Cohesity Adds CrowdStrike Threat Intelligence to Data Protection Platform

• By David Ramel
• 09/13/24

Data security provider Cohesity has integrated CrowdStrike threat intelligence to its flagship data protection platform.

Specifically, the company announced the general availability of Cohesity Data Cloud integration with CrowdStrike Falcon Adversary Intelligence. Cohesity likened this move to the "bring your own" — or BYO — model, such as in BYOD (bring your own device) scenarios. In this case, instead of employees bringing their own devices to work, organizations can bring their own threat intelligence functionality to Cohesity's data protection platform.

"Our latest collaboration with CrowdStrike, one of our inaugural Data Security Alliance partners, allows customers to bring their own (BYO) cyber threat intelligence," Cohesity said in a blog post. "The addition of CrowdStrike's world-class threat intelligence feeds, which tracks over 250 adversaries — exposing their activity, tools, and tradecraft — while incorporating indicators of compromise (IOCs), allows customers to detect the latest threats with higher fidelity and accuracy and enhance the effectiveness and efficiency of their response activities."

The move expands Cohesity's strategic partnership with CrowdStrike, a partnership that now has its own website which lists use cases for the new integration:

• Threat hunting: Integrate threat intelligence feeds from Falcon Adversary Intelligence to identify threats within your Cohesity data with higher fidelity.
• Forensic analysis and response: Use the latest threat intel feeds to hunt for threats in your backups across data centers and edge locations -- without interruptions from cyber incidents.
• Data recovery: Use the latest threat intel feeds to identify IOCs before restoration, minimizing the risk of reattack.
• Threat detection: Speed up threat detection by enriching CrowdStrike Falcon LogScale logs with data security insights on anomalies, sensitive data, and threats within your Cohesity data.

Cohesity said Falcon Adversary Intelligence delivers custom IOCs derived from the automated analysis of threats that reach an organization's endpoints. One bit of functionality highlighted in the announcements is the ability to run threat hunts on backup copies of data, which lets organizations stealthily investigate where the attacker has persistence. The ability to investigate out-of-band helps prevent adversaries from enacting countermeasures, the company said. Because detection occurs on secondary data rather than the host itself, Cohesity's ability to discover IOCs is not impacted by incident containment activities that might isolate hosts and networks.

"By implementing Cohesity's clean room design and integrated tooling, customers gain specialized forensic capabilities to analyze malware, investigate breaches, and understand attack vectors without risking contamination of their broader IT environment," the company said in a news release.

"Elevating your organization's threat detection and response is crucial in today's threat environment, especially with AI at the disposal of cyber adversaries," commented Cohesitys CTO Craig Martell, in a statement. "Secondary data estates offer a perfect opportunity for minimizing attackers' advantages and, together with CrowdStrike, our customers can enhance their threat hunting and response and while also automating defenses across their security stack."