Cohesity, the leader in AI-powered data security, today announced new, advanced Identity Threat Detection and Response (ITDR) capabilities that expand its Cohesity Identity Resilience portfolio, delivering a more comprehensive approach to securing, protecting, and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID.
Identity is foundational to enterprise security, underpinning all access. Without it, operations grind to a halt, and organisations are at risk. Attackers constantly seek to exploit misconfigurations, privilege escalation paths, and weak controls to gain access to sensitive data. Cohesity is confronting this challenge head-on with purpose-built capabilities that can proactively strengthen identity security posture, stop identity-driven attacks in real time, and accelerate recovery with precision.
“Identity-based attacks are on the rise for all UK organisations, as cybercriminals look to exploit user credentials to gain access to critical business networks and while minimising the chance of detection,” said Fraser Hutchison, VP Northern Europe at Cohesity. “Identity security must be a primary consideration for all organisations in today’s rapidly evolving threat landscape, and the expanded capabilities that Cohesity’s growing identity resilience portfolio provides will enable all our customers across every sector of the UK, to bolster their cyber resilience and better protect their most critical business asset – their data – as cyber criminals continue to escalate their use of identity based attack vectors.”
“Identity is at the heart of cyber resilience. When identity systems are compromised, the impact can be immediate and business-wide,” said Vasu Murthy, Chief Product Officer, Cohesity. “By bringing together threat detection, automated response, and rapid recovery across Active Directory and Entra ID, Cohesity delivers an industry-leading solution with a single, unified view of hybrid identity risk. This enables organisations to reduce risk, stop identity driven attacks faster, and recover with confidence before, during, and after an attack.”
A unified approach to identity resilience across Active Directory and Entra ID
Building on the momentum of Cohesity’s partnership with Semperis, the new ITDR capabilities combine industry-leading technologies for securing and recovering AD and Entra ID.
- Before an attack, Cohesity continuously inspects identity posture, detects misconfigurations, flags risky changes, and identifies identity-based attack patterns early to minimise the attack surface and shine a light on lateral movement attempts across hybrid AD environments.
- During an attack, automated remediation capabilities can immediately respond to malicious changes across AD and Entra ID and execute critical rollback actions that can’t wait for human intervention. Security teams can also build custom rules, alerts, and automated workflows to halt attackers in their tracks.
- After an attack, Cohesity helps accelerate incident response by converting complex identity change data into natural language, enabling rapid investigation, search, and rollback at the object and attribute levels. Teams can trace attacker activity, isolate and evict attackers, and prevent repeat intrusions with granular, point-in-time forensics.
New capabilities in this launch include:
- Vulnerability Assessment: Continuous monitoring of AD and Entra ID for indicators of exposure (IOEs) and compromise (IOCs), powered by expert threat intelligence.
- Automatic Rollback: Automated remediation actions that reverse malicious or risky identity changes in real time.
- Tamperproof Tracking: Immutable tracking of identity changes, even if logs are turned off or bypassed.
- Service Account Protection: Detection and remediation of dormant, misconfigured, or overly privileged service accounts.
- Entra ID Change Tracking: Near real-time visibility into role assignments, group membership changes, and user attribute modifications.
- Compliance Reporting: Pre-built templates aligned with GDPR, HIPAA, PCI, SOX, and other regulatory frameworks.
- SIEM/SOAR Integrations: Seamless connectivity with Splunk and Microsoft Sentinel to enrich SOC workflows.
When measured against pre-deployment baselines and manual identity recovery approaches, Cohesity’s expanded ITDR offering delivers measurable improvements in enterprise cyber resilience:
- 90% faster AD forest recovery time
- 25% reduction in the likelihood of a successful AD attack
- 40% reduction in time spent on manual identity monitoring
- Millions in estimated potential savings through improved business continuity and operational costs
“What we hear most from customers is how difficult identity incidents are to detect and prevent,” said Justin Hall, Vice President of Strategic Partner Growth, Pellera. “Cohesity gives teams innovative solutions to spot risky identity changes early, respond automatically when needed, and cleanly recover their identity systems quickly, helping customers stay operational even in the face of sophisticated attacks.”
The new ITDR capabilities are now available as part of the Cohesity Identity Resilience offering.
Learn more about the solution in Cohesity’s blog and listen in as Cohesity Chief Product Officer Vasu Murthy and Semperis Chief Product Officer Alex Weinert discuss industry trends and how this expanded offering is helping organisations today.
