solutions - Use Cases - Compliance

• Network metadata is analyzed by behavioral algorithms to detect threats in real time.
• Nonstop attacker detection in all cloud/data center workloads and user/IoT devices.
• Detect and prioritize cyberattacks and trigger real-time notifications to security teams.
• Consistent reporting of threat detections, causes, business impacts, and steps to verify.
  

• Augment data handling standards by detecting unauthorized access of personal information.
• Early detection of hidden cyberattacker behaviors that evade security defenses.
• Meet the 72-hour notification timeframe using rich context about cyberattacks and a forensic trail of evidence.
• Monitor nonstop all cloud/data center workloads and user/IoT devices for impact assessment.
  

• Prioritize and correlate the highest-risk threats with compromised in-scope assets.
• Early detection of ransomware, other malware variants and hidden attacker behaviors.
• Real-time detection of suspicious use of admin credentials and data from key in-scope assets.
• Nonstop detection of attack behaviors in all cloud/data center workloads and user/IoT devices.

• The Cognito platform from Vectra integrates with existing solutions to follow response process and procedures.
• Securely and automatically communicate and share incident response data.
• Extract vital forensic data to reduce the time it takes to understand what occurred and what has been impacted.
• Find abnormal, anomalous network behaviors and report on it in real time.
• Generate audit data that meets regulatory requirements.

• Baseline system behaviors by monitoring all cloud/data center workloads and user/IoT devices.
• Detect the suspicious use of admin credentials and the abuse of administrative protocols.
• Network metadata is analyzed by behavioral algorithms to detect threats in real time.
• Detect and prioritize cyberattacks and trigger real-time notifications to security teams.
  

• Automatically detect and triage 85% of network tactics identified in the MITRE ATT&CK framework.
• Real-time analysis of threat behaviors in all network traffic – endpoints, servers, virtual workloads and the cloud.
• Network-wide attacker detection is the most reliable and conclusive way to identify the highest-risk threats.
• Goes well beyond the ATT&CK framework to detect attackers that encrypt their communication in hidden tunnels.

The MITRE Enterprise Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a curated knowledge base and model for cyber-adversary behavior that reflects the various phases of the attack lifecycle and the platforms attackers are known to target.

The ATT&CK behavior model provides a way to classify attacks in a clear, consistent manner, making it easier for security professionals to find how an adversary exploited their endpoints and penetrated their networks.

ATT&CK takes the perspective of the adversary, so defenders can more easily follow an adversary’s motivation for individual actions and understand how those actions and dependences relate to specific classes of defenses.

The ATT&CK model describes tactics, which represent the “why” of the attack. Tactics are the short-term adversary goals during an attack. The model also defines the techniques, or how adversaries achieve their tactical goals. Enterprise ATT&CK includes techniques across Windows, Linux and Mac.

The ATT&CK model can be used for red team exercises as well as to create scenarios that emulate adversaries to test and verify defenses. It provides a valuable way for organizations to assess the maturity of their security operations center (SOC). Security teams can use the framework to validate their defenses against common attack vectors and identify defensive gaps so they can continuously advance their strategies.

ATT&CK also serves a common language to describe the chain of events in an intrusion, which is very useful when working with security consultants and vendors.

Vectra validated Cognito Detect against the MITRE Enterprise ATT&CK model in a live enterprise environment to determine overall alignment. Cognito Detect covers 57 of 67 (85%) of the network techniques identified by the ATT&CK model, which indirectly exposes techniques that attackers use to compromise endpoints.

• Automatically detects in-progress attacks and prioritizes the highest-risk threats in real time.
• Tracks all physical and virtual hosts to reveal signs of compromised devices and insider threats.
• Detects suspicious access to critical assets and policy violations related to data moved out of the network.
• Nonstop analysis of internal network traffic, internet-bound traffic and workloads to identify system behavior baselines and unapproved activity.

• Passively monitor and analyze all network traffic to identify authorized and unauthorized devices.
• Real-time detection of suspicious use of admin credentials and data from key in-scope assets.
• Early detection of ransomware, other malware variants and hidden attacker behaviors.
• Detect cyberattackers in hidden DNS, HTTP and HTTPS tunnels and encrypted traffic.

• Detect early signs of SQL injection attempts, even if the vulnerability or exploit is unknown.
• Identify suspicious attempts by devices and user accounts to access cardholder data.
• Real-time detection of compromised user credentials and sharing of access information.
• Track device activity over time, even if the IP address changes and is used by multiple people.

• Real-time automated threat detection from cloud and data center workloads to user and IoT devices.
• Complement prevention efforts by providing intelligence about what to block and when.
• Drive dynamic response rules, and trigger a response from security enforcement points.
• Threat intelligence gathered and analyzed to minimize enterprise asset exposure and risk.