Why scan backup data when we already have security tools protecting production systems?

Malware is designed to evade detection and can remain hidden in your environment for months before being discovered. During that time, compromised files get backed up into your snapshots. If you don't scan your backup data, you risk recovering infected files back into production after an incident, essentially reintroducing the threat. Scanning backup data provides a second line of defense and ensures you have verified clean recovery points when you need them most.

How does Cohesity's threat intelligence integration help reduce recovery time?

By creating hashes of every backed-up file and comparing them against threat intelligence feeds from sources like CISA, Cohesity Red Labs, and CrowdStrike Falcon, the platform can quickly identify which snapshots contain threats and which are clean. This allows you to pinpoint the exact recovery point before the attack began, eliminating guesswork and reducing the time spent testing multiple snapshots. The hash-based approach also enables correlation with your production security tools to understand the full attack scope.

Threat Protection & Clean Data Recovery with Cohesity

Name: Threat Protection & Clean Data Recovery with Cohesity
Uploaded: 2026-03-20T17:03:53-04:00
Duration: 7 min 8 s
Description: TL;DR Cyberattack dwell time has decreased to as little as one hour, but organizations take days or weeks to detect threats, creating a critical need to scan backup data for hidden malware that evades primary detection systems. Cohesity's threat prote...

Cohesity

03/20/2026

0 (0%)

Report Like Favorite

TL;DR

Cyberattack dwell time has decreased to as little as one hour, but organizations take days or weeks to detect threats, creating a critical need to scan backup data for hidden malware that evades primary detection systems.
Cohesity's threat protection creates hashes of every backed-up file and compares them against threat intelligence from CISA, Cohesity Red Labs, and third-party feeds like CrowdStrike Falcon to identify compromised data before recovery.
The platform enables both proactive threat hunting (pre-attack) and incident response scanning (post-attack) to determine the blast radius of attacks and identify clean recovery points, reducing RTO and preventing reinfection.
Hash-based telemetry provides common indicators that can be correlated with production security tools (SIEM, EDR, network intelligence) to understand the full scope of an attack across both backup and production environments.

The Urgency of Threat Detection in Backup Data

This presentation addresses a critical gap in cyber resilience strategy: the need to scan and hunt for threats within backup data, not just production environments. Chris Hoff and Teresa Miller explain that modern cyberattacks have reduced dwell time to as little as one hour, while organizations often take days or weeks to detect and respond. The core challenge is that malware is designed to evade detection, evolve rapidly, and can remain hidden in backup snapshots for months. When organizations need to recover from an attack, they must ensure they're restoring clean data rather than reintroducing compromised files. Cohesity's approach combines malware scanning, anomaly detection, and threat hunting capabilities that work against backup data both proactively (pre-attack) and reactively (post-attack), providing organizations with the confidence that their recovery points are free from threats.

Integration with Threat Intelligence and Recovery Workflows

The platform creates a hash of every backed-up file and compares these hashes against known malicious file databases from sources like CISA and Cohesity Red Labs. Beyond internal threat intelligence, Cohesity integrates with third-party feeds including an out-of-the-box connection to CrowdStrike Falcon's threat intelligence. This integration enables early threat detection and helps determine the blast radius of an attack by tracking file propagation across snapshots. The hash-based approach provides common telemetry that can be correlated with production security tools like SIEM, EDR, and network threat intelligence platforms. By identifying which snapshots contain threats and which are clean, organizations can make informed decisions about recovery points, whether restoring directly to production or into a clean room for forensics. This visibility into backup data integrity directly reduces recovery time objectives and overall business downtime.

Chapters

0:00 - Introduction: The Speed of Modern Cyberattacks
1:09 - Enterprise Challenges: Why Scan Backup Data
3:17 - Pre-Attack: Proactive Threat Hunting
3:48 - Post-Attack: Incident Response & Clean Recovery
5:31 - Reducing RTO Through Threat Intelligence

Key Quotes

0:13 "... dwell time has been reduced to as little as one hour ..."
2:56 "... dwell time could be as little as an hour, but it could actually be that those attackers are sitting in your network for months, and then your backup data has been impacted, and you can't get back to a clean state without having done some level of work to clean that data ..."
4:39 "We create a hash of every file that we back up. And we can use that hash to compare it against known bad databases from leading vendors such as CISA or here at Cohesity Red Labs to determine whether or not a file is malicious."
5:01 "... we have an out-of-the-box integration with CrowdStrike Falcon's threat intelligence ..."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/06/2026

02:00 AM

05/06/2026

Detecting Attacks Before They Escalate into Breaches with AI's Help

https://www.truthinit.com/index.php/channel/1886/detecting-attacks-before-they-escalate-into-breaches-with-ais-help/
05/06/2026

10:00 PM

05/06/2026

World Password Day: What to Do Now That You Still Have Passwords

https://www.truthinit.com/index.php/channel/1913/world-password-day-what-to-do-now-that-you-still-have-passwords/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively.

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Existing Passwords.

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-existing-passwords/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Effective Strategies for Safeguarding Active Directory and Minimizing Data Risks

https://www.truthinit.com/index.php/channel/1888/effective-strategies-for-safeguarding-active-directory-and-minimizing-data-risks/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing AI Governance Foundations for GenAI at Every Deployment Stage

https://www.truthinit.com/index.php/channel/1936/establishing-ai-governance-foundations-for-genai-at-every-deployment-stage/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
06/02/2026

01:00 PM

06/02/2026

Spring of Satori: Insights into Our New Findings and the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-insights-into-our-new-findings-and-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/