Back to Blog ブログ一覧へ戻る

Threat Detection and Response for Everywhere the Adversaries Go

By
Jose Malacara
|
April 22, 2021

We're excited to announce extended endpoint detection and response (EDR) native integration support in the Cognito Platform! By unifying Vectra detection and response and EDR experience, users can now benefit from simple, turnkey integrations that offer comprehensive coverage across the enterprise, IoT devices, hybrid cloud, and cloud in addition to EDR. This ultimately enhances user experience for the tools already deployed in your arsenal.

To extend existing coverage, we’re adding additional support for VMware Carbon Black Cloud Endpoint, Sentinel One Singularity, and FireEye Endpoint Security to our current list of native EDR integration partners, including CrowdStrike and Microsoft Defender for Endpoint.  

The challenge and the solution

Today’s cyberattackers are adept at evading prevention security defenses along the network perimeter, and security teams are often overloaded with inconclusive alerts and slow investigations. Once attackers get inside the network, they often go undetected for many months—giving them plenty of time to steal key assets and cause irreparable damage.

With the Cognito platform automatic response feature, Host Lockdown, analysts can automatically disable network hosts that exhibit suspicious activity at the endpoint. If analysts need to take matters into their own hands, they also have the option to manually disable hosts during an investigation. Disabling a host can significantly slow down an active attack by limiting access to additional resources. This curtails the threat actor’s reach and gives the security operations center (SOC) more time to investigate and remediate attacks.

For convenience and speed, the Host Lockdown feature correlates information between the network and the endpoint to provide a unified view of a cyberattack within the Detect user interface (UI). By analyzing all traffic and logs to automatically detect attack behaviors, Detect prioritizes each one based on the risk they pose to your organization. This efficient security operations workflow reduces response and investigation time—enabling security teams to mitigate high-risk threats.

Host Lockdown ensures that automation causes as little disruption as possible while giving you greater confidence that attackers are stopped in their tracks. By working together with the largest number of EDR vendors, we now offer complete visibility from cloud to ground to endpoint.

Our integrations reduce complications

Modern ransomware and supply chain attacks highlight the need for threat detection not only at the endpoint but also at the network and in the cloud.  

While other network detection and response (NDR) vendors currently have limited integrations, Vectra already has, and will continue to build, an open platform that’s rooted in collaboration and gives organizations total visibility. Our strategically integrated workflows eliminate shifting between security products, so SOC teams can see and stop threats before they become breaches.

According to 451 Research’s Voice of the Enterprise Key Workloads and Projects Advisory report released in September 2020, on average, enterprises have 2.97 endpoint solutions deployed to combat discrepancies in traditional measures—exacerbated by recent work from home conditions. To withstand the current threat landscape, it is critical for organizations to have an NDR solution that integrates with a variety of EDR vendors to achieve full visibility and automated response.  

A whole host of benefits

These strategic EDR integrations serve the unique needs and resources of each organization. Our commitment to strengthening integrations with EDR addresses customer needs when it comes to precise threat hunting.  

This combination delivers complete visibility, provides analysts with a better workflow experience, and empowers business leaders to combat threats in a unified UI display.

To explore our EDR integrations, please visit our partner page. To see how Vectra can help, schedule a demo.