In this article

As financial damage from increasingly sophisticated ransomware attacks continues to surge globally, organizations' ability to quickly respond and safeguard their data is more critical than ever. With today's median ransomware variant capable of encrypting 100,000 files in 43 minutes, attacked organizations could suffer significant data loss, resulting in operational disruption, severe financial losses and costly compliance issues.   

Fortunately, Cohesity and Cisco have developed a new, more effective approach to dealing with ransomware. Their game-changing, integrated solution provides adaptive and automated data protection capabilities that help you dramatically reduce data loss in a cyber attack.  

This capability leverages an automated threat response approach to reduce the recovery point objective (RPO), minimizing the time between the detection of the disruptive event and the protection, or backing up, of data. 

Beat Ransomware with a Seamless, Automated Cross-Functional Approach  

Cisco Extended Detection and Response (XDR) continuously monitors workloads for threats, as Cohesity DataProtect backs up production workloads based on policies designated to them that determine their RPO. 

Cisco XDR also aggregates telemetry from multiple and disparate security tools concerning the network, endpoints, and email. This enables the orchestration of incident response. It also reduces the alert fatigue that SoC teams suffer as a result of hundreds of thousands of alerts that come from their numerous security products and improves their threat response time by consolidating and correlating the information and focusing on what's most important. 

Cohesity DataProtect actively reports back to Cisco XDR backup profiles for every workload—and identifies any sensitive data in the workloads, as detected by Cohesity DataHawk.  

What Happens in the Event of a Cyber Attack 

When Cisco XDR identifies anomalies that could indicate an attack, it initiates the ransomware workflow.  It alerts Cohesity DataProtect to take immediate snapshots of the suspicious virtual machine and related critical workloads automatically protecting business-critical information at the very beginning of the attack. 

This approach allows you the opportunity to significantly reduce your RPO and data loss when recovering from a cyber incident. 

An Industry First: Combining Automated Data Protection and Recovery with Threat Detection and Response 

The integration between Cohesity and Cisco XDR—the first of its kind—adds automated data protection to the response process. 

If the attack takes hold and spreads through the network, the organization has an even more current snapshot from which they can recover. In addition, preserving snapshots of infected virtual machines can provide valuable information in a forensic investigation—protecting the rest of the data and workloads in the environment at the same time. 

If the attack is real but contained, the malware can be removed and critical workloads are recovered with minimal data loss. Even if the attack has spread, the organization can focus on accelerating recovery and reducing data loss using the automated backups taken.  

Enabling this integration empowers Security and IT teams to expedite response and recovery activities. 

Strengthening Cyber Resilience 

Clearly, this powerful solution from Cohesity and Cisco increases cyber resiliency by minimizing data loss and disruption to business processes during an attack. This strengthened relationship between cybersecurity and cyber resilience aligns perfectly with WWT's broader cyber resilience strategy, which focuses on helping organizations build strategies and approaches that anticipate, withstand, recover, and adapt.   

WWT offers services that can help you ensure that this integration will have a positive outcome as part of a larger cyber resilience approach spanning multiple silos. In addition, WWT will soon have this new integrated solution available in its Advanced Technology Center (ATC) so you can experience it with a demo or proof-of-concept (PoC). 

Adaptive and Automated Data Protection with Cohesity DataHawk and Cisco XDR is Coming Soon 

This integration will be generally available in early 2024. Enhanced capabilities will continue to be added over time. 

Learn how Cisco XDR can collect, correlate, and provide prioritized insights into security activities and incidents Request Workshop


About the Authors

Dustin Zitzmann - Profile - WWT 

Robert Geis - Profile - WWT 

Drew Kaiser - Profile - WWT 

Eleonor Lee - Profile - Cohesity