Cognito Platform

Network detection and response built on artificial intelligence

Increasing SOC efficiency with a balanced SIEM/NDR strategy

GEt BrieF

Why Now

a cyberattack occurs every

Prevention does not provide the security coverage you require

Traditional approaches have major flaws.
The top 3 major flaws of traditional security approaches according to a Gartner Research note*

1

Lack of security training

+

It is assumed that widely-known threat vectors are covered by defense technologies that are often left in monitoring mode after unintended business disruption, due to false positives or misconfigurations.

Dwell time is an astounding 49-150 days (depending on industry) according to the 2020 Verizon DBIR. 

2

Legacy approaches

+

Reuse old security approaches to secure new ways of conducting business.

68% of the time, security environments were not able to prevent or detect the approaches being tested.
– Mandiant 2019 Security Effectiveness Report

3

Lack of the right tools

+

Spend disproportionate amounts of resources and budgets trying to block a threat that cannot be blocked.

Data exfiltration techniques and tactics were successful 67% of time.

* Gartner Report: How to Respond to the 2020 Threat Landscape

Why Vectra

The Cognito platform for NDR is in 100% service of detecting and responding to attacks inside cloud, data center, IoT, and enterprise networks. Our job is to find and stop those attacks early and with certainty. The Cognito platform meets SOC 2 Type 2 compliance standards, ensuring the security and confidentiality of our partners' and customers' data.

Vectra Cognito NDR platform

Capture data

It starts with gathering the right data to make this happen. This is not about the volume of data. It is about the thoughtful collection of data from a variety of relevant sources and enriching it with security insights and context to solve customer
use-cases.

Detect behaviors

Attack behaviors vary, so we continuously create unique algorithmic machine learning models for any type of new and current threat scenario. Performing well beyond the abilities of humans, Vectra gives you a distinct advantage over adversaries by detecting, clustering, prioritizing and anticipating attacks.

Stop attackers

Enforce with precision

Vectra will automatically and surgically cut-off attacker access by using identity- and host-level enforcement

Take an appropriate level of action—Enforce through existing investments

Benefits of Using the Vectra Cognito Platform

1. Capture data
Sensors extract relevant metadata, logs and telemetry from all network traffic in Cloud/SaaS, data center, IoT, and enterprise environments.

A uniquely efficient enterprise software architecture developed from Day 1, along with custom-developed processing engines, enable data capture and processing with unprecedented scale.

NETWORK TRAFFIC
THREAT INTELLIGENCE
ACTIVE DIRECTORY LOGS
DHCP LOGS

2. Normalize data
Traffic flows are deduplicated and a custom flow engine extracts network metadata to detect attacker behaviors.

The characteristics of every flow are recorded, including the ebb and flow, timing, traffic direction, and size of packets data. Each flow is then attributed to a host and account rather than being identified by an IP address.

IP-TO-HOST NAME ASSOCIATION
TRAFFIC DIRECTIONALITY
DEDUPLICATION
HOST ID

3. Enrich data
Vectra security researchers and data scientists build and continually tune scores of self-learning behavioral models that enrich the metadata with machine learning-derived security information.

These models fortify network data with key security attributes, including security patterns (e.g. beacons), normal patterns (e.g. learnings), precursors (e.g.weak signals), attacker behaviors, account scores, host scores, and correlated attack campaigns.

SECURITY PATTERNS (e.g. BEACONS)
NORMAL PATTERNS
(LEARNING)
PRECURSORS
(WEAK SIGNALS)
ATTACKER BEHAVIORS
ACCOUNT SCORES
SAVED SEARCH
HOST SCORES
CAMPAIGNS

4. Detect and Respond

Detect

Scores of custom-built attacker behavior models detect threats automatically and in real time, before they do damage.

Detected threats are automatically triaged, prioritized based on risk level, and correlated with compromised workloads, accounts and host devices.

Tier-1 automation condenses weeks or months of work into minutes and significantly reduces the security analyst workload.

Respond

Machine learning-derived attributes like host identity, account privilege and beaconing provide vital context that reveals the broader scale and scope of an attack.

Custom-engineered investigative workbench is optimized for security-enriched metadata and enables sub-second searches at scale.

This puts the most relevant information at your fingertips by augmenting detections with actionable context to eliminate the endless hunt and search for threats.

Automatically shut down accounts or hosts involved in the attack based on configurable thresholds.

X

Automates threat detections

+

Always-learning behavioral models use AI to efficiently find hidden and unknown attackers in real time to enable quick, decisive action and provide a clear starting point for AI-assisted threat hunting and response.

Empowers threat hunters

+

Launch deeper and broader investigations of incidents detected by Cognito and other security controls and hunt retrospectively for undetected threats. Security insights automatically sorts and presents relevant information on detections, speeding up investigations.

Provides visibility across entire deployment

+

Real time collection, analysis and storage of rich network metadata, relevant logs and cloud events provides high-fidelity visibility into the actions of all cloud and data center workloads, and user and IoT devices, leaving attackers with nowhere to hide.

Captures once and does many things

+

One platform collects, analyzes and enriches metadata, augmented by relevant logs and cloud events, to enable real time automated attack detection, AI-assisted threat hunting, retrospective threat hunting and incident investigation. 

Cognito is an open platform that takes an API-first approach and strives to be partner- and vendor-neutral. This enables security professionals to leverage best-in-class solutions to build topflight security infrastructures that provide 360-degree visibility on a massive scale.

Learn more

Did You Know?

Vectra does NOT require decryption.

How Vectra reveals encrypyted threats without decryption

Learn More

Vectra leverages data science and machine learning to reveal underlying attack behaviors, even when traffic is encrypted.

Detect and Response Platform

Vectra Cognito is a threat detection and response platform that uses artificial intelligence to detect attacker behavior and protect both hosts and users from being compromised. Vectra Cognito provides high fidelity alerts and does not decrypt data so you can be secure and maintain privacy whether that’s in the cloud, data center, enterprise networks, or IoT devices. 

Vectra provides the fastest and most efficient way to find attacks in cloud, data center, IoT, and enterprise networks

Want a behind the scenes look at how we do all of this?

Check Out How It Works

Our Customers

We’ve been a customer of Vectra for four years now. We’ve grown with the product and believe behavior detection is something we need to augment the signature detections that we have in place .

– Alex Attumalil, Global Cybersecurity at Under Armour
Get the Case Study >

With Cognito, I can focus on the highest-risk threats. With other solutions, I have to filter to get rid of hundreds or thousands of false positives.

– Matthias Tauber, Senior Services Manager for IT Security at DZ Bank
Get the Case Study >

Vectra saved the A&M System $7 million in a year and we cut threat investigation times from several days to a few minutes.

– Dan Basile, Executive Director of the Security Operations Center at Texas A&M
Get the Case Study >

What makes Vectra stand out is its ability to understand attack behaviors. To put it simply, Vectra’s advanced AI and machine learning understand that Live Nation clients don’t buy tickets. Only fans buy tickets.

– Beau Canada, VP of Information Security at Live Nation
Get the Case Study >

We used to have tens of thousands of events. With Vectra, I only have to deal with 10 or 12 critical events that I can investigate further.

– Albert Caballero, CISO at HBO LATAM
Get the Case Study >

Vectra is passionate about putting the customer first.

– Carmelo Gallo, Cybersecurity Manager at ED&F Man
Get the Case Study >

Vectra makes threat hunting more efficient. With Cognito, we can monitor and detect threats as quickly as possible.

– Liam Fu, Head of Information Security at The Very Group
Get the Case Study >

With Cognito we can stop threats before they cause damage.

– David Whelan, Group IT Director at Ardagh Group
Get the Case Study >

With Cognito, we can see if an exploit kit is being downloaded and if it was laterally distributed in the network. We have visibility into behaviors across the full lifecycle of an attack beyond the internet gateway.

– Eric Weakland, Director of Information Security at American University
Get the Case Study >

Cognito filled a gap. We needed to know what we didn’t know, and Cognito showed us what was hidden.

– Brett Walmsley, CTO at NHS Foundation Trust, Bolton
Get the Case Study >