Vectra and CrowdStrike Turn the Tables on Cyberattackers

Vectra and CrowdStrike Turn the Tables on Cyberattackers

Vectra and CrowdStrike Turn the Tables on Cyberattackers

Vectra and CrowdStrike Turn the

Tables on Cyberattackers

Vectra and CrowdStrike Turn the

Tables on Cyberattackers

By:
投稿者:
Marcus Hartwig
October 15, 2020

We’re excited to reveal further capabilities of the new Cognito Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR). This deep product integration enables Vectra to automatically thwart cyberattackers on the device level. Detecting real-time attacks in tandem with the ability to monitor deep process-level attacks ensures low noise and high-fidelity behavioral detections.

Dwell time is the period when a compromise first occurs to when it is detected. According to the 2020 CrowdStrike Services Cyber Front Lines Report, the average dwell time increased from 85 days in 2018 to 95 days in 2019 due in part to advanced adversaries employing stronger countermeasures. Longer dwell time in an organization’s network allows threat actors to conduct internal reconnaissance and to better understand how the victim environment works so they can increase the effectiveness of their attack.

By blocking and isolating attackers, not resources, Lockdown significantly reduces dwell times that heighten business risk without disrupting regular operation. Additional context, such as identifiers and other host data from Falcon Insight, are shown automatically in the Cognito network detection and response (NDR) platform UI to enrich Vectra detection information from the network perspective.

Together, this Vectra/CrowdStrike integration provides instant access to information for verification and investigation, all while empowering analysts to quickly turn the tables on attackers with automated response to attacks.

Benefits of a Cognito and Falcon Insight integration

With the combined abilities of Cognito with Falcon Insight, customers can now surgically and automatically isolate the hosts involved in an attack while initiating automated response actions, returning valuable time to security analysts.

  1. Easily integrate network and endpoint content with instant access to additional information for verification and investigation. Host identifiers and other host data from Falcon Insight are shown automatically in the Cognito NDR platform UI to enrich Vectra detection information from the network perspective.
  2. Reveal traits and behaviors of a threat that are only visible inside the host to verify a cyberthreat quickly and conclusively while also learning more about how the threat behaves on the host itself.
  3. Take swift, decisive action armed with network and endpoint context. Security teams can quickly isolate compromised hosts from the network to halt cyberattacks and avoid a catastrophic data breach.

Cognito from Vectra is the first NDR solution to confront automated enforcement based on prioritized, high-fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards against malicious access to resources that are critical to the host organization.

Learn more about our integration with CrowdStrike by checking out the news release, visiting our CrowdStrike partner page, and reading this solution brief.

You can also watch our presentation at Fal.Con 2020, where we’ll discuss this integration in depth along with other Cognito features.

About the author

Marcus Hartwig

Marcus Hartwig is a senior product marketing manager at Vectra. Has been active in the areas of IAM, PKI and enterprise security for more than two decades. His past experience includes product marketing at Okta, co-funding a company in cybersecurity professional services, as well as managing a security product company – a combination that has left him passionate about all parts of product marketing, design and delivery.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Why NDR is a Required Component of NIST Zero Trust Architecture

October 22, 2020
Read blog post
Threat detection

アラート疲れと質の低いシグネチャーによって攻撃を見逃すことも

August 11, 2020
Read blog post
Integration

Vectra and CrowdStrike Turn the Tables on Cyberattackers

October 15, 2020
Read blog post