Vectra and CrowdStrike Turn the Tables on Cyberattackers

October 15, 2020
Vectra AI Security Research team
Cybersecurity
Vectra and CrowdStrike Turn the Tables on Cyberattackers

We’re excited to reveal further capabilities of the new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight endpoint detection and response (EDR). This deep product integration enables Vectra to automatically thwart cyberattackers on the device level. Detecting real-time attacks in tandem with the ability to monitor deep process-level attacks ensures low noise and high-fidelity behavioral detections.

Dwell time is the period when a compromise first occurs to when it is detected. According to the 2020 CrowdStrike Services Cyber Front Lines Report, the average dwell time increased from 85 days in 2018 to 95 days in 2019 due in part to advanced adversaries employing stronger countermeasures. Longer dwell time in an organization’s network allows threat actors to conduct internal reconnaissance and to better understand how the victim environment works so they can increase the effectiveness of their attack.

By blocking and isolating attackers, not resources, Lockdown significantly reduces dwell times that heighten business risk without disrupting regular operation. Additional context, such as identifiers and other host data from Falcon Insight, are shown automatically in the Cognito Platform UI to enrich Vectra detection information from the network perspective.

Together, this Vectra/CrowdStrike integration provides instant access to information for verification and investigation, all while empowering analysts to quickly turn the tables on attackers with automated response to attacks.

Benefits of a Cognito and Falcon Insight integration

With the combined abilities of Cognito with Falcon Insight, customers can now surgically and automatically isolate the hosts involved in an attack while initiating automated response actions, returning valuable time to security analysts.

1. Easily integrate network and endpoint content

with instant access to additional information for verification and investigation. Host identifiers and other host data from Falcon Insight are shown automatically in the Cognito Platform UI to enrich Vectra detection information from the network perspective.

2. Reveal traits and behaviors of a threat that are only visible inside the host

to verify a cyberthreat quickly and conclusively while also learning more about how the threat behaves on the host itself.

3. Take swift, decisive action

armed with network and endpoint context. Security teams can quickly isolate compromised hosts from the network to halt cyberattacks and avoid a catastrophic data breach.

Cognito from Vectra is the first network detection and response (NDR) solution to confront automated enforcement based on prioritized, high-fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards against malicious access to resources that are critical to the host organization.

Learn more about our integration with CrowdStrike by checking out the news release, visiting our CrowdStrike partner page, and reading this solution brief.

FAQs