BANDF AD
Cohesity has increased its Identity Resilience functionality to better protect Microsoft’s Active Directory and Entra ID.
The Cohesity Identity Resilience on-prem Active Directory (AD) protection, plus Entra ID in the cloud, was announced in September last year. It relied on a partnership with Semperis, which provided automated forest recovery and identity protection tools. Entra ID was rebranded from Azure AD in 2023. Many organizations use both Active Directory and Entra ID in a hybrid user identity management scheme.
BANDF AD
Vasu Murthy, Cohesity’s Chief Product Officer, said: “Identity is at the heart of cyber resilience. When identity systems are compromised, the impact can be immediate and business-wide. By bringing together threat detection, automated response, and rapid recovery across Active Directory and Entra ID, Cohesity delivers the industry’s only solution with a single, unified view of hybrid identity risk.”
Cohesity tells us identity is foundational to enterprise security, underpinning all access. Once they gain a user’s identity credentials, attackers can “exploit misconfigurations, privilege escalation paths, and weak controls to gain access to sensitive data.”
It is adding new Identity Threat Detection and Response (ITDR) capabilities that function before, during, and after an identity capture attack:
- Continuous identity system inspection to find misconfigurations, doubtful changes, and identity-based attack patterns, such as lateral movement attempts across hybrid AD environments. Inspections look for indicators of exposure (IOEs) and compromise (IOCs), powered by expert threat intelligence. They include detection and remediation of dormant, misconfigured, or overly privileged service accounts.
- Continuous change tracking with immutable tracking of identity changes, even if logs are turned off or bypassed. There is near real-time visibility into role assignments, group membership changes, and user attribute modifications in Entra ID.
- A detected attack generates immediate automated remediation capabilities across both Active Directory and Entra ID. These can use custom rules, alerts, and automated workflows built by security teams, such as critical rollback actions that can’t wait for human intervention.
- After an attack, Cohesity’s software converts “complex identity change data into natural language, enabling rapid investigation, search, and rollback at the object and attribute levels. Teams can trace attacker activity, isolate and evict attackers, and prevent repeat intrusions with granular, point-in-time forensics.”
BANDF AD
There are pre-built templates aligned with GDPR, HIPAA, PCI, SOX, and other regulatory frameworks for compliance reporting, plus “seamless connectivity with Splunk and Microsoft Sentinel to enrich SOC (Security Operations Center) workflows.”
All this, Murthy concludes, “enables organizations to reduce risk, stop identity-driven attacks faster, and recover with confidence before, during, and after an attack.”
Cohesity suggests that with its new ITDR capabilities, there is a 25 percent reduction in the likelihood of a successful AD attack, a 40 percent reduction in time spent on manual identity monitoring, through secure automated intelligence application, and “millions in savings through improved business continuity and operational costs.”
The new ITDR capabilities are now available as part of the Cohesity Identity Resilience offering.
BANDF AD
Bootnote
An Active Directory forest is the top-level structure that represents a collection of one or more domains – groups of objects (users, computers, etc.) that share a common schema, configuration, and global catalog, forming a single security and administrative boundary. Domains in a forest can be organized hierarchically into trees.
Cohesity competitor Rubrik partners with CrowdStrike for identity security, and covers Active Directory, Entra ID, and Okta. Cohesity has a partnership with CrowdStrike, as do Commvault and Veeam, who also protect Active Directory and Entra ID.
