Data backup and management company Cohesity today announced plans to offer an Azure OpenAI-backed chatbot as both a security analysis tool and line-of-business assistant, along with tighter integration with Active Directory, Sentinel and Purview, as part of an expanded partnership with Microsoft.
The chatbot is designed to help with both rapid security analysis and business end-user tasks. In a demonstration given the day before the announcement, Cohesity senior director of systems engineering Greg Statton showed off the former use case by showing a security console with some potential irregularities displayed. Using natural language queries, the system was able to identify users accessing backup systems from unusual IP addresses, as well as describe anomalous behavior in log data.
“As we all know, ransomware is not only going after your data, but then it’s immediately trying to attack that backup,” Statton said. “And so I thought it’d be really interesting to take that live log stream data of who’s accessing the backup system and what it is they’re doing, and synthesize it into a very crisp executive summary.”
The idea is that the AI system, which is powered by the Azure OpenAI generative AI fearure set, uses the provided SIEM information as its main data set. It’s similar to the line-of-business functionality that Statton subsequently demoed, giving the example of a law firm using the AI to search through previous cases for those involving particular types of clients or legal issues.
“Through this generative AI hook, I can find out exactly what files [I need] within Cohesity,” he said. “So it’s actually going into that data that’s been highly indexed, grabbing those key paragraphs that match my question.”
The actual provision of these features to the end user, in the security instance, will be done through Microsoft — the company announced that its DataProtect backup-as-a-service offering will now integrate with Microsoft's Sentinel SIEM package for quicker reaction to ransomware alerts and incident tracking. Similarly, Cohesity’s data classification platform will tie into Microsoft's Purview compliance portal for data privacy and discovery.
“OpenAI is a tremendous productivity boon in terms of how quickly you can get answers,” said Cohesity CEO Sanjay Poonen. “It’s not just asking about these meaning-of-life questions, they’re asking questions on your data.”
Cohesity said that these new features aren’t generally available yet, and didn’t specify a release date. Poonen characterized it as an internal research project that the company is working to turn into a functioning product, and gave a timeline of months or quarters for a full release.