 back to blog

Vectra and CrowdStrike Turn the Tables on Cyberattackers

October 15, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

We’re excited to reveal further capabilities of the new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight endpoint detection and response (EDR). This deep product integration enables Vectra to automatically thwart cyberattackers on the device level. Detecting real-time attacks in tandem with the ability to monitor deep process-level attacks ensures low noise and high-fidelity behavioral detections.

Dwell time is the period when a compromise first occurs to when it is detected. According to the 2020 CrowdStrike Services Cyber Front Lines Report, the average dwell time increased from 85 days in 2018 to 95 days in 2019 due in part to advanced adversaries employing stronger countermeasures. Longer dwell time in an organization’s network allows threat actors to conduct internal reconnaissance and to better understand how the victim environment works so they can increase the effectiveness of their attack.

By blocking and isolating attackers, not resources, Lockdown significantly reduces dwell times that heighten business risk without disrupting regular operation. Additional context, such as identifiers and other host data from Falcon Insight, are shown automatically in the Cognito Platform UI to enrich Vectra detection information from the network perspective.

Together, this Vectra/CrowdStrike integration provides instant access to information for verification and investigation, all while empowering analysts to quickly turn the tables on attackers with automated response to attacks.

Benefits of a Cognito and Falcon Insight integration

With the combined abilities of Cognito with Falcon Insight, customers can now surgically and automatically isolate the hosts involved in an attack while initiating automated response actions, returning valuable time to security analysts.

1. Easily integrate network and endpoint content

with instant access to additional information for verification and investigation. Host identifiers and other host data from Falcon Insight are shown automatically in the Cognito Platform UI to enrich Vectra detection information from the network perspective.

2. Reveal traits and behaviors of a threat that are only visible inside the host

to verify a cyberthreat quickly and conclusively while also learning more about how the threat behaves on the host itself.

3. Take swift, decisive action

armed with network and endpoint context. Security teams can quickly isolate compromised hosts from the network to halt cyberattacks and avoid a catastrophic data breach.

Cognito from Vectra is the first network detection and response (NDR) solution to confront automated enforcement based on prioritized, high-fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards against malicious access to resources that are critical to the host organization.

Learn more about our integration with CrowdStrike by checking out the news release, visiting our CrowdStrike partner page, and reading this solution brief.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch