Continuous detection and analysis are critical to stopping breaches. Today’s network traffic has evolved beyond the enterprise to include data center, IoT devices, and cloud-based applications and infrastructure.
Capture relevant data everywhere without agents.
Pair security research and data science to enrich the data.
Flexibly apply data to your use case.
Sensors are deployed across cloud, data center, IoT and enterprise networks
Custom flow engine extracts relevant metadata, logs and telemetry from all network and cloud traffic, including non-security related information that assists speeding up investigations
Ingest external data sources, including endpoint detection and response (EDR)
Security begins with the underlying data >
Security researchers and data scientists build and continually tune self-learning behavioral models that enrich metadata with machine learning-derived security information.
Team of world leading security researchers distill attacker behaviors sourced from securing the world's most sensitive assets
Automated Tier-1 activities resulting in 34x workload reduction and maps to 97% of the MITRE ATT&CK framework
Team of PhD data scientists who codify behaviors across unsupervised, supervised and deep learning models
Supervised machine learning
Supervised machine learning turns the table on threat detection in favor of security teams. Data scientists analyze large volumes of global attack traffic, identify the key characteristics that make it unique, and build algorithms that detect the evidentiary behaviors attackers always leave behind.
Unsupervised machine learning
Unsupervised machine learning focuses on local behavioral characteristics in a network to identify what is normal and requires no oversight by data scientists. It identifies behavioral anomalies and known threat techniques but cannot detect new, never-before seen attacks that originate outside the network.
Deep learning and neural networks
Inspired by the biological structure and function of neurons in the brain, deep learning relies on large, interconnected networks of artificial neurons. These neurons are organized into layers, with individual neurons connected to one another by a set of weights that adapt in response to newly arriving inputs.
Neural networks learn relevant features from a data set and build increasingly complex representations of these features as data flows into higher network layers. These representations are learned rather than predetermined by data scientists, making them powerful for solving highly complex problems.
“With Vectra, one person can investigate about 50 threats in just two hours.”
Disable the resources used in an attack for immediate and precise enforcement
Lockdown lets security practitioners enable automatic and perform manual enforcement directly from the Cognito platform from Vectra.
By using a combination of account threat score and threat certainty score thresholds to disable specific accounts, hosts and cloud workloads. Security admins can customize response thresholds, as well as how long the lockdown should last.
Learn more >
Read more about Sidekick Services
Read more about Sidekick Incident Response Services
If you prefer to outsource the operation of your detection and response capabilities then you can access Managed Detection and Response (MDR) services based upon Cognito from our authorized Managed Security Service Partners (MSSP)
Find a Vectra MSSP
By unifying NDR with Endpoint Detection and Response (EDR), comprehensive coverage is combined with targeted response using simple, turnkey integrations.
For immediate and precise enforcement, security analysts can go directly to the source of an attack and lock down the endpoint being used.
In cases where attackers have compromised accounts, restricting host access won't stop attackers from pivoting to another device. Account-based lockdown leverages a single point of enforcement to prevent lateral movement across devices.
Account Lockdown is effective in cloud or hybrid environments where organizations don't own the service or infrastructure.
Our comprehensive API and API tools for developers and security practitioners who want to integrate the Vectra Cognito platform into their existing workflows.
Our open APIs and native integrations with a robust partner ecosystem allow you to customize Lockdown according to your workflow.