news release

Vectra and Phantom partner to detect, prioritize and stop hidden cyber-attacks faster

Sorry, this news release has not been published yet, check back later!

November 8, 2017

Vectra®, the leader in automating the hunt for in-progress cyber-attacks, and Phantom, the leader in security automation and orchestration, today announced a partnership to automate threat detection and response, and the availability of the Vectra App for Phantom.

“Faster incident response is critical, but faced with a severe shortage of cybersecurity skills, enterprises are turning to security operations and analytics platform architecture, or SOAPA,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “This architecture enables cooperation amongst security tools while helping security analysts pivot across tools to find data and take action as they need in real time.”

“Vectra and Phantom share a mission to automate threat detection and response,” said Mike Banic, vice president of marketing at Vectra. “The Cognito ™ platform from Vectra uses AI to automate the detection, triage, correlation and prioritization of threats, and our partnership with Phantom enables automated security orchestration with a broad ecosystem of partners.”

The Vectra App for Phantom enables the prioritized threats detected by Cognito, as well as the host and detection context about these threats, to flow into the Phantom Security Automation and Orchestration platform.

Phantom playbooks then drive automated contextual correlation with indicators from other security tools and active enforcement based on prescriptive actions that enable security teams to stop threats faster – from data center and cloud workloads to user and internet-of-things (IoT) devices.

With the Vectra App for Phantom, security teams can:

  • Take action to stop threats faster – From the Cognito platform, security operations teams can use Phantom playbooks to take specific actions against in-progress attacks, such as blocking or quarantining a high-risk workload or device or killing a process.
  • Streamline threat investigations – Together, Cognito and Phantom enable security teams to accelerate threat investigations using automated or semi-automated workflows to correlate host and detection information from Cognito with information from other security tools. The combined insights from across the security ecosystem reduce complex threat investigation times.
  • Automate investigations for critical detection types – With insights from Cognito and the orchestration power of Phantom, security teams can quickly identify critical threats like ransomware, lateral movement or data exfiltration, and speed-up threat investigations.
  • Enrich threat investigations with rich data When managing cases through Phantom, security operations teams can tap into vast data from Cognito to reveal hidden attacker behaviors across the kill chain and gain more detailed views of every threat.

“The key to successful automation is having good threat data to act on,” said Rich Hlavka, vice president of business development at Phantom. “Cognito from Vectra prioritizes and drives Phantom automation based on the threat level and certainty of an attack, ensuring better accuracy. Our automation playbooks help to reduce the analyst workload and increase consistency in the SOC.”

To find out more about how Vectra and Phantom work together to speed-up the time to detect, prioritize and stop hidden cyber attacks, join us for the tech session on Dec. 1, 2017 at 9 a.m. PT. Register now at

About Phantom

Phantom is the leader in security automation and orchestration. It integrates your existing security technologies, providing a layer of connective tissue between them. The Phantom platform helps you work smarter by automating repetitive tasks, effectively force multiplying your team’s efforts and allowing them to focus their attention on mission-critical decisions. It also helps you respond faster and reduce dwell times with automated detection, investigation, and response. Using Phantom helps you strengthen your defenses by integrating your entire security infrastructure together so that each part is actively participating in your defense strategy. For more information visit:

About Vectra Vectra® is transforming cybersecurity with AI. Its Cognito platform automates cyberattack detection and response from data center and cloud workloads to user and IoT devices. Cognito correlates threats, prioritizes hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 168x. Vectra was named “Most Innovative Emerging Company” in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra has been issued 5 U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit

Vectra, the Vectra Networks logo and ‘Security that thinks’ are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.

Media contact

Most recent news releases

Vectra Named Winner of the Coveted InfoSec Awards during RSA Conference 2020

February 24, 2020
Read news release

Vectra AI Announces Integration with Chronicle's Security Analytics Platform

February 24, 2020
Read news release

Vectra Relieves the Burden of Alert Fatigue by Bringing Together High Fidelity Signals and Automated Enforcement

February 13, 2020
Read news release