Vectra Active Enforcement for the Demisto security automation and orchestration platform
- Collaborative cybersecurity ensures faster, more efficient threat investigations
- Improves investigative efficiency by automating data enrichment and analysis
- Selectively triggers response actions based on threat type, risk and certainty
- Combines automated behavior-based threat analysis with real-time enforcement
Why integrate Demisto with Vectra AI?
There is a need to close the cybersecurity skills gap facing enterprise security operations teams. The Vectra Active Enforcement application for Demisto enables security teams to quickly expose a variety of hidden cyber attack behaviors, pinpoint host devices at the center of an attack, and block threats before data is compromised or stolen.
With Vectra, automation plays a pivotal role. It automatically pinpoints physical host devices at the center of an attack, and tracks and scores threats in context over the full duration of the attack. The Vectra Threat Certainty Index™ displays alerts with threat and certainty scores so security teams instantly know which host devices with attack indicators pose the biggest risk with the highest degree of confidence.
Vectra Active Enforcement for Demisto automates the response phase by enabling quick and effective enforcement action by perimeter and endpoint security solutions.
Benefits of integrating Vectra with Demisto
This automation offers two benefits – security analysts can stop active attacks before damage is done, and seamless and quick investigation workflows are enabled through integration with ticketing systems and war-room capabilities. Vectra customers have reported 75-90% reductions in time spent on threat investigations. Vectra Active Enforcement for Demisto turns Cognito threat detections into action by integrating with other leading security solutions to stop attacker traffic or quarantine compromised host devices. Collaboration and forensics investigative capabilities provide efficiency and advanced investigation features by automating data enrichment and analysis with Demisto automation scripts.
Workflow responses
Responses can be triggered in a variety of ways to initiate and streamline operational workflows. Demisto can receive an alert from Vectra and respond appropriately as defined by a default or custom Demisto playbook. Analysts can also trigger a response by kicking-off a Demisto playbook from the Cognito UI using predefined event tags. In addition, a response can be fully automated based on the type of threat, as well as threat and certainty scores of specific host devices, including PCI in-scope hosts and hosts with personally identifiable information (PII) or protected health information (PHI). By automating threat hunting, analysis and response, security teams can condense weeks of work into seconds and take action before damage is done.
Additional resources
Vectra AI's User-Centric Approach to Delivering Advanced Attack Signal Intelligence
Discover how Vectra AI, through user feedback, has improved its scoring model and user interface to provide more effective threat prioritization.
Blue Team Workshop: Become a Master Threat Hunter
Learn how to detect and respond to attacks in a simulated enterprise environment. An opportunity to sharpen your threat analysis, hunting and defending skills.
The AI Behind Vectra AI
Not all AI is the same, learn Vectra’s multi-patented data science approach to surfacing the most sophisticated and evasive threats with a unique balance of human and artificial intelligence.
