It can be challenging to manage multiple environments, especially if you’re still migrating from on-premises data centers or working with multiple cloud providers. Depending on your organization’s size, it can sometimes feel like the Wild West.
Cohesity’s data management platform stands out for its ability to handle a wide range of workloads, from physical servers to cloud-native applications. This comprehensive solution simplifies data management, making it a valuable asset for enterprises of all sizes. Cohesity DataHawk builds upon this platform to provide organizations with cyber resilience. It uses AI to perform behavioral analytics on files and data to identify malware, such as ransomware, and threats from malicious insiders.
Expanded platform support
Recently, Cohesity DataHawk expanded its platform support for physical servers, Hyper-V, and Acropolis (AHV) Objects. DataHawk also allows for threat protection and data classification scanning for physical servers, Hyper-V, and Acropolis (AHV) objects on Cohesity Helios-managed clusters.
Data classification scanning identifies and labels data types, such as personal information (PII), financial records, and confidential business documents. This intelligence helps companies know what kind of data they have, where it is stored, and protect it adequately. For example, suppose you discover a server that hosts sensitive information. In that case, it’s a good indicator that you need to tighten your security policies, or perhaps the data should not reside on the server. The best part is that Cohesity DataHawk scans your backup data, so it doesn’t affect your production environment. Threat scanning works in the same way—it scans your backup data for threats and other malicious activity.
Schedule threat and data classification scans
DataHawk now allows users to schedule both threat and data classification scans, allowing them to choose between scanning once or a particular interval. These scheduled scans exemplify Cohesity’s commitment to automation, as Cohesity uses AI/ML-driven threat detection with carefully selected threat feeds for threat hunting.
You can also create custom YARA rules to identify advanced threats targeting your environment. To learn more about this topic, reference How to detect security threats using custom YARA rules, which includes a video on how to get started in Cohesity DataHawk.
Understand potential indicators of compromise
The Security Center displays threat detection and data classification alerts whenever security incidents occur on a Cohesity Data Cloud-managed cluster. You’ll also see updated security alerts, which provide a status of your Cohesity clusters, including encryption activity, password changes, antivirus scans, and abnormal changes in the amount of data within a backup.
If you see a change in the amount of data hosted on a server, it could be a potential IOC (Indicator of Compromise). IOCs can be network-based and can be seen by monitoring traffic, such as traffic communicating with a malicious domain or suspicious IP address. You can also detect IOCs by observing behavioral patterns in event logs, such as many failed login attempts or abnormal system activity.
File-based IOCs are typically associated with a specific file name (like encryptor.exe) or a file hash. You can use this information to understand how the threat infiltrated the environment and refine your security policies. If your organization uses an SIEM tool, you can integrate Cohesity using integration apps available on the Cohesity Marketplace.
Learn more
To learn more about Cohesity Datahawk, check out the following resources:
Cohesity DataHawk: Product Overview
Cohesity DataHawk: Product Demo
Cohesity DataHawk: Interactive Demo
Cohesity DataHawk Release Notes
