Cohesity announced the availability of next-generation malware scanning powered by Sophos, integrated natively into Cohesity Data Cloud. Cohesity Data Cloud is the first and only data security platform to embed next-generation antivirus malware detection alongside advanced threat intelligence feeds, enabling organisations to detect malware that bypasses primary defences and validate clean recoveries after cyberattacks.
As ransomware and supply-chain attacks grow more sophisticated, malware is increasingly present in backup data, creating the risk of reinfection during recovery. Cohesity’s Sophos-powered scanning detects zero-day, polymorphic, and fileless threats that evade signature-based tools. The feature is included with Cohesity Data Cloud Enterprise Edition and does not require a separate Sophos license.
“Cyber resilience is a team sport, and our focus is on delivering the best outcomes for customers by bringing together the strongest technologies regardless of who developed them,” said Vasu Murthy, chief product officer, Cohesity. “By deeply integrating market-leading Sophos next-generation malware detection into Cohesity Data Cloud, we’re giving customers a single, seamless experience that helps them uncover hidden threats in backup data and recover with confidence.”
Mazin Bayado, Technical Leader – Middle East, Cohesity, said: “In the Middle East, where cyber threats are increasing in scale and sophistication, organisations also face growing challenges around supporting cloud data to be safely replicated to secure on-premises environments—helping customers reduce reinfection risk and maintain control over their data. By embedding advanced malware scanning into Cohesity Data Cloud, we’re enabling continuous validation of clean recovery points so operations can be restored with confidence.”
The Sophos-powered engine uses signature-based detection, heuristic analysis, and file emulation techniques to inspect backups in three scenarios: during routine backups, before restoration, and after indicators of compromise (IOCs) or YARA-based matches are detected.
Incremental scanning of newly ingested data minimises operational overhead while maintaining visibility into backup integrity. Triggered and pre-restore scans validate trusted recovery points when risk is identified. The result is deep, snapshot-level inspection far beyond approaches that rely solely on metadata.
Sophos X-Ops draws on one of the industry’s most extensive threat intelligence networks,
spanning tens of millions of endpoints and hundreds of thousands of firewalls globally, using AI-powered classification to continuously sharpen detection of known and emerging malware families.
“Attackers are sophisticated. They have proven time and again that no environment is off limits, including what was once considered the safe haven of backup and recovery systems,” said Simon Reed, chief security officer, Sophos. “By embedding Sophos’ deterministic and machine learning-based detection into Cohesity’s platform, Sophos is helping customers reduce reinfection risk and recover with confidence.”
Key benefits of the new Sophos-powered malware scanning include:
Advanced threat detection: Identifies known, unknown, and zero-day threats through heuristic and behavioral analysis
Operational efficiency: Always-on incremental scanning, with automated scans triggered by IOC or YARA-based detections
Clean recovery assurance: Pre-restore inspection to prevent reinfection and reduce recovery risk
SOC integration: Shares scan results with SIEM and SOAR tools for centralised visibility and response
The addition of Sophos next-generation malware scanning further differentiates Cohesity as a leader in incident response and recovery, delivering one of the industry’s most comprehensive data security platforms. Learn more about Cohesity Data Cloud threat protection capabilities.
Visit Cohesity at RSAC 2026, March 23-26, in booth #N-6271 and Sophos in booth #6477.
Discussion about this post