Cognito Platform: How We Do It

(No B.S. under the hood)


Now available in the AWS Marketplace


Why Now

Continuous detection and analysis are critical to stopping breaches. Today’s network traffic has evolved beyond the enterprise to include data center, IoT devices, and cloud-based applications and infrastructure.

1. Capture

Capture relevant data everywhere without agents.

2. Enrich

Pair security research and data science to enrich the data.

3. Apply

Flexibly apply data to your use case.


Capture Relevant Data Everywhere Without Agents

Sensors are deployed across cloud, data center, IoT and enterprise networks

Custom flow engine extracts relevant metadata, logs and telemetry from all network and cloud traffic, including non-security related information that assists speeding up investigations

Ingest external data sources, including endpoint detection and response (EDR)

Security begins with the underlying data >

Detection Starts with the Right Data with the Right Context


Enrich Data Using Security Research and Data Science

Security researchers and data scientists build and continually tune self-learning behavioral models that enrich metadata with machine learning-derived security information.

Security Research

Team of world leading security researchers distill attacker behaviors sourced from securing the world's most sensitive assets

Security Research + Data Science Convergence
Security Analyst in Software

Automated Tier-1 activities resulting in 34x workload reduction and maps to 97% of the MITRE ATT&CK framework

Data Science

Team of PhD data scientists who codify behaviors across unsupervised, supervised and deep learning models

The Innovative Application of Machine and Deep Learning


Supervised machine learning


Supervised machine learning turns the table on threat detection in favor of security teams. Data scientists analyze large volumes of global attack traffic, identify the key characteristics that make it unique, and build algorithms that detect the evidentiary behaviors attackers always leave behind.


Unsupervised machine learning


Unsupervised machine learning focuses on local behavioral characteristics in a network to identify what is normal and requires no oversight by data scientists. It identifies behavioral anomalies and known threat techniques but cannot detect new, never-before seen attacks that originate outside the network.


Deep learning and neural networks


Inspired by the biological structure and function of neurons in the brain, deep learning relies on large, interconnected networks of artificial neurons. These neurons are organized into layers, with individual neurons connected to one another by a set of weights that adapt in response to newly arriving inputs.

Neural networks learn relevant features from a data set and build increasingly complex representations of these features as data flows into higher network layers. These representations are learned rather than predetermined by data scientists, making them powerful for solving highly complex problems.

Learn more >


Apply the Data to Stop Attacks

“With Vectra, one person can investigate about 50 threats in just two hours.”

Daniel Basile

Executive Director of the Security Operations Center, 
The Texas A&M University System

Learn more >

Cognito Amplifies and Prioritizes Attacker Signals

  • Hosts and accounts are scored against threat and certainty metrics
  • Scoring enables investigation prioritization
  • Threat intel drives awareness of known attacker infrastructure

Host, Account, and Cloud Lockdown

Disable the resources used in an attack for immediate and precise enforcement

Lockdown lets security practitioners enable automatic and perform manual enforcement directly from the Cognito platform from Vectra.

By using a combination of account threat score and threat certainty score thresholds to disable specific accounts, hosts and cloud workloads. Security admins can customize response thresholds, as well as how long the lockdown should last. 

Learn more >

No operational downtime

Prioritize response based on level of risk

Expedite investigations without further compromise

Vectra analysts working in your team

  • Regular analyst assessments and reporting on threats and incidents in your network
  • Ongoing monitoring of incidents found in Cognito
  • Optimize your Vectra experience and ability to rapidly respond
  • Incident investigation and response

Read more about Sidekick Services

Read more about Sidekick Incident Response Services

Award-winning help available 24/7

Read more about Vectra Technical Support

Access Support

Cognito NDR as a service from our Managed Security Service Partners

If you prefer to outsource the operation of your detection and response capabilities then you can access Managed Detection and Response (MDR) services based upon Cognito from our authorized Managed Security Service Partners (MSSP)

Find a Vectra MSSP

Interested in becoming a Vectra MSSP Partner?

By unifying NDR with Endpoint Detection and Response (EDR), comprehensive coverage is combined with targeted response using  simple, turnkey integrations.

For immediate and precise enforcement, security analysts can go directly to the source of an attack and lock down the endpoint being used.

See Partner INtegrations

In cases where attackers have compromised accounts, restricting host access won't stop attackers from pivoting to another device. Account-based lockdown leverages a single point of enforcement to prevent lateral movement across devices.

Account Lockdown is effective in cloud or hybrid environments where organizations don't own the service or infrastructure.

See Partner INtegrations

Our comprehensive API and API tools for developers and security practitioners who want to integrate the Vectra Cognito platform into their existing workflows.

Our open APIs and native integrations with a robust partner ecosystem allow you to customize Lockdown according to your workflow.

More About Our API's

Cognito Integrates with Your Entire Security Stack

Native integrations including endpoint detection and response (EDR), security information event management (SIEM) and orchestration tools.

Open Robust API for customizable integrations