SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cohesity launches new vulnerability scan using backup data
Tue, 6th Aug 2019
FYI, this story is more than a year old

Cohesity has expanded its security offerings with the release of Cohesity CyberScan, a new application that is the first and only solution that leverages backup data to assess the vulnerabilities, or risk posture, of an enterprise's IT environment.

This is significant because vulnerabilities often lead to cyberattacks -- such as ransomware attacks or data breaches -- and discovering these exposures is the first step in defending against online criminals.

Identifying and addressing vulnerabilities has become a major challenge for enterprises today.

According to a recent survey, the majority of organisations that suffered a data breach in the past two years say it was caused by a known vulnerability that had not been patched.

The survey also found that 37% of organisations say they don't even scan for vulnerabilities.

The Cohesity CyberScan application makes it easy to assess systems for vulnerabilities.

Available on the Cohesity MarketPlace, the application works by scanning backup copies on Cohesity DataPlatform (instead of the live production copy) to identify any vulnerabilities across an organisation's IT environment, including the operating system, computer, network devices, and configurations.

The application gives a global view of all vulnerabilities through an easy-to-read security dashboard along with actionable recommendations on how to address exposures before hackers exploit them.

This application utilises vulnerability management in the Cloud to locate exposures against regularly published entries within the public Common Vulnerabilities and Exposures (CVE) database.

The application also takes advantage of Cohesity's unique architecture. This architecture also allows organisations to run applications directly on the Cohesity cluster, where the data sits, rather than moving data to a separate application environment.

“This is the first application we've seen that focuses on assessing systems for exposures, such as vulnerabilities, within backup data,” says Tenable technical alliances vice president Ray Komar.

“We believe this innovative approach provides enterprises with a novel and cutting-edge way to harden and improve their security posture across their IT environments.

Additionally, the application helps IT professionals perform backup verification, ensuring that a given backup snapshot is recoverable.

It also eliminates the risk of re-injecting known or previously addressed vulnerabilities back into the production environment when performing a recovery job.

The application also gives organisations the ability to run scans on backup data on a frequent basis, instead of waiting for weeks or months to schedule scans in the production environment, which further reduces opportunities for data breaches.

This process does not impact production performance or require that scans be run during a maintenance window.

“Businesses today need an IT environment that runs 24/7 and want to avoid recovering VMs with known vulnerabilities,” says Cohesity product management vice president Raj Rajamani.

“IT is measured by SLAs and with this new capability, Cohesity has addressed key obstacles to help organisations meet their security and recovery objectives,” says IDC cloud data management protection research director Phil Goodwin.

“The Cohesity CyberScan application leverages backup copies to provide important visibility into production systems, performs backup verification for ensuring recoverability, and helps IT avoid re-injecting vulnerabilities while recovering from any backup snapshot, all with no impact to their production environment or data."

Using backup data to protect across multiple fronts

This release builds on existing security capabilities to protect across multiple fronts including vulnerability scans, a comprehensive anti-ransomware solution, and antivirus applications.

  • Defence against ransomware: Cohesity empowers organisations to prevent backup data from becoming a target while detecting and responding to ransomware attacks using its immutable file system, anomaly detection, and instant mass restores. Customers can access Cohesity's anti-ransomware capabilities from the same security dashboard that houses the vulnerability scan, giving customers visibility and insights into “blind spots” within their IT environment.
  • Antivirus applications without parallel infrastructure: Cohesity customers can defend their file infrastructure against attacks by running the ClamAV open source application directly on file data stored on the Cohesity DataPlatform, instead of copying the data onto parallel infrastructure for analysis. SentinelOne, which is also available in the CohesityMarketPlace, provides up-to-date virus libraries based on machine-learning algorithms directly on the Cohesity DataPlatform. 

The Cohesity CyberScan application is generally available to all Cohesity customers as part of the latest Pegasus 6.4 software release.