AWS Partner Network (APN) Blog
Supercharge your cyber resiliency with Cohesity DataHawk
By Edwin Galang, Cloud Solutions Architect, Cohesity
By Girish Chanchlani, Principal Solutions Architect, AWS
Cohesity |
Organizations worldwide are grappling with an increase in ransomware and cybersecurity threats as threat actors intensify attacks for monetary and political gains. According to ESG’s 2023 Ransomware Preparedness report, three out of four companies have been impacted by ransomware in the last 12 months. Data breaches can have severe consequences, everything from operational disruption to financial losses to companies going out of business. Organizations need solutions for providing multiple layers of security to protect, respond, and recover from these security events.
To help organizations improve their cyber resiliency, Cohesity launched Cohesity DataHawk, a SaaS service running on AWS. It provides advanced data security capabilities to enable faster response to cybersecurity incidents, classification of sensitive data for better protection, and confident recovery of malware-free data. Cohesity DataHawk uses Artificial Intelligence (AI) to perform behavioral analytics to identify malware like ransomware and threats from malicious insiders. Organizations can identify the early stages of a ransomware incident and mitigate it before there is an impact, with built-in threat-hunting capabilities and a curated feed of Indicators of Compromise (IOC).
In this post, we provide an overview of Cohesity DataHawk and the key features that highlight how customers can monitor and improve their security posture. We also present a customer case study that covers how this customer was able to modernize their environment and improve their security posture with Cohesity’s solutions.
Cohesity is an AWS Storage Competency Partner that’s redefining data management to lower total cost of ownership (TCO) and simplify the way businesses manage and protect their data.
Overview of Cohesity DataHawk
Cohesity DataHawk is part of Cohesity Cloud Services, a portfolio of as-a-service offerings that enable organizations to meet their data protection, security, business continuity, disaster recovery and data isolation requirements. DataHawk works with Cohesity DataProtect, allowing you to investigate and respond to cybersecurity incidents and ensure that malware-free data is recovered immediately. With Cohesity DataHawk, organizations can accelerate the detection and response to ransomware and other cybersecurity incidents, which lowers the risk of data loss and speeds recovery.
DataHawk provides as-a-service offsite cyber vaulting capability, when combined with Cohesity FortKnox for an additional layer of security. FortKnox offers virtual air-gap capabilities with physical and network isolation for protecting critical backup data. Support for immutability is provided via Cohesity DataLock, MFA, RBAC, and Cohesity-managed Key Management Service (KMS), to prevent unilateral changes to vaulted data. These are supported by integrating with AWS features including Amazon S3 Object Lock, access control through AWS Key Management Service (KMS), Identity and Access Management (IAM), and others to ensure data integrity by preventing any tampering of data stored in the cloud.
Cohesity DataHawk and Cohesity FortKnox running on AWS, empower IT teams and incident responders to protect data and rapidly respond to compromised systems across the organization, and restore business operations quickly.
Key features of DataHawk include:
- DataHawk provides automated, point-and-click threat protection, leveraging over 100K threat rules continually updated by market-leading threat intelligence.
- DataHawk provides highly accurate, AI/ML-driven data discovery and classification to identify sensitive data and assess the impact of a cybersecurity incident. Over 230+ data classifiers allow organizations to search for personal, financial, health and customer-defined sensitive data across global locations.
- DataHawk provides a fully managed SaaS cyber vaulting solution with automated data isolation and recovery.
Let’s take a closer look at Cohesity’s DataHawk solution. Figure 1 below, shows the Security Center dashboard that provides customers a single-pane of glass to monitor for threats and assess risks in their environment. From this dashboard, customers can also leverage Cohesity FortKnox to isolate their data and, if necessary, recover from a ransomware event.
Figure 1 – Threat Protection Dashboard in Security Center
As shown in figure 2, in DataHawk’s threat detection UI, with a single click, users can run an on-demand or scheduled threat detection scan. This scan will analyze files and data using 100K+ Indicators of Compromise (IOC) and/or Custom YARA rules to hunt for any malware in the environment.
After the threat scan has completed, users can review the details of the threat scan and take appropriate action.
Figure 2 – Threat detection UI
Figure 3 shows DataHawk’s data classification UI, where users can run classification on objects to scan data and discover significant and sensitive information in their data, including Personal Identifiable Information (PII), PCI and HIPAA.
Figure 3 – Classification Scan UI
After the classification scan has completed, the user can review the details of the scan, as shown in figure 4 below. The scan shows the number of unique patterns matched and the sensitivity of the patterns in the files.
Figure 4 – Detailed view of data classification scan
In DataHawk’s Cyber Vaulting dashboard, as shown in figure 5 below, users can view and manage Cohesity FortKnox to create an immutable, isolated copy of data in a Cohesity-managed cloud vault in AWS and recover data if the original data source is unavailable.
Figure 5 – Cyber Vaulting with Cohesity FortKnox Dashboard
Customer Case Study: Department of Transportation (DOT) helps ensure cyber recovery with Cohesity
Department of Transportation (DOT) at the state level is committed to moving people and goods through the state in a timely and efficient manner, and is entrusted to maintain safety on roadways and relieve congestion on the interstates. At this particular DOT, IT leadership faced numerous challenges with their existing data protection solution, including difficulty in protecting and recovering their VM based infrastructure at scale. Monitoring for compliance with security and cyber resilience regulations was difficult or not possible in certain cases. They were also coming up on a costly licensing renewal, which led them to explore alternative solutions.
Cohesity’s Proof of Concept (POC) with the DOT delivered interesting results, showcasing a 3x improvement in data recovery speed. The DOT Cyber Security Team valued the faster Recovery Time Objectives (RTO) for critical applications and the integrated malware scanning and detection features, enhancing their overall security posture.
Based on these results, DOT deployed Cohesity DataProtect, FortKnox and DataHawk on AWS to secure and protect over 1 PB of data at two main data centers and six remote sites. This comprehensive solution protects critical workloads, including approximately 8,000 Microsoft 365 users. The seamless integration was facilitated by AWS and Cisco, spanning DOT’s IT and cloud environments.
Conclusion
In this blog, we introduced Cohesity DataHawk, an AI/ML-powered data security solution that provides customers with multiple layers of security measures to proactively defend against ransomware. DataHawk’s centralized Security Center dashboard allows customers to easily and quickly monitor security alerts, threats, sensitive data exposure, data isolation status, and the security posture of their Cohesity platform. Additionally, Cohesity DataHawk can be integrated into leading perimeter and end-point security vendors, giving customers greater visibility and actionable alerts in their Security Operations Center (SOC).
For more information on Cohesity, visit the DataHawk product page on cohesity.com, see it in action in this demo, or check Cohesity on the AWS Marketplace. If you are looking for more information, sign up for 30-day free trial.
.
Cohesity – AWS Partner Spotlight
Cohesity is an AWS Storage Competency Partner that’s redefining data management to lower total cost of ownership (TCO) while simplifying the way businesses manage and protect their data.