Now available in the AWS Marketplace
GO TO AWS MARKETPLACEWhy Now
Continuous detection and analysis are critical to stopping breaches. Today’s network traffic has evolved beyond the enterprise to include data center, IoT devices, and cloud-based applications and infrastructure.
1. Capture
Capture relevant data everywhere without agents.
2. Enrich
Pair security research and data science to enrich the data.
3. Apply
Flexibly apply data to your use case.
1
Capture Relevant Data Everywhere Without Agents
Sensors are deployed across cloud, data center, IoT and enterprise networks
Custom flow engine extracts relevant metadata, logs and telemetry from all network and cloud traffic, including non-security related information that assists speeding up investigations
Ingest external data sources, including endpoint detection and response (EDR)
Security begins with the underlying data >
Detection Starts with the Right Data with the Right Context
2
Enrich Data Using Security Research and Data Science
Security researchers and data scientists build and continually tune self-learning behavioral models that enrich metadata with machine learning-derived security information.
Security Research
Team of world leading security researchers distill attacker behaviors sourced from securing the world's most sensitive assets
Security Analyst in Software
Automated Tier-1 activities resulting in 34x workload reduction and maps to 97% of the MITRE ATT&CK framework
Data Science
Team of PhD data scientists who codify behaviors across unsupervised, supervised and deep learning models
The Innovative Application of Machine and Deep Learning
Supervised machine learning
Supervised machine learning turns the table on threat detection in favor of security teams. Data scientists analyze large volumes of global attack traffic, identify the key characteristics that make it unique, and build algorithms that detect the evidentiary behaviors attackers always leave behind.
Unsupervised machine learning
Unsupervised machine learning focuses on local behavioral characteristics in a network to identify what is normal and requires no oversight by data scientists. It identifies behavioral anomalies and known threat techniques but cannot detect new, never-before seen attacks that originate outside the network.
Deep learning and neural networks
Inspired by the biological structure and function of neurons in the brain, deep learning relies on large, interconnected networks of artificial neurons. These neurons are organized into layers, with individual neurons connected to one another by a set of weights that adapt in response to newly arriving inputs.
Neural networks learn relevant features from a data set and build increasingly complex representations of these features as data flows into higher network layers. These representations are learned rather than predetermined by data scientists, making them powerful for solving highly complex problems.
3
Apply the Data to Stop Attacks
“With Vectra, one person can investigate about 50 threats in just two hours.”
Daniel Basile
Executive Director of the Security Operations Center,
The Texas A&M University System
Learn more >
Cognito Amplifies and Prioritizes Attacker Signals
- Hosts and accounts are scored against threat and certainty metrics
- Scoring enables investigation prioritization
- Threat intel drives awareness of known attacker infrastructure
Host, Account, and Cloud Lockdown
Disable the resources used in an attack for immediate and precise enforcement
Lockdown lets security practitioners enable automatic and perform manual enforcement directly from the Cognito platform from Vectra.
By using a combination of account threat score and threat certainty score thresholds to disable specific accounts, hosts and cloud workloads. Security admins can customize response thresholds, as well as how long the lockdown should last.
Learn more >
Vectra analysts working in your team
- Regular analyst assessments and reporting on threats and incidents in your network
- Ongoing monitoring of incidents found in Cognito
- Optimize your Vectra experience and ability to rapidly respond
- Incident investigation and response
Read more about Sidekick Services
Read more about Sidekick Incident Response Services
Cognito NDR as a service from our Managed Security Service Partners
If you prefer to outsource the operation of your detection and response capabilities then you can access Managed Detection and Response (MDR) services based upon Cognito from our authorized Managed Security Service Partners (MSSP)
Find a Vectra MSSP
By unifying NDR with Endpoint Detection and Response (EDR), comprehensive coverage is combined with targeted response using simple, turnkey integrations.
For immediate and precise enforcement, security analysts can go directly to the source of an attack and lock down the endpoint being used.
In cases where attackers have compromised accounts, restricting host access won't stop attackers from pivoting to another device. Account-based lockdown leverages a single point of enforcement to prevent lateral movement across devices.
Account Lockdown is effective in cloud or hybrid environments where organizations don't own the service or infrastructure.
Quick and easy integration with public cloud providers cover cloud workloads using a rich feature set of the Cognito Detect platform.
Check out our GitHub for an example of our integration with AWS to see how you can stop or isolate a workload with automated functions.
Our comprehensive API and API tools for developers and security practitioners who want to integrate the Vectra Cognito platform into their existing workflows.
Our open APIs and native integrations with a robust partner ecosystem allow you to customize Lockdown according to your workflow.
Cognito Integrates with Your Entire Security Stack
Native integrations including endpoint detection and response (EDR), security information event management (SIEM) and orchestration tools.
Open Robust API for customizable integrations
