Vectra Launches Cognito Stream to Empower Threat Hunters and Incident Investigators using Metadata Enhanced with Security Insights
Delivers enterprise-scale network metadata to data lakes without the complexity, constant tuning and scale limitation of open-source Zeek.
Vectra today announced the immediate availability of Cognito® Stream™, delivering enterprise-scale network metadata in Zeek format enriched with security insights to empower threat hunters and incident investigators by leveraging existing software tooling. Cognito Stream enriches metadata with host identity so security analysts can investigate incidents with unprecedented efficiency using the complete context about incidents in network communications between cloud and data center workloads and user and IoT devices.
“Security analysts shouldn’t also have to be network experts to complete threat investigations. Searching NetFlow data, which lacks detail, or packet data, which is too complex and costly to store, must be performed based on IP address, which is not intuitive and requires additional correlation with separate dynamic host control protocol (DHCP) logs,” said Eric Ogren, senior security analyst at 451 Research. “A key network visibility, detection and response requirement is to use intelligence in correlating traffic data and presenting meaningful insights to security analysts.”
Cognito Stream provides a transactional record of every network communication across the organization to an enterprise-scale data lake or security information and event management (SIEM) system. Cognito Stream enriches metadata with host identity to eliminate parallel searches in DHCP logs to find the device using an IP address at specific times and tracks IP address changes. By collecting and forwarding historical metadata, rather than full packet capture, Cognito Stream reduces the storage required by over 99% and ensures compliance with data privacy mandates like the European Union General Data Protection Regulation (GDPR).
“Evaluate Cognito Stream if you have invested in your own data lake,” said Dan Basile, executive director of security operations at The Texas A&M University System. “Context is always key to being able to find threats. The ability to correlate enriched metadata with other data sources and hunt retrospectively for threats based on high-value indicators of compromise (IoCs) can reduce noise and enable your analysts to reduce the time to remediation.”
Cognito Stream delivers:
Network metadata provides a security analyst with a high-level view of patterns and events as they occur across an entire network. Host and application data provide an analyst with granular low-level data to behaviors at the host level, including system processes and memory access. Combined, these datasets provide a comprehensive map of the enterprise, giving a multilevel view of what might be going on, and are most effectively used in tandem by hunters to detect advanced threats.
“Cognito Stream delivers rich metadata that provides additional enrichment over Zeek while providing full compatibility with all existing Zeek tooling,” said Rohan Chitradurga, director of product management, Vectra. “This addresses the need to quickly and easily hunt for threats in large enterprises without the operational overhead of managing the sensor infrastructure.”
Cognito Stream is currently available for purchase and deployment. Contract Vectra for specific licensing information.
For more information about Vectra and the Cognito platform, please visit https://www.vectra.ai/.
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using artificial intelligence to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. For more information, visit www.vectra.ai.
Lumina Communications for Vectra
Report: A vulnerable attack surface exists in healthcare enterprise IT networks
Vectra named a Representative Vendor in the inaugural Gartner Market Guide for Network Traffic Analysis
Ardagh Group selects Vectra AI to acceleratethreat detection and investigation