Vectra and Microsoft Join Forces to Fulfill the SOC Visibility Triad

June 9, 2020
Marcus Hartwig
Director, Product Marketing
Vectra and Microsoft Join Forces to Fulfill the SOC Visibility Triad

From the founding of Vectra, we have always strived to make our Cognito Platform “by security professionals, for security professionals.”

Traditional security operations center (SOC) processes typically involve a wide variety of disparate alert notification tools that force overworked analysts to battle massive amounts of inbound alerts. This often leads to missed signals and incorrect alert prioritization. As such, we realize that for us to be successful, we need Cognito to amplify the efficiency of existing teams and to integrate with all other tools a modern SOC leverages seamlessly.

By combining security research with data science, Vectra leverages machine learning (ML) algorithms that automatically detect and triage attacker behaviors, allowing security operation teams to experience reduced workload, instantaneous insights, deeper context, and faster, more accurate response. All while leveraging the tools they already know and prefer. Integrating the best-of-breed tools is something that we further got validated when Gartner published the concept of the SOC visibility triad.

Deep native integrations between network detection and response (NDR), endpoint detection and response (EDR), and security event information management (SIEM) in a triad bring together context from each data source. It also allows for integrated enforcement actions like disabling compromised accounts and isolating the hosts an attacker is using. All while providing pre-built SOC visibility dashboards. Ultimately allowing SOCs to deliver well-coordinated responses, enhance their efficiency, and reduce the dwell times that ultimately drive risk for the business.

That’s why we are particularly glad to announce a partnership and deep product integration with Microsoft Defender for Endpoint (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.

Together with Microsoft Defender for Endpoint, Vectra will enable security professionals to:

  • Combine Vectra’s full 360-degree aerial view of interactions on all cloud and datacenter networks with the in-depth ground-level view from Defender for Endpoint
  • Enrich the high-fidelity Vectra detections with deep process-level host-context from Defender for Endpoint
  • Take surgical and immediate enforcement actions from Vectra closer to the source using Defender for Endpoint

Together with Azure Sentinel, Vectra will enable security professionals to:

  • Bring the Vectra high fidelity behavioral detections straight to Sentinel Workbooks for immediate attention
  • Automate incidents in Azure Sentinel based on configurable threat and certainty score thresholds from Vectra
  • Perform forensic analysis on incidents to identify devices, accounts, and attackers involved

This integration will ultimately elevate the visibility of the SOC and prevent attackers from establishing footholds across enterprise networks.

Vectra has also been invited to become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors purpose-built to defend against increasing cyber threats. We are incredibly proud to be a partner of the Microsoft ecosystem, and this deep product integration is something that well aligns us with the needs of our customers, especially today, when many security vendors are focusing on a more outdated and monolithic approach.

Learn more about our integration with Microsoft, as well as view demos of how easily analysts will have the appropriate information at their fingertips to be able to take surgical and immediate action.