Cybereason

Learn all about our partnership.

The Vectra platform integrates with the Cybereason Defense Platform to detect, prevent, and respond to advanced cyberattacks. Vectra’s cloud-native network detection capabilities, combined with Cybereason complete endpoint protection, allows security teams to easily correlate data for end-to-end visibility from the endpoint across the network. Together, the two solutions accelerate security investigations and enable rapid response to incidents.

Vectra AI and Cybereason integrate via API to share network and endpoint data. This means security practitioners get visibility into extended attributes directly from the Vectra platform. Teams can easily correlate attacks that span the cloud, enterprise environments, end user machines, and IoT devices. The joint solution also provides additional context with corresponding information from the Cybereason Malicious Operation - Malop™, so investigators can get a complete timeline of attacks, see all affected users and machines, determine root cause, and discover any malicious incoming or outgoing communication. Users can also pivot easily from theVectra platform into affected hosts for additional investigation.

Why integrate Cybereason with Vectra AI

Enterprise-Ready and Scalable

The joint Vectra and Cybereason integration provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease. Vectra’s cloud-native platform combined with Cybereason’s lightweight agent forms a modern solution to combat against today’s modern cyberattacks.

The integration also starts protecting enterprises from day one. Vectra’s advanced machine learning techniques and always-learning behavioral models means accurate detection and high fidelity results from day one. Unlike other network detection tools, Vectra Cognito does not require a learning period. This combined with Cybereason’s built-in threat hunting means security teams don’t need to perform intricate configurations or waste time tuning complex and static rules.

Spanning network and endpoints to protect against the broadest spectrum of threats, security teams can take leverage the joint Vectra and Cybereason solution to gain complete threat visibility and respond faster to cyberattacks.

The joint Vectra and Cybereason integration provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease.

Take Action with Lockdown

In addition to reducing the time to investigate threats, Vectra and Cybereason let security teams take swift, decisive action. Armed with network and endpoint context, security teams can quickly isolate compromised host devices from the network to halt cyberattacks and avoid data loss.

The Host Lockdown feature enables the Vectra Cognito platform to automatically disable hosts that demonstrate suspicious activity at the endpoint or through cloud apps. If analysts need to take matters into their own hands, they have the option to manually disable hosts during a security investigation. Disabling a host will significantly slow down an active attack by limiting an attacker’s access to additional resources. This drastically curtails the attack’s reach and gives the Security Operations Center (SOC) more time to investigate and remediate attacks.

Host Lockdown ensures that automation causes as little disruption as possible while giving you greater confidence that attackers are stopped in their tracks. Together, Vectra and Cybereason create an efficient security operations workflow that reduces response and investigation time, enabling security teams to quickly mitigate high-risk threats.

Key Benefits

Save time and security resources by providing end-to-end network and endpoint visibility.
With prioritized alerts, automatically correlated data, and full attack context, security teams can investigate and remediate incidents quickly and efficiently.

Accelerate Investigations and Response with Cybereason and Vectra AI

With additional attributes and context at their fingertips, the Vectra and Cybereason integration greatly reduces security operation workload and enables faster response times.

Combining data science, modern machine learning techniques and behavioral analysis based on artificial intelligence, Vectra AI performs nonstop, automated threat hunting. Incidents are automatically prioritized with packaged forensics, making investigations as easy as possible. In fact, the Vectra platform has been shown to reduce time spent on threat investigations by up to 90%. Incident responders can then trigger appropriate actions based on the type of threat, risk level, and certainty.

Integration with Cybereason further allows for built-in endpoint prevention, detection and remediation. Security staff can kill processes, quarantine files, prevent file execution, or isolate machines to effectively stop cyberattacks and prevent lateral movement across the enterprise.