services

What issues are you trying to solve?

Secure Office 365
Respond to the earliest signs of an attack
Protect against the compromise of privileged accounts
Identify theft of intellectual property and confidential data
Secure cloud workloads and critical assets
Intelligence-driven threat hunting
The right data to build effective security models
Identify policy violations and meet compliance mandates

Respond to the earliest signs of an attack

Overview

Take action early and often
Gartner-validated approach to identifying behaviors in the early stages of an attack like command-and-control and reconnaissance behaviors found in today’s compromises.

Add efficiency to your security workflow
Vectra customers achieved a 34X workload reduction for Tier-1 SOC analysts in detection, triage, correlation and prioritization of security incidents.This enables security operations teams to focus on compromised devices that pose the highest risk.

“This solution excels at rolling up numerous alerts to create a single incident to investigate that describes a chain of related activities, rather than isolated alerts that an analyst then has to piece together.”
Gartner Research

Resources

Analysis
2020 Attacker Behavior Industry Report
SANS: Threat Hunting with Consistency

Product
Cognito Detect

Case Studies
Bolton NHS: Staying focused on quality patient care

Protect against the compromise of privileged accounts

Overview

Identify privileged accounts, hosts and services
The Cognito platform uses AI to continuously monitor the behaviors of users, hosts and services in your network, cloud or SaaS applications. By observing how access is being used, rather than how privilege is assigned you gain complete visibility into the privileged assets that attackers target in your network, and can detect internal threats such as rouge admins.

Anticipate attacks in progress
Look at interactions between privileged accounts, hosts and services to identify:

  • Attackers who use stolen accounts to access a host
  • Internal users who maliciously access services
  • Unusual accounts that access hosts and services
  • Opportunistic attackers who access hosts
  • Opportunistic attackers who make brute-force attempts to access services

The Cognito network detection and response platform dynamically adjusts risk scores as attacks unfold and automatically integrates privileged analytics into incident rollups.

Consumption model to match your use-case

  • Available in Cognito platform detections or as network metadata enrichments
  • Native integrations, including endpoint detection and response, SIEMs and security orchestration tools
  • Robust APIs for customizable integrations

Resources

Enabling zero trust
Using Cognito to enable zero trust
News: the industry’s first privilege-aware NDR solution
Blog: Introducing Privileged Access Analytics

Overview
Lightboard: A new approach to identifying privilege
Privilege-aware NDR strengthens zero-trust (video)

Case Studies
DZ Bank: Achieving security and privacy

Demonstration
Self-guided tour

Product
Cognito Detect
Cognito Stream
Cognito integrations

Identify theft of intellectual property and confidential data

Overview

Identifying data access and theft
The Cognito platform implements a suite of detection algorithms that identify hidden attackers who gain access to critical resources. This often indicates that operational disruption or data exfiltration is imminent.

To identify these malicious behaviors, supervised and unsupervised machine detection algorithms identify the early tell-tale signs of attack, including:

  • An internal host acquires large amounts of data from one or more internal servers and subsequently sends it to an external system
  • An internal host communicates with outside IPs using DNS, HTTP or HTTPS. This indicates a hidden tunnel that uses multiple sessions over longer periods of time while mimicking normal traffic
  • A host transmits unusually large volumes of data to destinations that are not considered normal for the network
  • An internal host sends data to another internal host that acts as a relay, which indicates an attempt to obfuscate communication with the external system

Resources

Analysis
2020 Attacker Behavior Industry Report

Product
Cognito Detect

Case Studies
The Very Group: Large online retailer minimizes business risk
The Very Group embarks on a journey to cognitive security (video)

Secure cloud workloads and critical assets

Overview

Extend AI-driven cyberattacker detection and threat hunting to IaaS workloads.

  • Extend AI-driven cyberattacker detection and threat hunting to multicloud, infrastructure-as-a-service (IaaS) deployments
  • Advanced agentless architecture reduces the complexity and risk of security gaps and blind spots in the cloud
  • Track all stages of an attack and correlate detections between hybrid and multicloud components
  • Dramatically increase threat-hunting efficiency by feeding Zeek-formatted security-enriched metadata to data lakes and SIEMs

Resources

Overviews
Securing AWS workloads
Securing Azure workloads

Solution brief
Network detection and response in AWS across hybrid and multicloud architectures

White paper
Threat detection and response in the cloud

Recent blogs
Vectra lowers costs and simplifies AWS cloud deployments
Securing your AWS workloads with Vectra Cognito

Case studies
Bolton NHS: Staying focused on quality patient care
DZ Bank: Achieving security and privacy

Vectra goes cloud native with Amazon Web Services

The network threat detection and response platform from Vectra secures AWS deployments across hybrid and multicloud architectures
Learn more

Cognito goes native with the Azure Virtual TAP

Learn more

Intelligence-driven threat hunting

Overview

Hunt using security-enriched network metadata
Whether sourced from an analyst’s daily workflow or open source intelligence, the first step in threat hunting is to make sure that the attributes necessary to answer investigative queries are readily available.

This is precisely why Vectra uses AI engines to extract security insights that are embedded in our metadata. Notable security enrichments include beaconing activity, domain rarity and privilege level of relevant entities.

Security-enriched network metadata is fed directly to data lakes and SIEMs. Or dive deep into the metadata using Cognito Recall, Vectra’s investigative workbench optimized for threat hunting, incident analysis and sub-second searches at scale.

Resources

Data source
Blog: Why network metadata is just right for your data lake
Blog: Don’t do it: Rolling your own production Zeek deployment

Enrichments
Blog: Not all data is created the same
Blog: Improving threat-hunting efficiency with the multi-homed attribute

Product
Cognito Stream
Cognito Recall


The right data to build effective security models

Overview

Build security models on machine-learning building blocks

  • The Cognito platform enables security analysts to build customized models to monitor and detect any type of malicious behavior, including suspicious and emerging threats, compliance violations and internal misuse or industry-specific attack vectors.
  • Security insights and machine-learning building blocks embedded in Cognito metadata combine with other security attributes to create powerful custom models as well as detections that correlate with a specific host and user account.
  • Security-enriched network metadata can be fed directly to data lakes and SIEMs. Or use the Cognito Recall investigative workbench for threat hunting, incident analysis and sub-second searches at scale.

Resources

Data source
Blog: Why network metadata is just right for your data lake
Blog: Don’t do it: Rolling your own production Zeek deployment

Enrichments
Blog: Not all data is created the same
Blog: Improving threat-hunting efficiency with the multi-homed attribute

Product
Cognito Stream
Cognito Recall

Case studies
AI-driven cybersecurity for online gaming

Identify policy violations and meet compliance mandates

Overview

Gain visibility into security and compliance gaps

  • Categorize compliance holes to meet requirements for regulations that include National Institute of Standards and Technology (NIST), General Data Protection Regulation (GDPR), MITRE ATT&CK framework and PCI compliance
  • SMB exposed to the internet - SMB has many known vulnerabilities, including exploits that enable the spread of ransomware
  • Identify SMBv1 activity - From anonymous NTLM logins to man-in-the-middle to EternalBlue, SMBv1 opens a broad spectrum of attacker exploits
  • Identify TLS 1.0/1.1 activity - No longer PCI DSS compliant, TLS 1.0/1.1 is being deprecated by major vendors due to security vulnerabilities
  • Telnet and unencrypted FTP - Telnet and FTP are unsecure protocols, can be used to pass credentials in the clear, and are vulnerable to sniffing attacks

Resources

Overview
How Vectra Cognito helps organizations to meet compliance requirements
Solution Overview: Recommendations when evaluating NDR for IaaS deployments
Solution Overview: How the Cognito platform secures and accelerates mergers and acquisitions

Security assessment
The Vectra Security Assessment identifies opportunities to improve security posture and identify compliance gaps

Compliance briefs
NIST | GDPR
FFIEC | MITRE ATT&CK
DFARS | PCI DSS

Case studies
The Very Group: Large online retailer minimizes business risk
The Very Group embarks on a journey to cognitive security (video)
Ardagh Group: Faster detection and response to hidden cyberthreats

Product
What it isHow it worksIntegration
Solutions
Attack detectionThreat huntingComplianceIndustries
Resources
Product and company overviewsIndustry researchVideosE-booksSolution overviewsOn-demand webcastsWhite papersProduct integrationCase studies
About
CompanyLeadershipNews releasesMedia coverageUpcoming eventsRecognitionCareers
PartnersBlogSupportContact us
Legal
Terms of serviceTerms of usePrivacy and securityVectra Ethics HotlineTrademarks
Copyright 2020 Vectra AI, Inc. All rights reserved.