Cohesity Helios is now integrated into the Cisco SecureX security platform, aiming to help customers identify, respond to and recover from ransomware attacks more quickly by combining backup and security functions.
The ransomware alerts and context around backup systems found in Cohesity DataProtect can now be displayed in Cisco SecureX's interface through the latter's connection with Helios, Cohesity's cloud-based data management platform.
This unified visibility helps customers identify and respond to ransomware attacks more quickly, as they can initiate a recovery directly from SecureX without going through Helios.
One customer, Sky Lakes Medical Center, was able to thwart a ransomware attack because it had Cohesity DataProtect running on Cisco UCS (Unified Computing System). This implementation guided Cohesity's development of the Cohesity-Cisco integration.
Cisco SecureX is a cloud platform that connects every Cisco Secure cybersecurity product, such as Secure Email and Secure Endpoint, in a customer's environment, displaying important security-related information on a unified interface. Cisco claims SecureX's simpler management tools enable companies to respond to threats faster.
Cohesity Helios is the backup vendor's cloud platform that unifies its data protection and management products and services, including its core product, Cohesity DataProtect. DataProtect has a handful of anti-ransomware features such as immutable backups and AI-powered anomaly detection. The latter capability allows the software to determine when the last clean backup copy was taken and provides context to when the backup system was breached.
This information can now be displayed in SecureX following the integration.
Data security operations are disjointed for many organizations, said Sanjeev Desai, senior director of solutions marketing at Cohesity.
Ransomware requires coordination between IT, security and networking teams, but each department has its own narrow scope and anti-ransomware tools that rarely share intelligence and context between them, Desai said. This leads to inefficiency, which organizations can't afford when they're scrambling to get everything back up and running after an attack.
"There is broad consensus that ransomware doesn't discriminate and is the most disruptive type of cyberattack in terms of downtime," he said. "This is a boardroom-level concern for organizations around the world."
The integration between Cohesity and Cisco SecureX gives everyone the same data security context, enhancing collaboration between peers across IT departments, Desai added.
Joint Cisco SecureX and Cohesity DataProtect customers can start using Cohesity through Cisco SecureX immediately. SecureX comes with every Cisco Secure product, and DataProtect is available on Cisco's global price list.
The partnership between Cohesity and Cisco is not exclusive on either end, and it's possible Cohesity will integrate with other SecureX-like platforms in the future, Desai said. Other data protection vendors have partnered or integrated their products with security vendors, including Arcserve with Sophos, Druva with FireEye, and Carbonite with Webroot through an acquisition. Carbonite itself was then acquired by OpenText in November 2019.
Saving data, saving lives
Sky Lakes Medical Center's implementation of a joint Cisco-Cohesity system was instrumental in developing the integration between SecureX and Helios, according to Desai. Two years ago, the nonprofit hospital located in Klamath Falls, Ore., replaced its aging data center infrastructure with hyperconverged infrastructure through Cisco HyperFlex and its Commvault backup system with Cohesity. The setup allowed it to endure a ransomware attack in October 2020 without having to pay off the attackers.
The ransomware attack encrypted every Windows-based workload at Sky Lakes. Using Cohesity DataProtect, the hospital was able to restore a safe backup copy of its Active Directory database and deliver backup copies of NAS shares directly from the Cohesity cluster, allowing work to continue even while primary infrastructure was down, according to John Gaede, director of information systems at Sky Lakes Medical Center.
"Cohesity saved us," Gaede said.
He had chosen Cohesity backup rather than other products because of how simple and fast it was, Gaede added. The difference between Commvault and Cohesity was "night and day," as setting up backups and managing policies on Commvault required much more micromanagement.
Sky Lakes still keeps its Commvault system running because it contains backups from before the Cohesity purchase, but no new backups are written with it, Gaede said.
Sky Lakes would have had a bigger problem had it relied on just Commvault, said Nick Fossen, Sky Lakes' manager of technology systems.
As it is Windows-based, Commvault was caught in the blast radius of the ransomware attack and became encrypted -- the team would've first had to figure out how to get it working again, Fossen said.
Nick FossenManager of technology systems, Sky Lakes Medical Center
The new integration between Cisco and Cohesity will make everyone's lives at the hospital's IT department easier, he added. Cohesity's backup and restore functions weren't the bottleneck during the ransomware incident -- validating the backups and making sure they were clean delayed the recovery. Adding a security element to the backup process would help ensure the backups being restored weren't compromised, Fossen said.
"We don't have time to go around looking for security issues or worrying about whether our backups will restore," Fossen said.
Johnny Yu covers enterprise data protection news for TechTarget's Storage sites SearchDataBackup and SearchDisasterRecovery. Before joining TechTarget in June 2018, he wrote for USA Today's consumer product review site, Reviewed.com.