SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Anz enterprise datacenter cloud ransomware protection shield
#
Malware
#
Data Protection
#
DR

Cohesity, Google Cloud boost backup threat detection

Fri, 6th Feb 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Cohesity has added new threat protection features to its Data Cloud platform through an expanded partnership with Google Cloud. The update includes embedded Google Threat Intelligence views and malware detonation using Google Private Scanning.

The changes target threats that can sit undetected in backup repositories. The companies said attackers use "low-and-slow" techniques to evade traditional controls and later trigger reinfection during recovery.

Threat intelligence

The update brings Google Threat Intelligence data into the Cohesity Data Cloud interface, including indicators of compromise, reputation information, and analysis linked to Mandiant's incident response work.

Security and IT teams can review suspicious files using these signals inside the same console used for backup and recovery. Cohesity said this reduces reliance on separate tools and manual handoffs between teams.

Traditional backup security often relies on static signatures, external scanning tools, or manual review. Cohesity positioned its approach as intelligence-led malware analysis integrated into the cyber resilience workflow, focused on identifying threats already copied into historical backups.

The announcement comes amid continued pressure from ransomware, supply-chain compromises, and polymorphic malware. These threats can involve changing payloads and extended dwell times, reducing the effectiveness of signature-based detection. Cohesity argued that this makes it more important to inspect older data sets held for recovery and compliance.

Sandbox scanning

A second feature adds what Cohesity calls secure sandbox analysis using Google Private Scanning. The workflow detonates suspicious files in an isolated environment and reports behavioural findings back to the user.

Cohesity said the reporting can include potential system changes, network activity, registry modifications, and other payload behaviours. The aim is to help teams decide whether files should be restored or quarantined.

Cohesity also positioned Google Private Scanning as a way to maintain data privacy and sovereignty during analysis. It said scanning occurs in a private environment, avoiding exposure of sensitive backup data to shared or third-party infrastructure.

"Undetected malware hidden in backup data can both reinfect restored systems and, when properly scanned, reveal low-and-slow attacks that evade traditional detection," said Vasu Murthy, chief product officer at Cohesity. "By integrating Google Threat Intelligence, including Google Private Scanning, directly into the interface of Cohesity Data Cloud, we're giving customers exceptional visibility and context into potential threats and powerful new ways to assess and eliminate risk-without fragmenting workflows or introducing operational complexity."

Recovery decisions

The changes move threat assessment closer to the point of recovery, where teams decide what data to restore and when. Backup systems can be attractive hiding places because they often contain broad snapshots of file systems and application data over long periods.

That history can preserve malicious files even after an organisation removes them from production. If teams later restore from an infected backup set, the malware can return. Cohesity said the new workflow aims to reduce that risk by providing threat context and sandbox results before restoration.

Google Cloud said the integration reflects a trend of attackers hiding malicious payloads outside areas covered by typical security controls.

"At Google Cloud, we understand firsthand how attackers hide malicious payloads in places traditional security tools never look-including backups," said Miton Adhikari, head of security OEM partnerships at Google Cloud. "By embedding Google Threat Intelligence and private sandboxing directly into Cohesity's cyber resilience platform, organisations can detect what others miss and recover with greater speed and confidence."

Broader roadmap

The partnership also includes Cohesity FortKnox, a managed cyber vault product available on Google Cloud. Cohesity described FortKnox as maintaining an isolated, air-gapped copy of critical data for recovery scenarios where primary environments and traditional backups are compromised.

In Australia and New Zealand, Cohesity emphasised operational simplification for teams managing multiple security and IT tools.

"One of the biggest challenges for security and IT teams in ANZ today is the complexity of managing uncoordinated tools and solutions," said James Eagleton, ANZ managing director at Cohesity. "By combining Cohesity's AI-powered platform with Google's industry-leading threat intelligence, we can help to simplify workflows - significantly improving our customers' ability to detect, analyse, and eliminate hidden threats, moving them from reactive to proactive threat intelligence."

Cohesity said the embedded Google Threat Intelligence and secure sandbox analysis features are now generally available in Cohesity Data Cloud. The offering is also listed on Google Cloud Marketplace.

Related stories
Fime opens Melbourne lab to bolster SoftPOS security
Object First triples growth on ransomware-proof backups
Telehouse Europe appoints Chris Lamb as Enterprise Director
Study finds 28,000 fake domains mimic top websites
Bitsight unveils dark web tool to secure supply chains

Top stories

Kyndryl unveils policy-as-code guardrails for AI agents
Genetec adds case investigation tools to Security Centre SaaS
Gigamon named 2026 public sector observability leader
SmarterMail flaw exploited in China-linked ransomware push
Hackers ditch noisy ransomware for stealthy data theft