Cohesity, a world-renowned AI-driven data security company, has expanded its Cohesity Identity Resilience product portfolio offerings by adding new Identity Threat Detection and Response (ITDR) features. This new product provides a more comprehensive solution to secure, protect, as well as restore important identity infrastructure such as Microsoft Active Directory (AD) or Microsoft Entra ID from various cyber attacks.
Identity systems are still a key pillar in enterprise security and act as gatekeepers for access to critical infrastructure and data. Attackers are constantly making use of weaknesses in configuration, privilege escalation vulnerabilities, and identity control gaps to break in and increase risk levels. The move by Cohesity is seen as an answer to these issues by incorporating proactive detection tools and real-time mitigation and recovery capabilities in a single platform.
“Identity is at the heart of cyber resilience. When identity systems are compromised, the impact can be immediate and business-wide,” said Vasu Murthy, chief product officer, Cohesity. “By bringing together threat detection, automated response, and rapid recovery across Active Directory and Entra ID, Cohesity delivers an industry-leading solution with a single, unified view of hybrid identity risk. This enables organizations to reduce risk, stop identity driven attacks faster, and recover with confidence before, during, and after an attack.”
Also Read: HackerOne Establishes Industry Standard for AI Testing with Good Faith AI Research Safe Harbor
Comprehensive Identity Protection Across Hybrid Environments
Building on its established partnership with Semperis, Cohesity’s updated ITDR capabilities fuse best-in-class technologies to enhance visibility and control across both on-premises and cloud identity environments.
The solution provides:
- Pre-attack posture assessments, with deep inspection of identity configurations, detection of risky changes, and early identification of attack indicators.
- Automated response actions to immediately remediate malicious changes across AD and Entra ID, supporting custom rules, alerts, and workflows to disrupt attack progression.
- Post-attack intelligence and recovery, translating complex identity change data into natural language for fast investigation, search, rollback, and forensic analysis at the object and attribute level.
Key Enhancements in the Expanded ITDR Offering
The expanded portfolio introduces several strategic features that bolster enterprise security and operational resilience:
- Vulnerability Assessment: Continuous monitoring for indicators of exposure (IOEs) and compromise (IOCs) in AD and Entra ID, leveraging expert threat intelligence.
- Automatic Rollback: Real-time remediation that reverses malicious or risky identity changes.
- Tamperproof Tracking: Immutable logging of identity changes even if native logs are disabled or circumvented.
- Service Account Protection: Intelligent identification and protection of service accounts that are dormant, misconfigured, or excessively privileged.
- Entra ID Change Tracking: Near real-time insights into role assignments, group memberships, and user attribute changes.
- Compliance Reporting: Ready-to-use templates aligned with key regulations such as GDPR, HIPAA, PCI, and SOX.
- SIEM/SOAR Integrations: Built-in support for Splunk and Microsoft Sentinel to enrich SOC workflows and incident response.
Compared to traditional manual identity recovery workflows, the expanded ITDR offering drives measurable improvements in enterprise resilience, including:
- Up to 90% faster AD forest recovery time
- A 25% reduction in the likelihood of a successful AD attack
- 40% less time spent on manual identity monitoring
- Potential millions in operational savings through improved business continuity and reduced costs
“What we hear most from customers is how difficult identity incidents are to detect and prevent,” said Justin Hall, vice president of Strategic Partner Growth, Pellera. “Cohesity gives teams innovative solutions to spot risky identity changes early, respond automatically when needed, and cleanly recover their identity systems quickly, helping customers stay operational even in the face of sophisticated attacks.”
