- The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
- Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
- A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow
Aligned with Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Phase 3, Vectra shows what’s happening in cloud, data center, and IoT networks to harden security posture.
Vectra addresses critical elements of Phase 3:
- Protect: Automatically detect, triage and prioritize threats that evade boundary protection, enabling faster mitigation of high risk attacks.
- Manage: Integrate with your existing security ecosystem – from endpoint detection and response to orchestration and security information event management – for end-to-end threat management.
- Respond: Automatically share critical threat behavior data – including context about attack campaigns and forensic evidence.
- Improve: Advanced machine learning algorithms derived from AI continuously learn, becoming more intelligent and operationally effective over time.
- The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
- Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
- Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done