The Vectra dashboard is the first thing I check in the morning, and the last thing I check at the end of the day.

– Federal Government Agency, CISO

AI-driven Network Detection and Response (NDR)

Attacker behavior detection

Self-learning threat behavior models from data science and security research automatically identify malicious activity, fortify key security attributes and security patterns, normal patterns, precursors, account scores, host scores, and correlated attack campaigns.

Real-time threat hunting

Metadata extracted from all network traffic is enriched with security insights so you know where and what to hunt. SOC teams increase productivity and reduce attacker dwell time by integrating Vectra with your current security ecosystem for end-to-end response automation.

AI and machine learning

AI and ML scale-up to analyze and prioritize huge volumes of threat events to give SOCs the right information at the right time. High-fidelity alerts about in-progress attacks enable faster, informed responses and quick, decisive enforcement actions for a superb ROI.

  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow

CDM DEFEND: See What’s Happening on the Network

Aligned with Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Phase 3, Vectra shows what’s happening in cloud, data center, and IoT networks to harden security posture.

Vectra addresses critical elements of Phase 3:

  • Protect: Automatically detect,  triage and prioritize threats that evade boundary protection, enabling faster  mitigation of high risk attacks.
  • Manage: Integrate with your existing security ecosystem – from endpoint detection and response to  orchestration and security information event management – for end-to-end threat management.
  • Respond: Automatically share  critical threat behavior data – including context about attack campaigns and  forensic evidence.
  • Improve: Advanced machine learning algorithms derived from AI continuously learn, becoming more intelligent and operationally effective over time.
  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done