[PDF] Inside The Cohesity Redlab Rigorously Testing Real World Resilience Of Cohesity Products En

WHITE PAPER Cohesity REDLab: Rigorously testing the real-world resilience of Cohesity products Validating and advancing malware defense with real-world threats in a secure lab TABLE OF CONTENTS Executive Summary 3 Validating Ransomware Protection with REDLab 4 Threat-Testing Cohesity NetBackup 5 Threat-Testing Cohesity DataProtect 7 Staying Ahead of the Curve 8 Recommended Reading 9 Cohesity REDLab Table of Contents | 2 Executive Summary Malware and ransomware show no signs of slowing. Their To meet this challenge, we built the Cohesity REDLab—a persistent evolution presents a formidable challenge for proprietary lab where we rigorously test and validate our cybersecurity and data protection professionals. solutions against real-world threats. Our REDLab is an air-gapped environment designed to allow full-spectrum Malicious actors increasingly use the very tools and threat testing while protecting Cohesity infrastructure. We resources designed to defend against them. When use deep validation insights to continually evaluate and successful, they can breach, threaten, and extort enhance the data security capabilities of our NetBackup organizations. Staying ahead calls for a dynamic, proactive and DataProtect solutions, so your data, operations, and approach to data security—one that evolves as quickly as reputation remain protected. threats do. Cohesity REDLab Executive summary | 3 Validating Ransomware Protection with REDLab Ransomware protection features are critical elements From secure malware handling procedures to debugging of our portfolio. In our design process, we initially used and system rebuilds, REDLab has become a cornerstone of publicly available research and quickly realized that we our product security and cyber resilience innovation. Our needed more specific information and firsthand insights to core work includes: maximize the efficiency of our solutions. To build stronger • Performing malware research and monitoring threat defenses and more effective recovery capabilities, we actors, attack trends, and new techniques. needed to study ransomware behavior in controlled, real- time scenarios. • Collecting real malware and exploit kits from global honeypots, sandboxes, and intelligence feeds. That’s where REDLab comes in. • Detonating malware against Cohesity products in REDLab is Cohesity’s proprietary lab where we rigorously controlled environments. test the real-world resilience of our products using live malware, advanced exploits, and modern attack techniques. • Analyzing the malware kill chain with real malware. It’s staffed by a dedicated team of senior security engineers • Curating, developing, and updating detection and researchers. The team was supported by an external mechanisms. consulting team with more than 100 years of combined experience to validate our initial REDLab tests. • Writing a product-specific fuzzer program to expose vulnerabilities. Our first task was to verify our claims about ransomware resilience. The REDLab team performed simulated and • Benchmarking detection accuracy and performance. real ransomware attacks on Cohesity NetBackup and • Collaborating with engineering teams to improve security NetBackup Appliances. These findings shaped how we capabilities like threat detection logic and recovery assess ransomware detection capabilities and strengthen capabilities. the protection of data. The tests also gave us a new perspective into the inner workings of ransomware itself. In today’s dynamic threat landscape, it’s critical that we test 94% of organizations against all possible threat vectors to confirm the resilience hit by ransomware and stability of our products. REDLab allows us to do just that—ensuring our solutions can withstand evolving threats in the past year said that the while allowing us to develop and deliver new capabilities cybercriminals attempted to efficiently. Through this initiative, we’ve deepened our understanding of the requirements for infrastructure, compromise their backups during applications, ransomware identification, and debugging. It also helped us define how to simulate disaster recovery the attack.* scenarios, as well as how to maintain, clean up, and quickly rebuild systems. REDLab enables us to consistently provide industry-leading ransomware protection. * The State of Ransomware 2024, Sophos Cohesity REDLab Validating Ransomware Protection with REDLab | 4 Threat-Testing Cohesity NetBackup At Cohesity, our development teams are dedicated Secured access controls to continuously improving malware detection, threat NetBackup offers role-based access, single sign-on, and prevention, and overall data protection. To prepare for customizable authentication. rigorous threat-testing of NetBackup in REDLab, we hardened the entire NetBackup stack, then selected several Detect of the top 30 most disruptive malware samples seen from recent years. These were injected into multiple production- Integrated malware scanning like datasets, inc