Concerned about being impacted by the SolarWinds breach?
GET A FREE ASSESSMENTWhy Now
Continuous detection and analysis are critical to stopping breaches. Today’s network traffic has evolved beyond the enterprise to include data center, IoT devices, and cloud-based applications and infrastructure.
1. Capture
Capture relevant data everywhere without agents.
2. Enrich
Pair security research and data science to enrich the data.
3. Apply
Flexibly apply data to your use case.
1
Capture Relevant Data Everywhere Without Agents
Sensors are deployed across cloud, data center, IoT and enterprise networks
Custom flow engine extracts relevant metadata, logs and telemetry from all network and cloud traffic, including non-security related information that assists speeding up investigations
Ingest external data sources, including EDR, SOAR and SIEMs
Security begins with the underlying data >
Detection Starts with the Right Data with the Right Context
2
Enrich Data Using Security Research and Data Science
Security researchers and data scientists build and continually tune self-learning behavioral models that enrich metadata with machine learning-derived security information.
Security Research
Team of world leading security researchers distill attacker behaviors sourced from securing the world's most sensitive assets
Security Analyst in Software
Automated Tier-1 activities resulting in 34x workload reduction and maps to 97% of the MITRE ATT&CK framework
Data Science
Team of PhD data scientists who codify behaviors across unsupervised, supervised and deep learning models
The Innovative Application of Machine and Deep Learning
Supervised machine learning
Supervised machine learning turns the table on threat detection in favor of security teams. Data scientists analyze large volumes of global attack traffic, identify the key characteristics that make it unique, and build algorithms that detect the evidentiary behaviors attackers always leave behind.
Unsupervised machine learning
Unsupervised machine learning focuses on local behavioral characteristics in a network to identify what is normal and requires no oversight by data scientists. It identifies behavioral anomalies and known threat techniques but cannot detect new, never-before seen attacks that originate outside the network.
Deep learning and neural networks
Inspired by the biological structure and function of neurons in the brain, deep learning relies on large, interconnected networks of artificial neurons. These neurons are organized into layers, with individual neurons connected to one another by a set of weights that adapt in response to newly arriving inputs.
Neural networks learn relevant features from a data set and build increasingly complex representations of these features as data flows into higher network layers. These representations are learned rather than predetermined by data scientists, making them powerful for solving highly complex problems.
3
Apply the Data to Stop Attacks
“With Vectra, one person can investigate about 50 threats in just two hours.”
Daniel Basile
Executive Director of the Security Operations Center,
The Texas A&M University System
Learn more >
Cognito Amplifies and Prioritizes Attacker Signals
- Hosts and accounts are scored against threat and certainty metrics
- Scoring enables investigation prioritization
- Threat intel drives awareness of known attacker infrastructure
The "R" in NDR
Respond with precision by using identity- and host-level enforcement to cut-off attacker access to vital assets
Respond faster to threats by detecting attacker behaviors and eliminating the noise created by anomalies
Respond intelligently by prioritizing attacks that are launched against high-privilege users and high-risk assets
Respond with quick, coordinated action by integrating with existing EDR, SOAR, SIEM and other security investments
Learn more >
Cognito Integrates with Your Entire Security Stack
Native integrations including EDR, SIEMs and orchestration tools
Open Robust API for customizable integrations
