Cohesity FortKnox is a SaaS cyber vaulting solution that improves cyber resiliency with an immutable copy of data in a Cohesity-managed cloud vault via a virtual air-gap. FortKnox is part of the Cohesity Cloud Services portfolio and provides an additional layer of protection against ransomware and other cybersecurity threats while dramatically simplifying operations and lowering costs. FortKnox also helps prepare organizations to recover confidently from attacks. The vaulted data, hosted in Amazon Web Services (AWS), can be recovered back to its original source or to alternate locations in the event of a ransomware attack or other incident that compromises primary and secondary copies of the data. It helps customers eliminate the complexity and large CapEx investments of DIY data vaults and traditional tape outs.
Protecting against ransomware, disasters, and bad actors using cyber vaulting and recovery isn’t new to customers. In fact, they may already be employing a variety of methods to protect their data, including shipping magnetic tapes offsite or deploying and maintaining remote clusters at parallel infrastructure. But these methods are complex, time-consuming, costly, and error-prone. Restoring from tape, in particular, is seldom able to meet strict recovery SLAs.
FortKnox simplifies this complexity by providing a modern, easy to use, and cost-effective SaaS solution for vaulting data in the cloud that minimizes attack surfaces and improves recovery time SLAs. It also helps improve ransomware attack and recovery preparedness. FortKnox monitors for anomalous snapshots that could indicate a ransomware attack, and it identifies clean copies of data to minimize the risk of reinfection.
FortKnox is best suited to address the following use cases:
Ransomware protection and recovery
Secure, cost-effective cloud archival
Long-term retention for data governance and compliance
Deploying defense-in-depth strategy
Protection for sites that are not yet vaulting data
Protecting workloads where cloud vaulting is preferred
Edge location data vaulting
Dynamically changing workloads/agile environments
Helping to qualify for cyber security insurance
Your data is secured both in transit and at rest—and we give you the option to manage your own encryption keys or have our service manage them for you. For more information, visit the Cohesity Trust Center.
Cohesity takes the security of our customers’ information very seriously. We recognize how critical it is to comply with standards and protect the confidentiality, integrity, and availability of information assets. We maintain third-party assessments and assurances to validate the security posture of our products and services against industry standards, including SOC 2 Type II.
Cohesity also performs regular penetration tests by qualified third-party assessors.
Yes. You need Cohesity DataProtect self-managed before you can use FortKnox.
Yes, but each organization is responsible for its unique settings and configurations.
FortKnox simplifies operational complexity for our customers by providing a Cohesity-managed SaaS solution for cyber vaulting.
It provides an additional layer of protection and immutability by creating an operationally air-gapped copy of data that’s tamper-resistant and isolated from ransomware attacks or bad actors.
It helps customers avoid CapEx and move to a predictable OpEx model.
In some cases, it can also help customers qualify for cybersecurity insurance.
True air gapping requires complete isolation of management and network connectivity to achieve data resiliency. In today’s world where we need to be able to rapidly recover business operations at scale—for example, following a ransomware attack—FortKnox provides the right balance of secure isolation and speed of recovery via a dynamic connection or ‘virtual air gap’ to meet the needs of the business.
Yes, customers can air gap their data with Cohesity today in a number of ways. They can use magnetic tape and ship it offsite, or deploy and maintain parallel infrastructure with appropriate controls to serve as a data vault. They can use FortKnox to achieve data isolation, with Cohesity managing the data vault via a modern SaaS solution that eliminates operational complexity and CapEx. FortKnox offers several advantages over tape: it’s faster, more reliable in terms of recovery, and easier to use than DIY data vaults.
FortKnox continues to add support for new workloads. Find an updated list of data sources here.
FortKnox is a SaaS offering that’s complementary to an existing self-managed Cohesity cluster. The copy stored in FortKnox is isolated from the primary and backup copies of data. It should complement existing data protection practices like maintaining snapshots for operational recovery and replicas for disaster recovery.
Yes, there are two versions of FortKnox available today. Cohesity customers can choose between the FortKnox warm storage tier and the FortKnox cold storage tier—both hosted on AWS—to meet varied business recovery and cost objectives. The warm tier vaults data to meet stringent recovery SLAs. The cold tier vaults data that can tolerate longer recovery times but must be securely retained for the long term to meet compliance requirements.
Providing a modern “3-2-1” alternative to the “1” (magnetic tape) can serve as added insurance in case of physical damage (from natural disasters, power loss, etc.) to, or accidental deletion of, the Cohesity backup cluster.
With FortKnox, customers can create an immutable copy of their data in a Cohesity-managed cloud vault via a virtual air gap. The FortKnox data is not hosted in the same environment as the production or primary backup copy of data. The FortKnox data can be configured to be held in a different location than the production and/or primary backup copies of data. Moreover, the vault is kept separate from the customer’s AWS instance, which results in an improved security posture and helps protect their vaulted data from both internal and external bad actors.
In the 3-2-1 rule for data protection, you need 3 copies of your data in 2 locations, with 1 being isolated. DataProtect offers the ability to rapidly recover from operational copies (e.g. snapshots). SiteContinuity offers the ability to replicate and fail over/fail back data between 2 locations. FortKnox offers the ability to create an isolated 3rd (or 4th or 5th, and so on) copy of the data in the cloud. It differs from the other copies of data due to its many built-in security features that keep the data out of the hands of external and internal bad actors.
FortKnox does not provide automated failover/failback to the DR site.
Ready to get started?
Start your 30-day free trial or view one of our demos.