SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Secure enterprise server room malware isolated by aisl barrier guard
#
Malware
#
Firewalls
#
Data Protection

Cohesity adds Sophos scans to backup recovery tools

Thu, 19th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Cohesity has added Sophos malware scanning to its Data Cloud platform to help customers detect malicious code hidden in backup data before restoring systems after a cyberattack.

The feature is built into Cohesity Data Cloud and included in the platform's Enterprise Edition, with no separate Sophos licence required. It is intended to identify threats that may have slipped past frontline security tools and remained dormant in backup copies.

The move reflects growing concern among security teams that ransomware and supply-chain attacks can compromise not only live production systems but also backup environments. That raises the risk of restoring infected data and triggering a second incident during recovery.

According to the companies, the Sophos engine uses signature-based detection, heuristic analysis and file emulation to inspect backup data in three situations: during routine backup operations, before restoration, and after indicators of compromise or YARA-based matches are found.

This allows customers to scan data at several stages of the recovery process rather than relying only on checks at the point of restore. The approach also includes incremental scanning of newly ingested data to reduce operational strain while maintaining a running view of backup integrity.

Backup risk

Security specialists are paying closer attention to backup repositories as attackers increasingly try to disrupt recovery plans. If malware remains undetected in stored copies, an organisation may restore systems only to reintroduce malicious code into the environment.

The integrated scanning is designed to address that problem by inspecting data at snapshot level rather than relying only on metadata analysis. Cohesity says the system can detect zero-day, polymorphic and fileless threats that may evade traditional signature-only tools.

Scan results can also be shared with SIEM and SOAR tools, allowing security operations teams to feed backup-related malware findings into broader monitoring and response workflows. That could help businesses align backup validation more closely with incident response processes.

Vasu Murthy, chief product officer at Cohesity, described the development as a joint effort between security vendors and data protection providers.

"Cyber resilience is a team sport, and our focus is on delivering the best outcomes for customers by bringing together the strongest technologies regardless of who developed them," said Vasu Murthy, chief product officer at Cohesity.

"By deeply integrating market-leading Sophos next-generation malware detection into Cohesity Data Cloud, we're giving customers a single, seamless experience that helps them uncover hidden threats in backup data and recover with confidence."

Threat feeds

The Sophos component also draws on threat intelligence from Sophos X-Ops, the company's security operations and intelligence unit. Sophos says that network spans tens of millions of endpoints and hundreds of thousands of firewalls globally, using AI-based classification to refine detection of known and emerging malware families.

The combination of intelligence feeds and malware scanning inside a backup platform points to a broader shift in cybersecurity spending, as organisations look beyond prevention and focus more on proving they can restore clean systems quickly after an attack.

For vendors, backup validation has become a more prominent area of competition as customers ask not only whether data is recoverable, but whether it is trustworthy. Pre-restore inspection is increasingly being presented as a key control in that process.

Simon Reed, chief security officer at Sophos, said attackers have shown that backup and recovery systems are no longer beyond their reach.

"Attackers are sophisticated. They have proven time and again that no environment is off limits, including what was once considered the safe haven of backup and recovery systems," said Simon Reed, chief security officer at Sophos.

"By embedding Sophos' deterministic and machine learning-based detection into Cohesity's platform, Sophos is helping customers reduce reinfection risk and recover with confidence."

Wider context

The integration also highlights how cybersecurity and backup suppliers are deepening partnerships as customers seek to reduce the number of disconnected tools used during an incident. Security teams often need to determine whether a recovery point predates compromise, whether malware remains in stored data, and whether restoration can proceed without reintroducing threats.

By embedding malware scanning directly into the backup workflow, Cohesity is trying to make those checks part of standard operational processes rather than a separate forensic step. Scans can be triggered automatically when indicators of compromise or YARA-based detections are identified, alongside always-on incremental analysis of new backup data.

For customers already using Cohesity Data Cloud Enterprise Edition, the feature expands the platform's role from data protection and recovery to malware inspection of stored copies. The capability is now available in the Cohesity platform as organisations review how to validate clean recovery points after cyber incidents.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member