Understand Your Environment
Better with Security Insights
All networks contain countless rules and identities with corresponding accounts and privileges. The proliferation of IoT and BYOD devices has created an infrastructure that is highly complex and keeping track of connected hosts, user identities and account privileges is now a full-time job.
Security analysts need to have an accurate understanding of the realities of their cloud, data center, IoT, and enterprise networks if they’re to defend it. Familiarity only goes so far – analysts need infrastructure-wide visibility to stay ahead of unusual activity that they might not have noticed without enriched security insights. In order to achieve this, analysts need to extract deeper context from that visibility.
The new security insights feature in the Cognito network detection and response (NDR) platform from Vectra assesses interactions across cloud, data center, IoT, and enterprise networks. Malicious behaviors are distilled, analyzed, and presented to analysts with the deep context they need.
The Cognito NDR platform with security insights gives analysts a complete view of all hosts, user identities and account privileges – from cloud to enterprise – and shows how they function. This improves the investigative process in three critical ways:
1. Respond and investigate faster
With security insights, Cognito NDR platform gathers all the information necessary to conduct conclusive threat investigations and displays it in a single location. Vectra eliminates the need for analysts to leave the application and provides additional valuable insights related to attacker detections.
Automatically disclosing detailed ad relevant insights to analysts speeds up and streamlines the investigative process. Accurate, readily available information also improves security operations efficiency. Vectra has proven to be 85% more efficient in identifying threats.
With faster investigations and reduced time to detection, analysts can investigate more threat events in a shorter window of time and stop data breaches.
2. Gain insights into accounts and devices
Identifying new or unknown devices across the infrastructure is critical to remediation efforts and understanding how attacks unfold. Analysts can leverage security insights to investigate new and unusual events using existing network metadata.
Cognito automatically identifies new accounts and labels hosts by the role they perform – such as domain controller or DNS server – and assesses all accounts and permissions being used and added across your extended infrastructure.
With critical snapshots that show what’s happening in particular infrastructure environments, analysts are better equipped to evaluate the risks involved with a detection and take well-informed response actions.
3. Understand the function of assets
Only the Cognito NDR platform offers a 360-degree view of all accounts, from the cloud to your on-premises enterprise network. Cognito from Vectra is uniquely qualified to recognize and evaluate interactions between workloads and identities, which gives analysts actionable knowledge about their purpose and function. This also helps analysts assess internal compliance mandates and policy violations.
Vectra observes the interactions between hosts, user identities, and account privileges across your data infrastructure and then distills deeper security context about these behaviors. This gives analysts a better understanding of what they’re protecting, why it's critical, and what to prioritize.
The Vectra difference
Recently published business value research by IDC found that Vectra enables organizations to proactively identify real threats, dramatically rising from one-third (31%) to nearly all actual threats (93%), which is nearly a three-fold (197%) increase.
With Cognito security insights from Vectra, analysts will understand better all activity across the data infrastructure, from cloud, data center, IoT, and the enterprise.
Vectra gives analysts extraordinary situational awareness to intervene in the earliest phases of an attack and conduct conclusive investigations swiftly and efficiently without pivoting to other security solutions.