FAQ: Cohesity FortKnox

Threat protection refers to the strategies, tools, and technologies used to defend against malicious software, or malware. Malware includes a wide range of harmful software such as viruses, worms, Trojans, ransomware, spyware, and adware, among others.

Effective threat protection involves creating an integrated security architecture with several layers of defense, including antivirus software, firewalls, email and web filtering, and patch management. Combined with user education and training, organizations can significantly reduce their risk of falling victim to malware attacks and protect their sensitive data and systems from compromise.

Threat protection safeguards sensitive data from unauthorized access, theft, or corruption. This is vital for protecting both personal and organizational data, including financial information, intellectual property, and customer records. Specifically, malware attacks can lead to financial losses through various means, such as ransom payments, theft of funds, or disruption of business operations. Threat protection helps mitigate these risks by preventing or minimizing the impact of attacks.

Malware attacks will disrupt business operations, leading to downtime, loss of productivity, and damage to reputation. Effective threat protection helps ensure business continuity by minimizing the impact of cyber threats and enabling prompt recovery from incidents. Additionally, many industries are subject to regulatory requirements and standards related to cybersecurity. Implementing effective threat protection helps organizations comply with these regulations, avoiding potential fines, penalties, or legal liabilities. At the end of the day, organizations of all sizes and across all industries must prioritize threat protection to mitigate the risks posed by malware and other cyber threats.

There are many layers of threat protection designed to detect and respond to specific types or stages of an attack. Some examples include:

1. Antivirus software is designed to detect and remove malware from computers and networks. It scans files and programs for known malicious code patterns and quarantines or removes any threats detected.
2. Firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules. They can prevent unauthorized access to a network and block malicious software from communicating with external servers.
3. Intrusion detection and prevention systems (IDPS) monitor network traffic for signs of malicious activity or known attack patterns. They can detect and respond to threats in real time, helping prevent successful attacks.
4. Email filtering solutions scan incoming emails for known malware, phishing attempts, and other malicious content. They can help prevent users from inadvertently downloading or opening malicious attachments.
5. Web filtering tools block access to malicious websites and URLs known to distribute malware. They can also restrict access to certain categories of websites based on organizational policies.
6. Behavioral analysis uses techniques to identify potentially malicious behavior on endpoints or within network traffic. This approach can detect previously unknown malware based on its actions rather than its signature.
7. Patch management keeps software and operating systems up to date with the latest security patches, which can help prevent malware from exploiting known vulnerabilities.
8. User education and training focuses on safe computing practices, such as avoiding suspicious links and attachments, which can help prevent malware infections caused by social engineering tactics.
9. Endpoint security protects individual devices, such as computers, laptops, and mobile devices, from malware infections. They may include features such as antivirus, firewall, and device control.

Your data is secured both in transit and at rest—and we give you the option to manage your own encryption keys or have our service manage them for you. For more information, visit the Cohesity Trust Center.

Cohesity takes the security of our customers’ information very seriously. We recognize how critical it is to comply with standards and protect the confidentiality, integrity, and availability of information assets. We maintain third-party assessments and assurances to validate the security posture of our products and services against industry standards, including SOC 2 Type II.

Cohesity also performs regular penetration tests by qualified third-party assessors.

Yes. You need Cohesity DataProtect self-managed before you can use FortKnox.

Cohesity provides our SaaS SLA for this service. Please see our SaaS Service Level Agreement for more details.

Yes, but each organization is responsible for its unique settings and configurations.

FortKnox simplifies operational complexity for our customers by providing a Cohesity-managed SaaS solution for cyber vaulting.

It provides an additional layer of protection and immutability by creating an operationally air-gapped copy of data that’s tamper-resistant and isolated from ransomware attacks or bad actors.

It helps customers avoid CapEx and move to a predictable OpEx model.

In some cases, it can also help customers qualify for cybersecurity insurance.

True air gapping requires complete isolation of management and network connectivity to achieve data resiliency. In today’s world where we need to be able to rapidly recover business operations at scale—for example, following a ransomware attack—FortKnox provides the right balance of secure isolation and speed of recovery via a dynamic connection or ‘virtual air gap’ to meet the needs of the business.

Yes, customers can air gap their data with Cohesity today in a number of ways. They can use magnetic tape and ship it offsite, or deploy and maintain parallel infrastructure with appropriate controls to serve as a data vault. They can use FortKnox to achieve data isolation, with Cohesity managing the data vault via a modern SaaS solution that eliminates operational complexity and CapEx. FortKnox offers several advantages over tape: it’s faster, more reliable in terms of recovery, and easier to use than DIY data vaults.

FortKnox continues to add support for new workloads. Find an updated list of data sources here.

FortKnox is a SaaS offering that’s complementary to an existing self-managed Cohesity cluster. The copy stored in FortKnox is isolated from the primary and backup copies of data. It should complement existing data protection practices like maintaining snapshots for operational recovery and replicas for disaster recovery.

Yes, there are two versions of FortKnox available today. Cohesity customers can choose between the FortKnox warm storage tier and the FortKnox cold storage tier to meet their business recovery and cost objectives. The warm tier is available in both AWS and Azure to vault data for meeting stringent recovery SLAs. The cold tier, available in AWS, vaults data that can tolerate longer recovery times but must be securely retained for the long term to meet compliance requirements.

Providing a modern “3-2-1” alternative to the “1” (magnetic tape) can serve as added insurance in case of physical damage (from natural disasters, power loss, etc.) to, or accidental deletion of, the Cohesity backup cluster.

With FortKnox, customers can create an immutable copy of their data in a Cohesity-managed cloud vault via a virtual air gap. The FortKnox data is not hosted in the same environment as the production or primary backup copy of data. The FortKnox data can be configured to be held in a different location than the production and/or primary backup copies of data. Moreover, the vault is kept separate from the customer’s AWS instance, which results in an improved security posture and helps protect their vaulted data from both internal and external bad actors.

In the 3-2-1 rule for data protection, you need 3 copies of your data in 2 locations, with 1 being isolated. DataProtect offers the ability to rapidly recover from operational copies (e.g. snapshots). SiteContinuity offers the ability to replicate and fail over/fail back data between 2 locations. FortKnox offers the ability to create an isolated 3rd (or 4th or 5th, and so on) copy of the data in the cloud. It differs from the other copies of data due to its many built-in security features that keep the data out of the hands of external and internal bad actors.

FortKnox does not provide automated failover/failback to the DR site.