 back to blog

Expanding Vectra Lockdown Capabilities with Defender ATP

Jose Malacara
Senior Product Manager
July 14, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

A few months ago, I wrote about the Cognito Platform’s new automatic response feature—Vectra Account Lockdown. By integrating with an identify provider (IdP) like Active Directory and leveraging our world-class AI detection capabilities, Account Lockdown can automatically disable network accounts that demonstrate suspicious activity.

Analysts also have the option to manually disable accounts during a security investigation. Disabling an account can significantly slow down an active attack by limiting access to additional resources. This limits the attack's blast radius and gives your SOC more time to investigate and stop the attack. And while this has been incredibly well received by our customers, especially when configured to automatically trigger on high-fidelity scoring thresholds—namely threat, certainty and observed privilege – we knew our work was not done.

For immediate and precise enforcement, you must go directly to the source of an attack and lockdown the endpoint itself.

Our integration with Microsoft Defender for Endpoint does just that. In addition to enriching Detect hosts with contextual endpoint data, security analysts can now perform Host Lockdown on Microsoft Defender ATP hosts, right from the Cognito Detect UI. Like the Vectra Account Lockdown, Host Lockdown can be performed manually by an analyst with a button-click or configured for automated enforcement triggering against host threat, certainty and observed privilege scoring thresholds.

With automated active enforcement actions, organizations must always balance risk. On one side, overzealous enforcement on bad alerts will cause widespread outages, disrupt operations, and, in some cases, create more damage than some real attacks. On the flip side, not acting might allow attackers to gain a stronger foothold in your networking environment.

With the Vectra Host Lockdown, we leverage our industry-best behavioral-based AI detections with the precise enforcements that you get from Microsoft Defender for Endpoint. This essentially gives you the best of both worlds. It’s a great way to ensure that automation causes as little disruption as possible while giving you greater confidence that attackers are stopped in their tracks.

Learn more about Host Lockdown, and about our integration with Microsoft Defender for Endpoint. I’ve also created a video there, showcasing how our products work together. And as always, don’t hesitate to contact us to learn more or schedule a demo.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch