A comprehensive source of security-enriched network metadata, Vectra Recall also empowers skilled security analysts and professional threat hunters to conduct conclusive incident investigations.
The metadata in Vectra Recall is organized by host name, not just IP address. This eliminates the need to search through DHCP logs to find the host device that was using an IP address at the time and to piece together IP address changes during an investigation. Searching by device saves time when speed is essential.
Vectra Recall also leverages Privileged Access Analytics to automatically analyze behaviors and uses artificial intelligence to identify entities that have privilege and differentiate between approved and malicious uses. It is available across the Vectra platform as searchable security enrichments in Vectra Stream and Vectra Recall and as detections in Vectra Detect. Custom use-cases are also supported by accessing its attributes through the Vectra REST API.
Vectra Recall enables incident responders to follow the chain of events from an initial threat signal – whether from Vectra Detect, another security event or threat intelligence – using security-enriched network metadata that is searchable by host name.
Vectra Recall is like a transactional record of every conversation from the cloud to the enterprise. But the collection and storage of historical metadata, instead of packet payloads, ensures data privacy and supports compliance mandates like GDPR.
And since Vectra Recall is delivered as a service in the cloud, there’s no big data infrastructure to purchase, install and manage. Just a single click to forward metadata to the Vectra cloud.
Vectra Recall allows security analysts to perform in-depth investigations based on the high-fidelity, actionable incidents identified by Vectra Detect, which automates AI-driven cyberattack detection and response. With Vectra Recall, senior security analysts can also perform threat hunting based on alerts from third-party security solutions and use new, high-quality threat intelligence to hunt retrospectively.
High-fidelity visibility across the enterprise Vectra Recall provides visibility into network traffic by extracting metadata from all packets and storing it in the cloud for search and analysis. Every IP-enabled device on the network is identified and tracked and data can be stored for any amount of time.
Captured metadata includes all internal (east-west) traffic, internet-bound (north-south) traffic, virtual infrastructure traffic, and traffic in cloud computing environments.
This visibility extends to laptops, servers, printers, BYOD and IoT devices as well as all operating systems and applications, including traffic between virtual workloads in data centers and the cloud, even SaaS applications.
System, authentication and SaaS logs provide context enrichment to network metadata analysis for accurate identification of systems and users.
AI-assisted threat hunting with Vectra Recall can be triggered by attacker detections from Vectra Detect, existing indicators of compromise and anomalies in data identified by security analysts.
With full metadata search capabilities and limitless data storage, Vectra Recall enables security analysts to determine whether indicators of compromise exist in metadata, including user agents, IP addresses and domains. Vectra Recall also delivers in-depth information for more efficient threat hunting, such as PowerShell commands from a remote machine to a server or a specific type of connection from a remote site.
Vectra Recall enables professional threat hunters to identify anomalous behaviors that are displayed through visual graphs. Anomalous behaviors that can be exposed using Vectra Recall include:
Vectra Recall enables security analysts to conduct deeper, more conclusive incident investigations with remarkable efficiency.
Security analysts can easily follow the chain of related events from attack detections found by Vectra Detect, third-party security products, and searchable, high-quality threat intelligence in historical network metadata.
When events or alerts are received from Vectra Detect or third-party security products, Vectra Recall ensures that security analysts have a full 360-degree view of all workload and device activity.
With Vectra Recall, security analysts can investigate incidents with unprecedented efficiency using complete context about incidents, along with relevant details about associated devices, accounts and network communications.
Vectra Recall allows security analysts to identify the activity of host devices surrounding the time of a threat detection and reveal significant changes in the overall behavior of host devices.
Through visual graphs and search capabilities, Vectra Recall exposes other host devices, accounts, and external domains and IP addresses, which enables security analysts to identify the full scope of the incident.
Security analysts can easily sequence through a wide range of suspicious behaviors to identify the trail of evidence that leads to other host devices and efficiently search for indicators of compromise along the way.
Vectra Recall enhances account-based investigations by providing the details that security analysts require to identify all uses and actions of potentially-compromised accounts in specific timeframes as well as actions against targets.
By leveraging Vectra Recall, security analysts are also presented with a broader picture of an overall cyberattack, which can be instrumental during investigations into other host devices that might have compromised accounts.
Cognito Recall is the former name of the Vectra Recall functionality. The Vectra AI Platform was originally branded as "the Cognito Platform". The Platform and its features have been rebranded to reflect the evolution of our products.
Vectra Recall complements Vectra Detect. Vectra Detect identifies compromised hosts in real-time as an investigation starting point. Vectra Recall finds threats that detection has missed by investigating historical metadata.