Cohesity boosts identity resilience for hybrid AD, Entra

Cohesity has added new identity threat detection and response functions to its Identity Resilience portfolio, focusing on Microsoft Active Directory and Microsoft Entra ID.

The company said the update covers assessment, detection, response and recovery for identity systems. It positions the additions as a way to manage misconfigurations and monitor for malicious activity that targets credentials and privileged access.

Identity platforms such as Active Directory and Entra ID control user access across corporate systems. Security teams often treat them as critical infrastructure because attackers use them for lateral movement and privilege escalation after an initial compromise.

"Identity is at the heart of cyber resilience. When identity systems are compromised, the impact can be immediate and business-wide," said Vasu Murthy, Chief Product Officer, Cohesity.

Murthy said the company now combines detection, response automation and recovery processes across Active Directory and Entra ID. "By bringing together threat detection, automated response, and rapid recovery across Active Directory and Entra ID, Cohesity delivers an industry-leading solution with a single, unified view of hybrid identity risk. This enables organisations to reduce risk, stop identity-driven attacks faster, and recover with confidence before, during, and after an attack," he said.

Unified coverage

Cohesity linked the launch to its partnership with Semperis, which works in the Active Directory security and recovery market. Cohesity said the latest ITDR functions focus on hybrid identity environments, where organisations run on-premises Active Directory alongside cloud identity services such as Entra ID.

The company described its approach in three phases. Before an incident, it said the platform inspects identity posture and detects misconfigurations and risky changes. It said it also identifies patterns associated with identity-based attacks.

During an incident, Cohesity said automation can respond to malicious changes across Active Directory and Entra ID. It said the system can execute rollback actions without waiting for human approval. It also said security teams can create custom rules, alerts and automated workflows.

After an incident, Cohesity said it converts identity change data into natural language for investigation and search. It said teams can roll back changes at the object and attribute level. It said incident responders can trace attacker activity and run point-in-time forensics.

New functions

Cohesity listed several additions in the release. It said Vulnerability Assessment provides continuous monitoring of Active Directory and Entra ID for indicators of exposure and compromise, using threat intelligence.

It said Automatic Rollback can reverse malicious or risky identity changes in real time. It said Tamperproof Tracking records identity changes in an immutable format, including scenarios where logs are disabled or bypassed.

Cohesity also highlighted Service Account Protection. It said the tool detects and remediates dormant, misconfigured or over-privileged service accounts. For Entra ID, it said Change Tracking provides near real-time visibility into role assignments, group membership changes and user attribute modifications.

The company said it has added Compliance Reporting with templates aligned to GDPR, HIPAA, PCI and SOX, among other frameworks. It also pointed to SIEM and SOAR integrations with Splunk and Microsoft Sentinel.

Claims and market

Cohesity attached performance and cost claims to the update. It said organisations can see a 90% faster Active Directory forest recovery time, a 25% reduction in the likelihood of a successful Active Directory attack, and a 40% reduction in time spent on manual identity monitoring. It also cited "Millions in estimated potential savings through improved business continuity and operational costs."

Australian organisations have increased focus on identity security in response to attacks that use stolen credentials and "living off the land" techniques. Identity systems also sit at the centre of many ransomware incidents, because attackers often seek to manipulate directory services to lock out administrators and maintain persistence.

"Identity-based attacks are on the rise for Australian organisations, as cybercriminals are now exploiting valid user credentials to gain access across different IT networks and evade detection," said James Eagleton, Managing Director, ANZ, Cohesity.

Eagleton said organisations should treat identity resilience as a core control. "Identity resilience should never be an afterthought in today's threat landscape. The expanded capabilities of Cohesity's identity resilience portfolio will enable organisations to bolster their cyber resilience and address the gaps of traditional security models - which are no longer effective - as identity breaches continue to escalate," he said.

Channel partners also highlighted operational challenges around identity incidents, including visibility into changes across multiple identity stores and the effort involved in reversing malicious modifications.

"What we hear most from customers is how difficult identity incidents are to detect and prevent," said Justin Hall, Vice President of Strategic Partner Growth, Pellera. "Cohesity gives teams innovative solutions to spot risky identity changes early, respond automatically when needed, and cleanly recover their identity systems quickly, helping customers stay operational even in the face of sophisticated attacks."

Cohesity said the ITDR functions are available now as part of the Cohesity Identity Resilience offering.