Cohesity lets vulnerabilities be scanned in backups with new CyberScan application

Cohesity CyberScan is facilitated by advances in their 6.3 release earlier this year, and their partnership with Tenable through the Cohesity Marketplace.

Cohesity CyberScan

Hyper-converged secondary storage vendor Cohesity has announced the release of Cohesity CyberScan, a new application that uses their backup data to perform vulnerability scanning on backups, reducing risk posture without the need to disrupt the production environment to do so. CyberScan is based on technology advances in their Pegasus 6.3 release in February, which allowed third-party applications to run directly on the Cohesity platform. The vulnerability scanning engine itself comes from Tenable, one of those third-party vendors.  CyberScan is a part of the 6.4 Pegasus release.

“When we launched our Marketplace earlier this year, we talked about working with ecosystem partners more and Cohesity CyberScan is an example of that,” said Raj Dutt, Director of Product Marketing at Cohesity. “CyberScan will leverage the backup data to look for vulnerabilities by using the backup copy.”

A new study conducted by the breach-focused Ponemon Institute study [on behalf of ServiceNow, not Cohesity] emphasized the salience of identifying and addressing vulnerabilities, and pointed out that many organizations do a poor job at it.

“A majority of organizations said that a known vulnerability had caused a data breach in the past two years,” Dutt said. “They wanted more visibility about this. But the requirement for 24/7/365 availability means that it’s hard to schedule vulnerability scans. With thousands of devices, it’s hard, complex and expensive. So many organizations scan infrequently. Every few weeks is common. Or they don’t scan at all. Over a third – 37 per cent – said that they don’t even scan for vulnerabilities at all.”

The result, the Ponemon Institute says, is that organizations are at risk for security and compliance, with an average data breach cost of $3.86 million.

Cohesity CyberScan is specifically designed to address this issue by leveraging backup data to assess vulnerabilities, and is the first solution of this type to hit the market.

“The Cohesity Cyberscan application looks for vulnerabilities in the production environment by leveraging the backup copy, and runs the vulnerability scans on backup snapshots to ensure recoverability,” Dutt said. “It also discovers blind spots in the product environment.”

The vulnerability engine comes from Tenable, one of the established vendors in that space, which has worked with Cohesity through the Marketplace. It detects exposures against regularly published entries within the public Common Vulnerabilities and Exposures database.

“We run the Tenable scan against the database, to give the IT operator a very clear idea of which snapshots are compromised,” Dutt said. “It means customers know they can recover with confidence, because they will know what vulnerabilities are in a snapshot before they bring it back online.”

Being able to run the scans on the backup data removes the problems of scheduling it in a production environment.

“There is no longer a need to wait for a backup window, because they can assess posture in production by running it on the backup, without having to wait for a window,” Dutt said. “They can run as many as they like, with no impact on their production environment.”

Cohesity CyberScan was facilitated by the new capabilities in the 6.3 Pegasus release allowing third-party applications to run on the platform, together with the partnership that made the Tenable.io engine available to do the scanning.

“The 6.3 release uniquely allowed us to run applications on the backup data,” Dutt said. “Cohesity Marketplace, which we introduced at the same time, is an enabler of getting these solutions to the customers. So, the combination of 6.3 and the Marketplace facilitated this. We chose to leverage the Tenable engine because they are best of breed in the space.”

Expect more of this type of functionality going forward, Dutt said. Marketplace originally launched with four solutions: Splunk Enterprise; two antivirus applications, SentinelOne and the open source Clam Anti-Virus; and Imanis Data, which provides NoSQL and Hadoop, and which Cohesity has since acquired.

“This is the next wave,” and we will continue to add more, Dutt said. “At the same time, we are not looking for thousands of apps. Our core is anti-ransomware, DLP, compliance, analytics, eDiscovery, data transformation, SIEM and infrastructure.

“We are at our core a data management vendor,” Dutt concluded. “Our goal is to make backup data more productive for customers.

The Cohesity CyberScan application is generally available to all Cohesity customers as part of the new Pegasus 6.4 software release.