Now available on the Microsoft Azure Marketplace and the AWS Marketplace


Why Now

a cyberattack occurs every

Prevention does not provide the security coverage you require

Traditional approaches have major flaws.
The top 3 major flaws of traditional security approaches according to a Gartner Research note*


Lack of security training


It is assumed that widely-known threat vectors are covered by defense technologies that are often left in monitoring mode after unintended business disruption, due to false positives or misconfigurations.

Dwell time is an astounding 49-150 days (depending on industry) according to the 2020 Verizon DBIR.


Legacy approaches


Reuse old security approaches to secure new ways of conducting business.

68% of the time, security environments were not able to prevent or detect the approaches being tested.
– Mandiant 2019 Security Effectiveness Report


Lack of the right tools


Spend disproportionate amounts of resources and budgets trying to block a threat that cannot be blocked.

Data exfiltration techniques and tactics were successful 67% of time.

* Gartner report: How to Respond to the 2020 Threat Landscape

Detect for Networks Overview

Stop lateral movement in your cloud and enterprise networks. Vectra Detect for Networks finds attackers who have circumvented your preventative security solutions before they can move around.

See how AI-driven network detection and response keeps your data and accounts safe.

The Cognito NDR Platform

Detect for Networks

Detect more

Eliminate alert fatigue and focus on what matters most with real-time attacker behavior detections.

Empower teams

Expand human expertise and increase speed by having AI do the thinking. Our security domain-based AI adds value to your security team.

Address threats

Respond to in-progress threats with renewed confidence and precision while minimizing the impact on security workflows and business operations.

Attackers Can Run, But They Can't Hide

Detect for Networks provides threat detection coverage from the cloud to user and IoT devices


Data center



With Cognito, attackers have nowhere to hide

Detect More

See threat behaviors for unknown and known attacks by tracking internal reconnaissance and lateral movement.

Identify which host devices, workloads and user accounts that are at the center of an attack, in addition to enriched contextual data needed for investigations.

Expose stealthy low-and-slow attacks. The Cognito platform never rests and enables security teams to use their time wisely.

Learn More

Empower Teams

Automate a related chain of events into a single attack campaign to understand the scope and meaning, and prioritize threats based on risk and privilege.

Triage the highest-risk threat detections automatically and mitigate attacks that pose the greatest risk to your organization—all in real time.

Investigate behavior-based threat signals, not volumes of anomalies. Security context is instantly available for conclusive answers about threat behaviors, as well as the hosts and accounts involved in an attack.


  • Network traffic
  • System authorization and SaaS logs
  • IoCs (STIX)

Identify attacker

  • Machine learning
  • Behavioral analytics
  • Network effect

Automated analysis

  • Triage and correlate threats to hosts
  • Prioritize hosts by risk
  • Uncover attack campaigns


  • Intuitive UI and rich context
  • Enable automated response
  • Firewall, endpoint, SIEM and NAC

Address Threats

Respond with accurate and high-confidence signals and eliminate the noise that causes false positives.

Enforce signals from threat behaviors based on user identity and host device—intelligently at the source.

Add value to existing investments by sharing enforcement data from Cognito with third-party security solutions. 

Command and control

Command and control

  • External remote access
  • Hidden DNS tunnel
  • Hidden HTTP/S tunnel
  • Suspicious relay
  • Suspect domain activity
  • Malware update
  • Peer-to-peer
  • Pulling instructions
  • Suspicious HTTP
  • Stealth HTTP post
  • TOR activity
  • Threat intel match



  • Internal darknet scan
  • Port scan
  • Port sweep
  • SMB account scan
  • Kerberos account scan
  • File share enumeration
  • Suspicious LDAP query
  • RDP recon
  • RPC recon

Lateral movement

Lateral movement

  • Suspicious remote exec
  • Suspicious remote desktop
  • Suspicious admin
  • Shell knocker
  • Automated replicatoin
  • Brute-force attack
  • SMB brute-force
  • Kerberos brute force
  • Suspicious kerberos client
  • Suspicious kerberos account
  • Kerberos server activity
  • SQL injection activity
  • Privilege access analytics


and botnet monetization


  • Data smuggler
  • Smash and grab
  • Hidden DNS tunnel
  • Hidden HTTP/S tunnel

Botnet Monetization

  • Abnormal web or ad activity
  • Cryptocurrency mining
  • Brute-force attack
  • Outbound DoS
  • Outbound port sweep
  • Outbound spam

Did You Know?


of breaches stole or used credentials

Understanding and detecting account and privilege misuse is vital to detect attacks.

Detect in Action

Security analyst in software

Attacker detections are instantly prioritized, scored and correlated to compromised host devices.

Identify Attacker Behaviors

Detect for Networks presents a synthesized view of an entire attack campaign.

Automated Analysis

The Threat Certainty Index™ in Detect for Networks consolidates thousands of events and historical context to pinpoint hosts that pose the biggest threat.

Security that thinks®

Real-time detection of data exfiltration in progress.

Full Lifecycle Detection of Ransomware

Detect for Networks identifies in seconds the fundamental behaviors of a ransomware attack as it attempts to take critical assets hostage.

Watching the Watchers

Detect for Networks tracks administrative protocols and learns the specific machines or jump systems that are used to manage specific hosts, servers and workloads.

Detect for Networks Integrates with Entire Your Security Stack

Native integrations including endpoint detection and response (EDR), security information event management (SIEM) and orchestration tools.

Open Robust API for customizable integrations

Our Customers

We’ve been a customer of Vectra for four years now. We’ve grown with the product and believe behavior detection is something we need to augment the signature detections that we have in place .

– Alex Attumalil, Global Cybersecurity at Under Armour
Get the Case Study >

With Cognito, I can focus on the highest-risk threats. With other solutions, I have to filter to get rid of hundreds or thousands of false positives.

– Matthias Tauber, Senior Services Manager for IT Security at DZ Bank
Get the Case Study >

Vectra saved the A&M System $7 million in a year and we cut threat investigation times from several days to a few minutes.

– Dan Basile, Executive Director of the Security Operations Center at Texas A&M
Get the Case Study >

What makes Vectra stand out is its ability to understand attack behaviors. To put it simply, Vectra’s advanced AI and machine learning understand that Live Nation clients don’t buy tickets. Only fans buy tickets.

– Beau Canada, VP of Information Security at Live Nation
Get the Case Study >

We used to have tens of thousands of events. With Vectra, I only have to deal with 10 or 12 critical events that I can investigate further.

– Albert Caballero, CISO at HBO LATAM
Get the Case Study >

Vectra is passionate about putting the customer first.

– Carmelo Gallo, Cybersecurity Manager at ED&F Man
Get the Case Study >

Vectra makes threat hunting more efficient. With Cognito, we can monitor and detect threats as quickly as possible.

– Liam Fu, Head of Information Security at The Very Group
Get the Case Study >

With Cognito we can stop threats before they cause damage.

– David Whelan, Group IT Director at Ardagh Group
Get the Case Study >

With Cognito, we can see if an exploit kit is being downloaded and if it was laterally distributed in the network. We have visibility into behaviors across the full lifecycle of an attack beyond the internet gateway.

– Eric Weakland, Director of Information Security at American University
Get the Case Study >

Cognito filled a gap. We needed to know what we didn’t know, and Cognito showed us what was hidden.

– Brett Walmsley, CTO at NHS Foundation Trust, Bolton
Get the Case Study >