We’re excited to reveal further capabilities of the new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight endpoint detection and response (EDR). This deep product integration enables Vectra to automatically thwart cyberattackers on the device level. Detecting real-time attacks in tandem with the ability to monitor deep process-level attacks ensures low noise and high-fidelity behavioral detections.
Dwell time is the period when a compromise first occurs to when it is detected. According to the 2020 CrowdStrike Services Cyber Front Lines Report, the average dwell time increased from 85 days in 2018 to 95 days in 2019 due in part to advanced adversaries employing stronger countermeasures. Longer dwell time in an organization’s network allows threat actors to conduct internal reconnaissance and to better understand how the victim environment works so they can increase the effectiveness of their attack.
By blocking and isolating attackers, not resources, Lockdown significantly reduces dwell times that heighten business risk without disrupting regular operation. Additional context, such as identifiers and other host data from Falcon Insight, are shown automatically in the Cognito Platform UI to enrich Vectra detection information from the network perspective.
Together, this Vectra/CrowdStrike integration provides instant access to information for verification and investigation, all while empowering analysts to quickly turn the tables on attackers with automated response to attacks.
Benefits of a Cognito and Falcon Insight integration
With the combined abilities of Cognito with Falcon Insight, customers can now surgically and automatically isolate the hosts involved in an attack while initiating automated response actions, returning valuable time to security analysts.
Cognito from Vectra is the first network detection and response (NDR) solution to confront automated enforcement based on prioritized, high-fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards against malicious access to resources that are critical to the host organization.