We're excited to announce extended endpoint detection and response (EDR) native integration support in the Cognito platform! By unifying Vectra detection and response and EDR experience, users can now benefit from simple, turnkey integrations that offer comprehensive coverage across the enterprise, IoT devices, hybrid cloud, and cloud in addition to EDR. This ultimately enhances user experience for the tools already deployed in your arsenal.
To extend existing coverage, we’re adding additional support for VMware Carbon Black Cloud Endpoint, Sentinel One Singularity, and FireEye Endpoint Security to our current list of native EDR integration partners, including CrowdStrike and Microsoft Defender for Endpoint.
The challenge and the solution
Today’s cyberattackers are adept at evading prevention security defenses along the network perimeter, and security teams are often overloaded with inconclusive alerts and slow investigations. Once attackers get inside the network, they often go undetected for many months—giving them plenty of time to steal key assets and cause irreparable damage.
With the Cognito platform automatic response feature, Host Lockdown, analysts can automatically disable network hosts that exhibit suspicious activity at the endpoint. If analysts need to take matters into their own hands, they also have the option to manually disable hosts during an investigation. Disabling a host can significantly slow down an active attack by limiting access to additional resources. This curtails the threat actor’s reach and gives the security operations center (SOC) more time to investigate and remediate attacks.
For convenience and speed, the Host Lockdown feature correlates information between the network and the endpoint to provide a unified view of a cyberattack within the Detect user interface (UI). By analyzing all traffic and logs to automatically detect attack behaviors, Cognito Detect prioritizes each one based on the risk they pose to your organization. This efficient security operations workflow reduces response and investigation time—enabling security teams to mitigate high-risk threats.
Host Lockdown ensures that automation causes as little disruption as possible while giving you greater confidence that attackers are stopped in their tracks. By working together with the largest number of EDR vendors, we now offer complete visibility from cloud to ground to endpoint.
Our integrations reduce complications
While other NDR vendors currently have limited integrations, Vectra Cognito already has, and will continue to build, an open platform that’s rooted in collaboration and gives organizations total visibility. Our strategically integrated workflows eliminate shifting between security products, so SOC teams can see and stop threats before they become breaches.
According to 451 Research’s Voice of the Enterprise Key Workloads and Projects Advisory report released in September 2020, on average, enterprises have 2.97 endpoint solutions deployed to combat discrepancies in traditional measures—exacerbated by recent work from home conditions. To withstand the current threat landscape, it is critical for organizations to have an NDR solution that integrates with a variety of EDR vendors to achieve full visibility and automated response.
A whole host of benefits
These strategic EDR integrations serve the unique needs and resources of each organization. Our commitment to strengthening integrations with EDR addresses customer needs when it comes to precise threat hunting.
This combination delivers complete visibility, provides analysts with a better workflow experience, and empowers business leaders to combat threats in a unified UI display.
Jose Malacara is a senior product manager at Vectra. He is an AWS Certified Solutions Architect and has over 18 years of broad technology experience, drawing on his many years working in various product management, sales and network engineering roles building and supporting cloud applications for companies like FATHOM, Rackspace and ANX.