Cohesity FortKnox

Cyber resilience with highly secure, cyber vaulting for all your data

Data isolation is a crucial component of a comprehensive backup strategy designed to protect against cybersecurity threats, power outages, human error, and natural disasters. The 3-2-1 rule is a widely accepted industry best practice for data protection and recovery. By having three copies of data on two different media, with one stored off-site, organizations gain a simple yet highly effective strategy to ensure data resilience and availability in the face of cyberattacks, hardware failures, or natural disasters. In the past, data has been isolated using magnetic tape, which was then shipped off-site to create a true “air gap.” However, to meet the more stringent RPO and RTO requirements of the modern cloud era, companies must have a secure data vault, either on-premises or in the cloud.

FortKnox is a secure data isolation and recovery solution that enhances cyber resilience by creating an immutable copy of data that can be stored off-site. Available as both a Cohesity-managed cloud vault and a self-managed solution, FortKnox offers an additional layer of protection against cyberattacks while significantly simplifying operations and reducing costs, preparing organizations to recover confidently from attacks.

Cohesity FortKnox represents a modern approach to data security, combining robust security features with operational simplicity. It empowers organizations to safeguard their critical data against evolving cyber threats and natural disasters while ensuring rapid recovery capabilities.

All the security. None of the complexity.

FortKnox is a secure data isolation solution that enhances cyber resilience by creating an immutable copy of data in an isolated data vault. It represents a modern approach to data security, combining robust security features with operational simplicity. FortKnox empowers organizations to safeguard their critical data against evolving cyber threats while ensuring rapid recovery capabilities. Available as a Software-as-a-Service (SaaS) or self-managed solution, its granular recovery options allow recovery of data from the vault to original or alternate locations through a single user interface. FortKnox eliminates the complexity of legacy vaulting solutions, enabling organizations to confidently recover from attacks while optimizing costs and maintaining compliance with security standards.

Key Benefits

Providing an extra layer of protection for missioncritical data from both external and internal bad actors, companies can meet the demanding recovery SLAs without compromising on security or accessibility. With FortKnox, customers can take advantage of:

An Additional Layer of Protection for You and Your Data

“Virtual air gap” with physical separation, third-party custodianship, and network and operational isolation.
Safeguard your data with the multilayered security architecture, which was built on the notions of least privilege and segregation of duties, both for managing the data and administering the platform.
Go beyond zero trust with comprehensive granular security capabilities (WORM, MFA, RBAC, quorum approvals, key management).
Monitor and automatically scan for anomalies to detect and counter cybercrime.
Enhance security by leveraging immutability and object locking to make the vaulted data tamperresistant against both external and internal threats.
Minimize vulnerabilities with built-in management isolation, which prevents bad actors from accessing the vault or modifying vault configurations.

Streamline Recovery to Drive Business Continuity

Easily and confidently identify an untainted copy of data for recovery in case backup data is attacked or lost due to a disaster.
Meet ransomware recovery SLAs with quick recovery, unlike legacy approaches like tape.
Recover specific files and objects quickly and easily, without needing to recover entire volumes, unlike traditional data vaults.

Reduce Complexity and Risk

All user and API access requires authentication and authorization. Strong, multi-factor authentication technologies are available from access tokens to certificates to smart cards to one-time password tokens.
Rich authorization capabilities range from rolebased access control to integration with enterprise authorization platforms like AD/ADFS, Okta, etc.
Granular access to data resources—such as workloads, storage domains, external storage targets—are tightly controlled. Users do not have blanket access to all resources in the system.
Encryption of data-at-rest and data-in-flight keeps the data private and the platform tamper-resistant.
Comprehensive audit logging, syslog integration with SIEMs, and the Security Dashboard enable customers to continuously monitor and assess administrative activity as well as the security posture of the platform.

Secure Operational and Management Isolation

Management isolation provides an additional layer of security in case on-premises systems become compromised, lost or physically damaged.
Complete management isolation provides an additional layer of security against data exfiltration of vault data. Someone who has access to the cluster cannot access or restore data from the vault.
The vault is logically disconnected outside the vaulting window.
Vault management, configuration, and policy updates can only be made from the Helios/FortKnox UI. The cluster or element GUI cannot modify the vault configuration or restore data.
Quorum authentication provides extra security against unintended read access or data exfiltration.

Deployment Options

FortKnox for DataProtect (SaaS)

Cohesity FortKnox powers a modern 3-2-1 strategy for the cloud era, effectively balancing organizations’ security and agility priorities. As a SaaS cyber vaulting and recovery solution, FortKnox enhances cyber resiliency by providing an immutable copy of data in a Cohesity-managed cloud vault through a virtual air gap. Organizations that rely on FortKnox gain an additional layer of security against ransomware and other cybersecurity threats via physical separation, as well as network and operational isolation. FortKnox dramatically simplifies operations and reduces costs, eliminating the complexity and resource requirements associated with internally managed isolation solutions. FortKnox is a cloud service that empowers organizations to prepare for and recover quickly and confidently from attacks, allowing for granular recovery back to the source or an alternate location, including the public cloud. Currently, FortKnox supports data vaulting on AWS and Microsoft Azure.

FortKnox for DataProtect (Self-Managed)

FortKnox Self-Managed enables you to securely vault a copy of your backup data in a securely isolated Cohesity cluster. FortKnox Self-Managed is optimized for fast data recovery, minimizing downtime in the event of a cyberattack. It allows you to maintain an isolated, immutable copy of your data within your own on-premises infrastructure. This also ensures protection against cyber threats or primary cluster failures while enabling full control, security, and compliance over the vaulted data.

FortKnox for NetBackup (SaaS)

FortKnox is available for NetBackup as a multi-cloud storage service with a virtual airgap designed to protect applications and infrastructure from threats targeting backup data. With FortKnox, there is no need to build, manage, or protect a physical site to isolate backup data. FortKnox customers can secure their NetBackup compressed and deduplicated data in a protected Cohesity tenant hosted by various cloud service providers. Customers who adopt FortKnox benefit from complete backup and recovery of all application data, rapid and flexible data recovery, and secure, adaptable provisioning.

With FortKnox multi-cloud immutable storage service, organizations can ensure their data is protected from cyber threats with a predictable as-a-service subscription offering. The cloud-based cyber vaulting provides a seamless, fully managed storage option for critical data.

1000044-009

Cohesity Data Cloud

Data Cloud packaging

Certified platforms

Backup & Recovery

Cloud Data Protection

SaaS Data Protection

Unstructured Data Protection

Cyber Resilience

Zero Trust Security

Archive & Long-Term Retention

Disaster Recovery

Identity Resilience

Ransomware Anomaly Detection

Threat Protection

Data Classification

Cyber Vaulting

Cyber Recovery Orchestration

Digital Jump Bag

Clean Room Solution

AI Conversational Search

Reporting & IT Insights

Global Search

Why Cohesity

Cohesity vs. Rubrik

Cohesity vs. Commvault

View all solutions

Learn more

Microsoft 365 Protection

AWS

Azure

Google Cloud

Google Workspace

Slack

Active Directory & Entra ID

Hyper-V

Kubernetes

IBM

MongoDB

MS SQL Server

NAS

NoSQL & Hadoop

Nutanix

Oracle

Red Hat

SAP HANA

VMware

Financial services

Healthcare and life sciences

Manufacturing and logistics

Federal government

State, local government, and education

Retail and hospitality

Legal

Energy and utilities

Telecom

Technology

Media and Entertainment

View all

Corporate Overview

Blogs

Demos

Events and Webinars

Customer Stories

Glossary

Marketplace

Podcast

Support

Support login

How-to videos

Cyber Event Response Team

Cohesity Community

Cohesity Academy

Trust Center

Channel Partners

Global System Integrators

Security Partners

Cloud Alliances

Technology Partners

Managed Service Providers

Data Security Alliance