Vectra and Microsoft Join Forces to Fulfill the SOC Triad

Vectra and Microsoft Join Forces to Fulfill the SOC Triad

Vectra and Microsoft Join Forces to Fulfill the SOC Triad

By:
投稿者:
Marcus Hartwig
June 9, 2020

From the founding of Vectra, we have always strived to make our Cognito platform “by security professionals, for security professionals.”  

Traditional Security Operations Center (SOC) processes typically involve a wide variety of disparate alert notification tools that force overworked analysts to battle massive amounts of inbound alerts. This often leads to missed signals and incorrect alert prioritization. As such, we realize that for us to be successful, we need Cognito to amplify the efficiency of existing teams and to integrate with all other tools a modern SOC leverages seamlessly.  

By combining security research with data science, Vectra Cognito leverages machine learning (ML) algorithms that automatically detect and triage attacker behaviors, allowing security operation teams to experience reduced workload, instantaneous insights, deeper context, and faster, more accurate response. All while leveraging the tools they already know and prefer. Integrating the best-of-breed tools is something that we further got validated when Gartner published the concept of the SOC visibility triad.  

Deep native integrations between NDR, EDR, and SIEM in a triad bring together context from each data source. It also allows for integrated enforcement actions like disabling compromised accounts and isolating the hosts an attacker is using. All while providing pre-built SOC visibility dashboards. Ultimately allowing SOCs to deliver well-coordinated responses, enhance their efficiency, and reduce the dwell times that ultimately drive risk for the business.

That’s why we are particularly glad to announce a partnership and deep product integration with Microsoft Defender ATP (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.

Together with Microsoft Defender ATP, Vectra will enable security professionals to:

  • Combine Vectra’s full 360-degree aerial view of interactions on all cloud and datacenter networks with the in-depth ground-level view from Defender ATP.
  • Enrich the high-fidelity Vectra detections with deep process-level host-context from Defender ATP.
  • Take surgical and immediate enforcement actions from Vectra closer to the source using Defender ATP.    

Together with Azure Sentinel, Vectra will enable security professionals to:

  • Bring the Vectra high fidelity behavioral detections straight to Sentinel Workbooks for immediate attention.
  • Automate incidents in Azure Sentinel based on configurable threat and certainty score thresholds from Vectra.  
  • Perform forensic analysis on incidents to identify devices, accounts, and attackers involved.

This integration will ultimately elevate the visibility of the SOC and prevent attackers from establishing footholds across enterprise networks.  

Vectra has also been invited to become a member of The Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors purpose-built to defend against increasing cyber threats. We are incredibly proud to be a partner of the Microsoft ecosystem, and this deep product integration is something that well aligns us with the needs of our customers, especially today, when many security vendors are focusing on a more outdated and monolithic approach.

Learn more about our integration with Microsoft, as well as view demos of how easily analysts will have the appropriate information at their fingertips to be able to take surgical and immediate action.

About the author

Marcus Hartwig

Marcus Hartwig is a senior product marketing manager at Vectra. Has been active in the areas of IAM, PKI and enterprise security for more than two decades. His past experience includes product marketing at Okta, co-funding a company in cybersecurity professional services, as well as managing a security product company – a combination that has left him passionate about all parts of product marketing, design and delivery.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

セキュリティ担当者がIDPSで苦労する理由

August 25, 2020
Read blog post
Threat detection

なぜIDPSは最新の攻撃を検知する能力に欠けているのか

August 18, 2020
Read blog post
Security operations

Why NDR is a Required Component of NIST Zero Trust Architecture

October 22, 2020
Read blog post