the first modern data management solution ever to introduce a time-bound write once read many (WORM) capability that we call DataLock, which offers an additional layer of protection against any internal threats.
• Encryption: Cohesity offers high-performance FIPS-validated data encryption utilizing the strong AES256 standard to ensure that data is protected both in-flight and at rest.  The Cohesity platform offers flexibility to seamlessly integrate with the third-party key management systems of your choice.
• Fault Tolerance: Data integrity is key to protecting your data, and that starts with completing successful backups, irrespective of the conditions. Cohesity’s hyperscale distributed architecture, resiliency to the node(s) or cluster failure, auto-healing, unique strict consistency, and more ensure that your backup data is resilient against any hardware or software failures.

Access Control: According to Verison’s Data Breach Investigations Report, cybercriminals prefer to use lost or stolen credentials over malware to deploy ransomware attacks, as these are much easier to obtain and can easily bypass antivirus programs and other security software. Colonial Pipeline was one of the largest and most disruptive ransomware attacks of 2021. The attack was attributed to DarkSide, a hacking group that leveraged a compromised password to gain access. To mitigate against the risk posed by weak user passwords and insider threats, Cohesity Threat Defense includes capabilities to stop unauthorized users from impacting your business.

• Multifactor Authentication requires that anyone accessing the Cohesity platform authenticates using multiple authentication factors, such as something you have (i.e. your mobile device, one-time password token, smart card, etc.) and something you know (i.e. your password, PIN).

Other capabilities that help organizations establish stricter access controls include:

• Granular Role-based Access Control (RBAC) helps stop unauthorized access and enables organizations to grant users appropriate privileges to perform their duties.
• Quorum: Similar to your safety deposit box that requires your key and another from the bank to operate, no single user or compromised credential can impact the most sensitive operations on the Cohesity platform. Any critical changes, including root-level changes, need to be authorized by two individuals, making your data and the platform secure. Additionally, unlike certain alternative data management solutions, Cohesity doesn’t have a service back-door built into the platform that cybercriminals can exploit.
• Continuous Monitoring and Auditing: Capabilities like Security Advisor, granular auditing, ML-based ransomware detection, and integrations with SIEM and SOAR platforms help Cohesity customers ensure a strong data security posture whilst keeping an eye on their data and the overall Cohesity environment.

While Cohesity Threat Defense capabilities will help protect your critical data against encryption or deletion, what about the threat posed by data exfiltration, as I like to call it, “Ransomware 3.0” and covered it along with 1.0 and 2.0 in my previous blog, Countering the Evolving Threat of Ransomware? The ransomware attacks on Acer and Bangkok Airways are just a couple of examples of how cybercriminals deploy sophisticated data exfiltration attacks. While backup-based data anomaly detection can help tackle ransomware 1.0 and ransomware 2.0 variants, it is not designed to detect data exfiltration.

It is critical to realize that in order to deter data exfiltration, detection of suspicious activity must occur much earlier, and the existing techniques built around backup data anomaly detection, are designed to analyze backup data, which at best happens every 24 hours. Backup and recovery are still essential for defending against a data encryption attack, but organizations need to rethink their data security and data governance strategies to reduce their risk of data exfiltration. Data security and data governance cannot be siloed anymore.

AI-driven Detection and Analytics, the next pillar of Cohesity ThreatDefense, helps organizations get ahead of the threats posed by Ransomware 3.0, data exfiltration. Unlike other solutions, Cohesity scans data sources and backup data so that you know what sensitive data you have and where it resides as well as whether it’s been compromised (or about to be compromised) by ransomware.  In addition to source-side data anomaly detection that identifies anomalies indicative to ransomware compromise, the other critical capabilities of this pillar include:

• Data classification: Scanning your data proactively at the source gives you advanced visibility to the location and exposure level of your sensitive data.
• Adaptive Behavioral Analytics: Whether it is ransomware or a malicious insider seeking to amass and exfiltrate data from your organization, AI-powered behavioral analytics can provide visibility into unusual, anomalous, or potentially risky access activity to your critical data.  This can be critical in detecting and stopping cybercriminals from fully exfiltrating your organization’s most sensitive data assets.
• Near real-time threat detection: Cohesity integrates next-gen antivirus engines that run natively on its platform to identify whether ransomware and other forms of malware are lurking within the data on the platform.

The final pillar of Cohesity Threat Defense architecture is its extensibility, the platform’s ability to integrate with leading security tools seamlessly. From Cisco SecureX to Tenable, Cohesity offers a wide range of integrations with cloud, data classification, endpoint, identity, and SIEM and SOAR partners to help protect your data and your business reputation.