Overview

Dasera is a data security posture management (DSPM) platform that automates data security and governance controls, on-prem and in your cloud, to protect your data throughout its entire journey. We provide visibility, control, and remediation for structured, semi-structured, and unstructured data across cloud and on-prem databases, data lakes, and data warehouses. With Dasera, you get robust Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Detection and Response (DDR), enhancing compliance and audit readiness.

Follow these instructions to easily integrate Cohesity and Dasera, incorporating the latter’s DSPM insights to identify gaps in your data protection program and ensure the safeguarding of your most sensitive assets.

More information on this integration is available on the Cohesity Marketplace.

Integration Overview and Benefits

Managing and securing data across dispersed environments is a significant challenge in today's complex data landscape. Dasera, joining Cohesity’s Data Security Alliance, provides a unified solution that revolutionizes data security posture management (DSPM) and data protection across multi-cloud and on-premises infrastructures.

Our collaboration integrates Dasera’s robust DSPM capabilities with Cohesity’s AI-powered data security and management platform. This synergy offers a consolidated view of your data estate, enhancing compliance and mitigating risks.  For example, this integration can reveal previously uncovered data assets with personally identifiable information (PII) that were not backed up. This information enables IT backup administrators to adjust protection priorities and provides security teams with the data to fulfill their protection mandates effectively.

There are many key benefits:

• Enhanced Data Discovery: Automate sensitive and critical data detection across cloud, on-prem, and hybrid environments, improving oversight and control of your data landscape.
• Resilient Data Security Posture: Proactively identify and rectify vulnerabilities within cloud workloads, ensuring comprehensive data protection and swift incident recovery.
• Advanced Risk and Compliance Reporting: Strengthen your cybersecurity frameworks with enhanced risk assessments and compliance reporting, building a more resilient and secure data infrastructure.

…which lead to several core advantages and value outcomes:

• Unified Data Visibility and Control: Comprehensive monitoring of all data assets, enhancing governance and risk management.
• Enhanced Data Security and Compliance: Improved defense against cyber threats and simplified compliance with regulatory standards such as GDPR and CCPA.
• Optimized Data Protection Strategies: Cohesity's scalable backup and disaster recovery solutions complement Dasera’s classification and protection of overlooked data assets.
• Proactive Risk and Configuration Analysis: Identification of misconfigurations and security gaps with immediate remediation capabilities, ensuring data integrity and security.
• Streamlined Operational Efficiency: Reduction in manual efforts and minimized risks, accelerating the time-to-value for data management initiatives.

Supported Services

The Dasera / Cohesity integration supports the following services:

• AWS RDS
  • MariaDB
  • MySQL
  • Oracle
  • PostgreSQL
  • SQL Server
  • Aurora
• AWS S3

Setting Up Dasera

If you don't already have access to Dasera, please email support@dasera.com and include the following information:

• Your request for a new Dasera-hosted application
• The full name and email address for the user you wish to be application administrator

Your assigned support representative will respond with the following:

• Details on how to access your new Dasera application.  
• A link for accessing our private knowledge base.

Generate Cohesity API Key

Within your Dasera instance, click on Administration → Integrations from the left-hand navigation. A drawer will open with instructions for connecting with Cohesity. 

Follow the links to the Cohesity console to sign in and access the API Keys tab under Access Management. After inputting a name and generating an API Key, copy and paste the value into the Cohesity API Key field pictured above.

Click Connect to complete the connection and start integrating with Cohesity. You can also disconnect at any time by editing the connection and clicking Disconnect from the Integrations page. You'll see a popup to confirm Cohesity data removal upon disconnecting.

Configuring Dasera

Once you have access, there are two main configuration activities to perform in Dasera. Once complete, information will flow between systems:

1. Onboard your AWS Infrastructure Connections
2. Connect your data stores

Links to specific knowledge base articles are included below, or you can email support@dasera.com for assistance.

Onboard Infrastructure Connections

Unlike Cohesity, which connects to AWS using AWS KMS keys, Dasera connects to AWS using IAM roles. This is necessary to provide us with the full permissions necessary to fully-analyze your data stores and provide accurate classification. These roles can be created using either CloudFormation or Terraform.

Each AWS account you onboard as a Cohesity Source must also be onboarded as a matching Dasera Infrastructure Connection. See the following articles for specific steps, depending on your preferred tool (be sure to first authenticate to our KB using the link provided by Dasera support):

• Onboarding AWS Infrastructure via CloudFormation
• Onboarding AWS Infrastructure via Terraform

Once your AWS accounts are connected, Dasera will then auto-discover your AWS data stores and ingest any associated AWS tags.  

Connect Data Stores

Each data store you wish to monitor in the Cohesity Security Center must also be connected as a matching Dasera Data Store. See the following articles for specific steps (be sure to first authenticate to our KB using the link provided by Dasera support):

• Connecting to AWS S3 Data Stores
• Connecting to AWS RDS MariaDB Data Stores
• Connecting to AWS RDS MySQL Data Stores
• Connecting to AWS RDS Oracle Data Stores
• Connecting to AWS RDS PostgreSQL Data Stores
• Connecting to AWS RDS SQL Server Data Stores
• Connecting to AWS Aurora MySQL Data Stores
• Connecting to AWS Aurora PostgreSQL Data Stores

Once your data stores are connected, Dasera will analyze and classify their fields based on a number of different signals and inputs. This activity includes applying Data Tags to better describe your data stores. For example, if we detect healthcare-related data, we might tag the data store with “HIPAA” and “PHI.”

More information on how classification works is available in our Classification Management article. 

Monitoring Your Sensitive Data Posture

You can access the classification data that Cohesity retrieves from Dasera and view it on the Data Classification → Sensitive Data Posture page in the Security Center. The Sensitive Data Posture page displays the workloads that Dasera has identified as containing sensitive data and their protection status. Using these details, you can protect the workloads with sensitive data using Cohesity DataProtect as a Service.

The Sensitive Data Posture page shows only the objects registered on Cohesity DataProtect that have Dasera DSPM Tags.  Infrastructure tags (those applied directly in AWS, often for purposes outside of data security) are not published as DSPM Tags.

At a minimum, Dasera's tags are automatically synced with Cohesity every 24 hours. In addition, tags are also synced each time your data stores are scanned.

Troubleshooting

If you don't see your latest tag assignments represented in Cohesity, please open a support ticket by emailing support@dasera.com.