Thursday, 24 January 2019 01:01

Cohesity adds ransomware protection to secondary storage

Cohesity director of product marketing Raj Dutt Cohesity director of product marketing Raj Dutt

"Legacy back-up is becoming a target" for ransomware, Cohesity director of product marketing Raj Dutt told iTWire, so the latest release of Cohesity's hyperconverged secondary storage software provides protection against ransomware.

Ransomware is a US$2 billion criminal industry that affected 40% of organisations during 2017-18, he said. Thirty-five percent of cases were resolved by paying the ransom.

"Legacy back-up solutions are ineffective against today's ransomware attacks, which have become a top concern for almost every organisation," said Cohesity vice-president of product management, Raj Rajamani,

"Real protection requires an integrated approach that combines proactive defence measures, intelligent monitoring, and the power to restore massive amounts of data immediately."

Recent examples of ransomware start by eliminating shadow copies of data and then move on to encrypting the production data. This prevents victims recovering from the situation by restoring from backup, explained Dutt.

Cohesity's SpanFS immutable file system already works to ensure that any changes to backup data create clones, leaving the previous version intact and available for restoration.

This has been enhanced by the new DataLock function that provides WORM-style capability. Regardless of the credentials presented, a DataLocked snapshot cannot be changed or deleted for a specified period.

Cohesity users can combine these features to ensure they always have a protected backup, he said.

Furthermore, the new release provides for multifactor authentication to help ensure that authorised users really are who they purport to be.

The updated version of the Cohesity Helios SaaS-based secondary data and application management solution goes beyond detecting changes in backup data rates (which can be symptomatic of a ransomware attack) to monitor file-level anomalies concerning unstructured files and object data.

Any such anomalies are brought to the attention of IT administrators and Cohesity's support staff.

If a ransomware attack is successful, Cohesity's SpanFS allows a potentially unlimited number of snaps and clones to be retained on premises. As soon as the most recent unaffected backups have been identified (using Cohesity's "Google-like" global search capability), the restoration process can be started from that screen.

This means hundreds of virtual machines can be restored in "minutes rather than hours" of admin time, explained Dutt.

All snaps are fully hydrated, so they can be mounted on the Cohesity platform and accessed in situ as soon as the relevant VM has restarted. The data is then recovered to its normal location in the background while operations continue.

This rapid recovery reduces the risk of lost revenue due to ransomware attacks.

Cohesity's "comprehensive solution against ransomware attack" is available to all customers as part of the latest version of Cohesity DataPlatform, said Dutt. "It's all built into the solution."

The initial reception from analysts and customers given early access to the update has been that it addresses a real problem, and is a comprehensive solution to a growing threat, he said.

University of California, Santa Barbara associate CIO for administrative and residential IT, Ben Price said "Our organisation has experienced two attempted ransomware attacks that have been resolved with limited downtime and expense using Cohesity DataProtect.

"Both incidents involved SharePoint mapped drives that were CryptoLocked and required restoration of the entire database using the previous Cohesity backup and instantly resolved the issue at no additional cost."

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments