Faster ransomware remediation with Cohesity DataHawk threat protection and data classification

cat: CyberSecurity, Data Protection

Do you dread scanning your production environment for threats during the workday? The potential performance impacts and other unwanted behaviors often lead to user complaints (or worse), but you don’t want to be caught out by undetected exposures, either. Cohesity DataHawk eliminates those concerns by allowing you to scan your backup data, protecting production performance while enabling you to take quick action if a ransomware threat sneaks past your frontline defenses.

Every Cohesity customer has access to an anti-ransomware dashboard. It constantly scans indexed backups, utilizing an AI/ML engine to apply an anomaly strength score, which, depending on the threshold defined by your organization, can trigger targeted automations. For enterprises that want heightened visibility, DataHawk adds threat protection and data classification to help you understand what’s going on in your environment and how to remediate potential threats quickly.

Do a deep dive into your data with threat protection

In addition to Cohesity’s built-in alerting, DataHawk uncovers specifics about any threat hashes that are found. The solution scans over 160,000 threat feeds and pulls information for the affected files or folders to display the exact virus hash. You can select details to see each file affected, its type—executable, etc.—and the name of the virus stream. Unlike other platforms that simply tell you something bad is lurking in your system, DataHawk empowers your security team by delivering the details needed to immediately begin remediation.

DataHawk extends your team’s reach with automated scans, the use of curated YARA rules, and proactive scans. Optimize your resources day to day, then swiftly hunt down specific threats, such as zero-day and others, without putting a load on your production environment. Because Cohesity integrates with security including CrowdStrike, Microsoft Sentinel, Palo Alto, Cisco SecureX, and others, you can ingest threat feeds or integrate alerting from another security product straight into Cohesity. In addition, DataHawk supports all major platforms, so whether you’re running VMware or Nutanix AHV or Microsoft Hyper-V, or you have physical servers or NAS file data, you can scan and protect it all. Using current indicators of compromise to run advanced threat detection scans, DataHawk complements the best-in-breed technologies already in your datacenter to safeguard against evolving threats.

Quickly understand the scope of any exposure with data classification

There are potentially thousands or tens of thousands of servers and applications in a typical enterprise environment. Given the scale, admins likely don’t know which applications or datasets are on each of those discrete servers. The DataHawk data classification feature closes that knowledge gap so you can interpret what an exposure means to you and which remediation actions will be most effective.

When a threat scan detects an anomaly, DataHawk shows you the details of that anomaly and it also classifies the data involved, so you know what was potentially compromised. That additional insight represents a huge differentiator for security teams because they can finally have a full-scope view of the virus that compromised the system, plus which files—and which file types—are at risk. Is it sensitive payment card information? Product keys? Passwords? DataHawk’s classification library calls out these data types and others.

To provide the most accurate and actionable information, Cohesity’s comprehensive filtering list uses both regex and named-entity recognition for data classification searches. DataHawk delivers critical insights into complex security incidents for entities with specific requirements, such as those that maintain a global presence or operate within rigorous regulatory frameworks. Customized patterns enable you to scan for social security numbers issued by a particular country or data covered by HIPAA rules, for example, to meet your business needs. You can even create a unique policy and proactively scan your data for highly specific types of information, and DataHawk will tell you where it exists. This is valuable for understanding and improving your current data security state and ensuring ongoing compliance.

Amplify your ransomware remediation capabilities with Cohesity DataHawk

Threat protection and data classification are critical pieces of every anti-ransomware strategy. They provide highly specific data points when you need them most. Fortunately, these capabilities don’t take months or even weeks to stand up—existing Cohesity users can immediately begin leveraging DataHawk’s enhanced features.

If you want to know more about how Cohesity DataHawk can deliver the visibility you need to swiftly spot, understand, and remediate ransomware threats, contact a CyberNorth expert. Our team can work with you to integrate the solutions you already use and enhance your ransomware protection strategy.


- back to top -