Cognito Platform: How We Do It

(No B.S. under the hood)


Concerned about being impacted by the SolarWinds breach?


Why Now

Continuous detection and analysis are critical to stopping breaches. Today’s network traffic has evolved beyond the enterprise to include data center, IoT devices, and cloud-based applications and infrastructure.

1. Capture

Capture relevant data everywhere without agents.

2. Enrich

Pair security research and data science to enrich the data.

3. Apply

Flexibly apply data to your use case.


Capture Relevant Data Everywhere Without Agents

Sensors are deployed across cloud, data center, IoT and enterprise networks

Custom flow engine extracts relevant metadata, logs and telemetry from all network and cloud traffic, including non-security related information that assists speeding up investigations

Ingest external data sources, including EDR, SOAR and SIEMs

Security begins with the underlying data >

Detection Starts with the Right Data with the Right Context


Enrich Data Using Security Research and Data Science

Security researchers and data scientists build and continually tune self-learning behavioral models that enrich metadata with machine learning-derived security information.

Security Research

Team of world leading security researchers distill attacker behaviors sourced from securing the world's most sensitive assets

Security Research + Data Science Convergence
Security Analyst in Software

Automated Tier-1 activities resulting in 34x workload reduction and maps to 97% of the MITRE ATT&CK framework

Data Science

Team of PhD data scientists who codify behaviors across unsupervised, supervised and deep learning models

The Innovative Application of Machine and Deep Learning


Supervised machine learning


Supervised machine learning turns the table on threat detection in favor of security teams. Data scientists analyze large volumes of global attack traffic, identify the key characteristics that make it unique, and build algorithms that detect the evidentiary behaviors attackers always leave behind.


Unsupervised machine learning


Unsupervised machine learning focuses on local behavioral characteristics in a network to identify what is normal and requires no oversight by data scientists. It identifies behavioral anomalies and known threat techniques but cannot detect new, never-before seen attacks that originate outside the network.


Deep learning and neural networks


Inspired by the biological structure and function of neurons in the brain, deep learning relies on large, interconnected networks of artificial neurons. These neurons are organized into layers, with individual neurons connected to one another by a set of weights that adapt in response to newly arriving inputs.

Neural networks learn relevant features from a data set and build increasingly complex representations of these features as data flows into higher network layers. These representations are learned rather than predetermined by data scientists, making them powerful for solving highly complex problems.

Learn more >


Apply the Data to Stop Attacks

“With Vectra, one person can investigate about 50 threats in just two hours.”

Daniel Basile

Executive Director of the Security Operations Center, 
The Texas A&M University System

Learn more >

Cognito Amplifies and Prioritizes Attacker Signals

  • Hosts and accounts are scored against threat and certainty metrics
  • Scoring enables investigation prioritization
  • Threat intel drives awareness of known attacker infrastructure

The "R" in NDR

Respond with precision by using identity- and host-level enforcement to cut-off attacker access to vital assets

Respond faster to threats by detecting attacker behaviors and eliminating the noise created by anomalies

Respond intelligently by prioritizing attacks that are launched against high-privilege users and high-risk assets

Respond with quick, coordinated action by integrating with existing EDR, SOAR, SIEM and other security investments

Learn more >

Cognito Integrates with Your Entire Security Stack

Native integrations including EDR, SIEMs and orchestration tools

Open Robust API for customizable integrations