The anti-ransomware components, which are built into the core Cohesity backup platform and not a separate line item, gives their partners the ability to come to customers’ rescue and provide peace of mind against a well-publicized problem.
Hyperconverged backup provider Cohesity has announced a three-pronged capability to combat ransomware. It provides end-to-end protection with components geared at prevention, detection and response.
“The amount of ransomware has grown more than 700 per cent since 2016, and more than a third of attacks have resulted in ransoms being paid,” said Satinder Sharma, Director of Product Solutions Engineering at Cohesity. “Losses from ransomware this year are expected to reach $11.5 billion. Customers are looking to us to provide an answer for this.” The data come from Cybersecurity Ventures, which provides research and reports on cybercrime and the cybersecurity industry.
Cohesity’s anti-ransomware capacity is not a brand new product, but a combination of long-time and newer capabilities integrated together to provide a multi-layered strategy to address the problem.
“The new capabilities are a mix of existing platform capability, and new functionality we have added,” said Satinder Sharma, Director of Product Solutions Engineering at Cohesity.
Sharma said that what is unique about the Cohesity anti-ransomware capability compared to alternatives offered by other backup providers is that multi-layered, three-stage approach.
“We address ransomware with three layers of protection – prevention, detection and response,” Sharma said. “We are the only ones that can offer this complete end-to-end capability.
“The prevention part we added in our 6.1.1 release [in December 2018],” Sharma stated. “The first thing that attackers go after is the backup system, so a restore can’t happen. We prevent this by preventing anyone from modifying the backup. If they try, the data is written to a new instance, and the original snapshot remains intact. Even someone with admin privileges can’t override this to go in and delete, in case the attacker can present their credentials. That’s the prevention part of it.”
The Detection part is designed to uncover anything that does get inside.
“The Detection part comes from Cohesity Helios, which we introduced last year,” Sharma indicated. Helios is a SaaS-based data and app orchestration and management solution that leverages machine learning capabilities, which is on top of the Cohesity platform. It provides anomaly detection that alerts the customer’s IT admin and Cohesity’s support team when the backup data changes or ingest rates fall outside the norm based on historical trends.
The third part, Response, is based on an instant mass restore capability that lets admins recover hundreds of virtual machines instantly, at scale, to any point in time.
“This instant restore capability is a capability that has always existed on the platform,” Sharma said. “We can instantly bring back up hundreds of VMs. It takes 15 minutes to restore 200 VMs.”
Sharma pointed out that as a hyperconverged solution, Cohesity enjoys an advantage against legacy backup providers when it comes to protecting the system against ransomware.
“A legacy backup infrastructure consists of many components which are separate and vulnerable,” he said. “You have to lock down six different places. In hyperconverged, on the other hand, one of the key benefits is that it is all one infrastructure, so you have only one single place to lock down. That gives customers a lot of help in itself, and it adds a piece of mind component.”
For Cohesity’s channel partners, it also provides an opportunity to come to the rescue of their customer and address a well-publicized problem.
“For a partner, anything that allows them to exercise their trusted advisor capability and bring in a solution that solves a customer problem is of considerable value,” Sharma said. “This adds to their arsenal, and lets them educate the customer around it.”
The new anti-ransomware capability is available to customers at no additional cost.