Cohesity previews AI-powered ransomware protection suite, Datahawk

Backup and data management vendor Cohesity has started to preview a new ransomware protection SaaS product called Datahawk, which leverages AI and a host of other capabilities to help companies defend their data against bad actors.

There are three core components to Datahawk, according to Cohesity. The first is a ransomware detection engine that uses deep learning to quickly scan for anomalous behavior, potential threats and other indicators of possible ransomware attacks. This system works via a preset list of indicators of concern, which, the company said, will be updated daily.

The second is a data classification engine that uses technology from partner BigID to automatically discover and categorize data across even very large storage arrays. This is an important first step for ransomware protection, as many organizations don’t yet have visibility into their entire storage infrastructure. The data classification engine also helps with compliance, bringing with it predefined policies for PCI, GDPR, HIPAA and more.

Finally, Datahawk offers a cybervaulting solution, keeping offsite backups of critical data in a Cohesity-managed cloud system. The vault is protected by a “virtual air gap,” which is Cohesity’s term for careful access control between the client’s systems and the company’s data vault.

AI and machine learning aren’t unique to Cohesity’s new offering, according to Evaluator Group analyst Randy Kerns, but their use in ransomware is still relatively uncommon.

“There have been a number of new approaches for ransomware detection that use analytics to train detection algorithms for understanding and identifying threats and tak[ing] action,” he said. “Analysis has been employed for some time but the AI engine is relatively new.”

The real selling point of Datahawk, Kerns said, is in the overall impact of its several subsystems, not in any particular feature. The combination of capabilities under one “roof” is the key value-add for security teams.

“[The most important feature] is the integration of different protection elements from different software vendors that are working on detecting and recovering from ransomware,” he said. “It is significant to recognize that integrating and coordinating the different elements in detection and prevention is additive for overall cyber-resilience.”

The target market for Datahawk is broad-based, Kerns noted, reflecting the SaaS nature of the product. Datahawk is currently available on an early access preview basis, and Cohesity said that general availability is planned for “the coming months.”