Security teams are overburdened with alerts, increasing the risk of alert fatigue and allowing attackers to be active inside the enterprise network. In addition, organizations need greater visibility into threats and the devices and accounts used in attacks against them.
That’s why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform. This integration delivers automated and actionable intelligence that reduces the security team’s workload and the time attackers are active inside the network.
Once the Cognito platform identifies an infected device, its IP address and threat certainty are ingested into Swimlane over an API-first architecture, which centralizes information from the Cognito platform and other systems. Swimlane then triggers automated response workflows to other security tools to notify users, dynamically segment or quarantine the infected device, stop communication with a command and control (C&C) server or prevent data exfiltration across all device types and network tiers.
By combining data science and machine learning, Vectra provides inside-the-network threat detection as a next layer of defense in today’s security infrastructure. With sophisticated automation and response tools seamlessly integrated across the security ecosystem, Swimlane enables an instant automated response to quarantine an infected device and stop communication with a C&C server, providing a foundation that secures against the broadest spectrum of threats.
Together, Cognito and Swimlane deliver automated and actionable intelligence that reduces the security operations center (SOC) workload and the time attackers are active inside the network. Learn more in the solution brief.