The AI-powered Cognito NDR platform from Vectra enables security teams in financial service Institutions (FSI) to identify and respond faster to hidden threats. Vectra helps FSI security leaders reduce the risk of a breach, improve the efficiency of their security operations, help to ensure compliance, and extend cybersecurity into the cloud.
Select your role
Regulatory assessment tools such as the UK’s CBEST, European TIBER-EU , the USA’s Federal Financial Institutions Examination Council (FFIEC) and New York State Department of Financial Services (NYSDFS) cybersecurity regulations and frameworks take an intelligence-led approach to identifying salient threats to FSI, and their requirement to demonstrate, using independent delivered penetration testing the ability to protect against identified risks.
Vectra matures Incidence Response capability and improve performance in compliance driven penetration tests by:
Understanding observed attack behaviors from within FSI provides a valuable contribution to intelligence-based threat modeling and definition of security controls. These Tactics, Techniques and Procedures can also be mapped to the MITRE ATT&CK framework.
By focusing on the immutable behaviors that attackers must manifest Vectra enables security controls that have broad coverage and longevity unlike traditional fragile signatures which are explicit fingerprint to find a singular piece of malicious code or piece of known attacker infrastructure.
Quickly and accurately identify and respond to the subtle signals of attackers inside your defenses.
Sharpen your incident response skills, get inside the head of your adversaries and experience how NDR can be used in our complimentary Blue Team or Red Team virtual workshop. You’ll also earn ISC2 CPE credits.
Select your persona
FSIs increasingly adopt cloud services and platforms for agility, scale and economic benefits. Cloud adoption can bring a concentration of risks through the consolidation of multiple services onto a single platform, and so make a rich target for would be attackers. Regardless of your cloud operating model — SaaS, PaaS, IaaS etc one constant is the requirement to own identity control across your on-prem environment and cloud instances.
By analysing hundreds of Cognito NDR platform deployments, Vectra has identified attacker behaviour insights that expose tactics that remain open to abuse. In many cases, these tactics cannot be completely blocked without materially damaging legitimate operations, so early and effective detection and response is essential.
Vectra Analysis of live NDR deployments has identified vulnerabilities posed to financial services organisations. Compared to many industries FSI invest heavily into their security controls, often shutting down unused pathways and protocols and services. This has a forcing function on attackers who must use the “lay of the land” and use hidden tunnels within legitimate protocols and services, including encrypted communications to surreptitiously access and steal data.
Analysis of hidden tunnels detected inside FSI Vectra NDR deployments revealed their use for both Command and Control (C2) and Data Exfiltration within common protocols such as HTTP, HTTPS an DNS. These detections did not require any decryption or deep packet inspection, instead using AI powered behaviour analysis targeting specific attacker techniques.
Attackers hide in plain sight when they have penetrated your systems. Vectra research detected significantly more hidden command-and-control tunnels per 10,000 monitored devices in financial services than all other industries combined. There were also more than twice as many hidden data-exfiltration tunnels in financial services.
Hidden tunnels are by their very nature hard to find. By using AI to automate threat detection and incident response, the Cognito NDR platform enables financial service organisations to condense days, weeks, and months of manual security investigations into minutes. This enables the IR analyst to quickly understand what is happening and quickly respond. Analyst average workload reductions of 34x have been observed in live Vectra Cognito NDR deployments.
“Regulatory oversight is greater and greater, and we have to prove that a control is working. Cognito gives us transparency so we can find control weaknesses and remediate them quickly.”
Leading Security Exchange
“With Cognito, I can focus on the highest-risk threats. With other, I have to filter to get rid solutionsof hundreds or thousands of false positives.”
Senior Services Manager for IT Security
“Cognito for Office 365 is a windfall in light of how attackers are compromising and taking over accounts. As a long-time Vectra customer, I have confidence in identifying and stopping privilege escalation and account takeovers in Office 365.”
Greenhill Investment Bank
“Cognito gives us meaningful information about data exfiltration behaviors,” says Gallo. “It would take a day to find it using firewall logs, and that’s an impossible amount of time.”
ED&F Man Holdings Ltd.
“We went from zero to 100 percent visibility into attack behaviors with Vectra.”
Head of Security
Global financial services firm
“[Vectra] give you the visibility where this is none and going forward a lot of the big government bodies are pushing for behavioral analysis and it fits that perfectly.”