Cohesity CyberScan Checks Backup Data to Look for IT System Vulnerabilities
Cohesity’s new CyberScan application allows business IT departments to scan and search their Cohesity DataPlatform backups for security vulnerabilities instead of having to run scans on live production copies, which is typically not done as frequently.
By scanning the backups, businesses can more carefully track and find IT vulnerabilities because of inherent hesitations to shut down production systems to perform such monitoring, Raj Dutt, director of product marketing for Cohesity, told Channel Futures. The scans can identify vulnerabilities across an organization’s IT environment, including operating systems, computers, network devices and configurations.
Business IT administrators get a global view of all vulnerabilities using a concise security dashboard that displays actionable recommendations on how to address exposures before they can be exploited by hackers.
CyberScan is an on-premises application installed in a company’s data center to work with the Cohesity DataPlatform. It uses Tenable.io vulnerability management scanners to scour IT systems and find and identify exposures against regularly published vulnerability reports logged within the public Common Vulnerabilities and Exposures (CVE) database.
“Organizations have been unable to scan for configuration vulnerabilities as much as they should and as frequently as they should as needed in production environments,” said Dutt. “They only scan periodically,” which can allow known vulnerabilities to remain unpatched for extended periods of time.
To make more frequent vulnerability scans possible, CyberScan looks at the backup data companies already have since they are just sitting there unused, he said.
“If you can’t do it on the production environment, why not leverage it on the backup copy that is sitting idle?”
By scouring the backups, companies can then return to their production environments and make needed fixes as they are discovered, which will help to keep those systems healthier, he said.
“It’s augmenting what a typical organization is doing,” said Dutt. “If they typically have weekly vulnerability scan runs, which is not bad actually, this will let it happen more often” by using the backup data. Since backups are usually done on a daily basis, the data is there and freshly available for scanning without any impacts on production environments.
In addition, CyberScan is making those expensive backups more useful for a business and giving them the chance to constantly test the backups to be sure they work properly, he said. “In the past, backups were only used for recovery as expensive insurance policies. Now we are making backups useful.”
Tenable.io, which provides the vulnerability scans, is a software-as-a-service platform that aggregates publicly published vulnerabilities to scan for issues. Inside CyberScan, Tenable.io works to scan the backups and identify and flag issues for correction.
For channel partners, Cohesity CyberScan expands vulnerability oversight for customers, giving them another tool to help protect user IT systems, said Dutt.
“It also helps to expand the total addressable market to get into new markets,” such as additional security capabilities for managed services providers and more.
Jerrod Janes, senior director of the advanced solutions group of SHI International, a VAR channel partner, said the new CyberScan feature from Cohesity is …