Detection, data management and vaulting are all present in Cohesity’s new Datahawk SaaS application. Credit: Huawei Backup and data management vendor Cohesity has started to preview a new ransomware protection SaaS product called Datahawk, which leverages AI and a host of other capabilities to help companies defend their data against bad actors.There are three core components to Datahawk, according to Cohesity. The first is a ransomware detection engine that uses deep learning to quickly scan for anomalous behavior, potential threats and other indicators of possible ransomware attacks. This system works via a preset list of indicators of concern, which, the company said, will be updated daily.The second is a data classification engine that uses technology from partner BigID to automatically discover and categorize data across even very large storage arrays. This is an important first step for ransomware protection, as many organizations don’t yet have visibility into their entire storage infrastructure. The data classification engine also helps with compliance, bringing with it predefined policies for PCI, GDPR, HIPAA and more.Finally, Datahawk offers a cybervaulting solution, keeping offsite backups of critical data in a Cohesity-managed cloud system. The vault is protected by a “virtual air gap,” which is Cohesity’s term for careful access control between the client’s systems and the company’s data vault. AI and machine learning aren’t unique to Cohesity’s new offering, according to Evaluator Group analyst Randy Kerns, but their use in ransomware is still relatively uncommon.“There have been a number of new approaches for ransomware detection that use analytics to train detection algorithms for understanding and identifying threats and tak[ing] action,” he said. “Analysis has been employed for some time but the AI engine is relatively new.” The real selling point of Datahawk, Kerns said, is in the overall impact of its several subsystems, not in any particular feature. The combination of capabilities under one “roof” is the key value-add for security teams.“[The most important feature] is the integration of different protection elements from different software vendors that are working on detecting and recovering from ransomware,” he said. “It is significant to recognize that integrating and coordinating the different elements in detection and prevention is additive for overall cyber-resilience.”The target market for Datahawk is broad-based, Kerns noted, reflecting the SaaS nature of the product. Datahawk is currently available on an early access preview basis, and Cohesity said that general availability is planned for “the coming months.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe