Ransomware focus of new offerings being announced at Cohesity’s first ever user conference

One of the new services, Cohesity DataGovern, is specifically focused on data exfiltration, the latest tactic being employed in ransomware by cybercriminals.

Today, at their first ever annual user conference, Cohesity Connect, data protection vendor Cohesity is announcing a pair of new security and data governance offerings. Cohesity DataGovern is a new data security and governance service that uses AI and machine learning to automate the discovery of sensitive data and detect anomalous access and usage patterns. The other offering being announced is still in the project stage. Project Fort Knox will be a service that will let customers maintain an isolated copy of their data in a Cohesity-managed vault  to improve data resiliency in the face of ransomware attacks.

“At our first annual Cohesity Connect conference, the core focus is around ransomware,” said Matt Waxman, Cohesity’s VP of Product Management. “It’s here to stay, and that means learning how to deal with it. Our focus is on how we help customers minimize their blast radius.”

Waxman pointed out that ransomware to date has evolved through three separate chapters.

“In the first one, the bad actors came in and encrypted production data,” he said. “We reacted by enabling customers to rapidly restore from backup data. Then, as companies began to rely on their backups as their main defense, the bad actors went after the backups first, and tried to destroy or encrypt them. Our response to that was immutability. Now, in the third chapter, during this last year, they have focused on exfiltration attacks to steal the data. You need more than backup to protect against that.”

The service that is available now in preview, Cohesity DataGovern, is explicitly focused on this latest problem of ransomware stealing data. It is a data security and governance service that automates the discovery of sensitive data with AI and machine learning, to  detect anomalous access and usage patterns which could indicate a cyberattack in play.

“Data security and data governance have been two sides of the same coin,” Waxman said. “Security looks at who has access, and data governance looks at where the data is. There is a need to converge these.”

Waxman said this service has four core capabilities: leveraging AI and machine learning; automatically classifying and identifying sensitive data, PII or regulatory, and tagging it, something that doesn’t scale well manually; defining policy settings or leveraging out of the box ones; and remediation.

“It is delivered as a SaaS service, and you don’t have to be backed up on Cohesity to use this,” he added. “It will launch in preview this week.”

The other announcement, Project Fort Knox, will be a service that will allow customers to maintain an isolated copy of their data in a Cohesity-managed vault  to improve data resiliency in the face of ransomware attacks. In addition to immutability, this gives customers another way to thwart attackers trying to encrypt data.

“Today, many people use the 3-2-1 rule for backup – three copies in two locations with one isolated,” Waxman said. “But many customers can’t afford that, or are edge environments or are so dynamic in spinning up workloads that they don’t follow best practices.”

Waxman said Project For Knox represents a more modern approach.

“It’s an isolated copy of data in a vault that we provide as a  service,” he noted. :It includes ransomware protection as well as a sandbox environment for validation. Nearly no one does the sandbox part today.”

Project Fort Knox will be available, under its non-project name, in the near future, Waxman indicated.

At the event, Cohesity also announced the general availability of its next ‘as a service’ offering – disaster recovery as a service [DRaaS], which extends the DR capabilities provided by Cohesity SiteContinuity.

“What is specifically GAing here is ability to do the DR from SiteConinuity to the cloud, specifically the AWS cloud, as a recovery location for failover and failback,” Waxman said. “It’s a new use case for SIteContinuity.”