Vectra introduces Cognito Recall to deliver AI-assisted threat hunting and enable conclusive incident investigations

Vectra today announced a major expansion of the Cognito platform with Cognito Recall. A comprehensive source of enriched metadata, Cognito Recall empowers highly-skilled security analysts to conduct conclusive incident investigations and perform AI-assisted threat hunting.

Many of today’s threat hunting tools enlist manual techniques, suffer from inflexible data retention and access, rely on expensive and proprietary storage, and lack the fidelity and context required for swift and thorough attack investigations.

Cognito Recall rises above these deficiencies by collecting, analyzing and storing as much metadata as needed for forensic investigations and compliance mandates like GDPR. It also empowers AI-assisted threat hunting using high-quality indicators of compromise and provides a chain of forensic evidence behind every cyberattack.

“We deployed Cognito Recall and it delivered immediate value,” said John Shaffer, CIO at global investment banking firm Greenhill & Company. “Cognito Recall enabled us to more quickly and thoroughly perform an incident investigation based on endpoint security alerts. It empowered our team to do something in minutes that would normally require days and prevented a risk to our business.”

“As operators of some of the most popular online gaming brands in the world, our ability to proactively detect complex, multistage cyberattacks and launch deeper investigations into their root causes is critically important,” said Mark Rodman, department head of information security operations at the Stars Group, owner of PokerStars, the world’s largest online poker site. “Cognito Recall represents a dramatic leap forward in AI-assisted threat hunting and incident investigation.”

Cognito Recall and its equally powerful AI counterpart, Cognito Detect, are cornerstones of the Vectra Cognito platform. Cognito Detect automates the real-time detection of hidden attackers in cloud and data center workloads and user and internet-of-things devices while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting as part of the investigative process.

“While working with customers who use the Cognito platform, we found that they face significant operational challenges when conducting manual forensic investigations and threat hunting,” said Kevin Kennedy, vice president of product management at Vectra. “Cognito Recall tackles these challenges by providing the best single high-fidelity source for enriched metadata coupled with tight integration with Cognito Detect. And by leveraging our cloud delivery, customers benefit from limitless scale and zero management overhead.”

The unique capabilities of Cognito Recall are summarized below:

• Empowers threat hunters. With real-time collection and storage of enriched enterprise-wide metadata, relevant logs and cloud events, Cognito Recall enables threat hunters to leverage their deep knowledge of advance cyberattacks.
• Enables intelligent investigation of device activity.All network metadata stored in Cognito Recall is associated with devices and host names, not just IP addresses, enabling intelligent investigations of any device’s activity over time, regardless of IP address changes.
• Provides enterprise-wide visibility. Cognito Recall provides high-fidelity visibility into the actions of all cloud and data center workloads and user and IoT devices by collecting and storing enriched network metadata, relevant logs and cloud events in real-time.
• Delivers cloud-powered limitless scale. Cognito Recall is cloud-based, enabling near-limitless scale. Store and search metadata for as long as you need it while Vectra manages the infrastructure.

Vectra Networks is positioned by Gartner, Inc. in the Visionaries quadrant in its 2018 Magic Quadrant for Intrusion Detection and Prevention Systems¹.

¹Gartner, Inc., Magic Quadrant for Intrusion Detection and Prevention Systems, Craig Lawson, Claudio Neiva, January 10, 2018.

Gartner disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.