Understanding today's cybersecurity challenges

Analyst Reports

Network-based threat detection

Over time, given the significant (and likely insurmountable) security staffing constraints, organizations need to embrace automated actions based on alerts from detection.“Trustable automation” will require detection to continue to evolve in both accuracy and scale. With new technologies described in this paper, detection can make the requisite improvements to provide the basis for this critical automation.


Minding the cybersecurity gap

The cybersecurity gap exists between the time an attacker successfully evades prevention security systems at the perimeter and the clean-up phase when an organization discovers that key assets have been stolen or destroyed. And the risks of the cybersecurity gap are big and only getting bigger.


Attacker Behavior Industry Report, 1Q 2017

The Attacker Behavior Industry Report reveals cyber attack detections and trends from nearly 200 Vectra enterprise customers across 13 different industries. By examining attacker behaviors, Vectra shows where potential exposure and risk exist inside networks and uncovers strong indicators of potentially damaging data breaches.

Also check out the infographic
Download the German version
Download the French version

How to interpret network-based malware detection

This research paper by Vectra CSO Günter Ollmann examines the ecosystem nuances of network-based malware detection and the limits imposed on intelligence extraction of captured malware samples. It also explains the impact on organizations that strive to mitigate malware threats using network-based detection systems.

How Vectra closes the cybersecurity gap


Watch Cognito learn, detect threats and report the highest priority risks.

How targeted cyber attacks work, and how Cognito from Vectra helps defend against them.

Defeating and abusing machine learning-based detection technologies

To explain how Vectra uses AI to automate the detection of cyber attackers and speed-up incident response, CTO Oliver Tavakoli talks about data science, machine learning techniques, deep learning and more at Infosecurity Europe.

Analyst Report

The expanding role of data analytics in threat detection

The evolution of the threat environment has already changed the dynamics of attack and defense enough to turn a litany of once radically negative assumptions into routine advice: Consider a breach as inevitable—perimeter protections will fail, and attackers will get in and stay in until their mission is accomplished, which could take months.

White Papers

How Cognito secures cloud data centers from cyber attacks

This white paper focuses on how to protect data centers from cyber attacks. It looks at the unique architectural and operational challenges of cyber security in the data center, examines real-world techniques and attacks from the wild, and proposes a framework for defending against them.

Surviving the ransomware pandemic

Staying ahead of ransomware threats is where organizations want to be because these insidious attacks are not going away. In fact, they are likely to become even more prevalent within organizations. The criminal appetite for juicy payouts and limited risk are just too big to ignore.

How Cognito is ideal for replacing IDS

IDS relies on signatures to stop known threats from getting into networks. But they are blind to unknown threats. Cyber attackers know this and can change a few bits of code in known malware to create an unknown threat.

The data science behind Cognito AI-based threat detection models

The Cognito AI-based approach to threat detection blends human expertise with a broad set of data science and advanced machine learning techniques. This model delivers a continuous cycle of threat intelligence based on cutting-edge research, global and local learning models, deep learning, and neural networks.

Download the German version
Download the French version

How to automate security operations centers with AI

This white paper examines obstacles that enterprises face in combating cyber attacks, and how artificial intelligence is essential to modern security operations centers. AI can augment SOC teams to make operations more efficient, as well as detect the early signs of attacks in real time before key assets are stolen or damaged.

Automated threat management: No signature required

Signatures are great at catching large-scale commodity threats. But to stop targeted attacks, you need to jump off the signature hamster wheel and lay in wait where attackers will inevitably show up – inside your network.

How to detect malicious covert communications

Covert communications are key enablers of cyber attacks that allow remote humans to patiently manage and direct their attacks undetected. Attackers choose these vehicles specifically for their ability to evade signatures, malware sandboxes and reputation lists.
Check out the cool infographic

Detect insider threats in real time

Insider threat cases make up 28% of all cybercrime and more than a third of organizations reported an insider cyber attack in 2013, and 32% of affected organizations said that the damage caused by insider cyber attacks was greater than outsider attacks.

Cybersecurity redefined: Detect and anticipate attacks in real time

Prevention security at the network perimeter provides one imperfect chance to stop an attack. SOC teams need automated threat detection and prioritized risk reporting that show what attackers are doing and provide multiple opportunities to stop an attack.

Learn about Vectra solutions

What's new at Vectra

What's new at Vectra: A report from Infosecurity Europe

AI, automating the hunt for cyber attackers, customer insights about the Vectra 1Q 2017 Post-Intrusion Report, and the hidden threats you could be exposed to. See what's new at Vectra.


User interface for Cognito reporting

This video demonstrates how to schedule and generate on-demand reports of the most critical cyber attack detections in your network.

Cognito dashboard

This video shows how to use the Cognito dashboard to quickly find the highest-risk attack detections in your network.

Cognito host detections

This video shows how to use the Cognito user interface to find the hosts at the center of an attack, and quickly investigate to any level of detail.

User interface for Cognito detections

This video shows how to use the Cognito user interface to quickly investigate threats across all phases of the cyber attack kill-chain.

An overview of the Cognito user interface

This short video provides an overview of the intuitive cyber attack detection capabilities of the Vectra X-series platform.


Everything you need to know about Cognito

Cognito delivers real-time attack visibility and puts attack details at your fingertips to empower immediate action. Cognito performs non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage.

Data Sheet

Cognito platform specifications

The scalable, distributed Cognito platform enables customers to deploy a combination of physical S-series sensors, virtual sensors (vSensors) and X-series appliances across multiple locations for centralized analysis, detection and correlation of threats. It includes technical specifications about S-series sensors, vSensors and the X-series appliance.

White Paper

How Cognito improves ROI and operational efficiency for cybersecurity

IT security is an ongoing exercise in ROI and operational efficiency. Organizations have a limited set of resources to address an unlimited set of risks, threats and attackers. This asymmetry means that security products must always be evaluated in terms of efficacy as well as their impact on the operational fitness of the organization. Is a solution a drain on manpower and resources or does it make staff more productive and nimble?

Industry Solutions

Protecting higher education networks from cyber threats

Universities and colleges will continue to be a juicy target for cyber attackers. Cognito from Vectra arms IT security teams at higher education institutions with real-time automated threat hunting and incident response to rapidly detect known and unknown cyber attacks inside any network across the constantly evolving threat landscape.

How financial institutions can stop cyber attacks in their tracks

With the unique ability to automatically hunt down cyber attackers inside your network, Cognito from Vectra enables IT security teams in the financial services industry to respond to threat incidents with unprecedented speed, accuracy and efficiency – well before cybercriminals can steal key assets and cause public embarrassment.

Protecting patient health and privacy from cybercriminals

By combining data science, modern machine learning and behavioral analysis, Cognito from Vectra gives healthcare organizations a powerful new class of real-time threat detection that automates the hunt for cyber attackers inside your network and accelerates incident response to safeguard patient information and other critical assets.

How medical device manufacturers can safeguard vital IP

Cyber attacks are a key and growing vector for intellectual property theft. Understanding the nature and scope of these cyber threats – and how to combat them – is critical to protecting IP. With Cognito from Vectra, medical device manufacturers get the advanced, real-time network analysis and detection they need to protect valuable IP assets.

How pharmaceutical companies can protect valuable IP

Cognito from Vectra helps pharmaceutical companies protect their IP by providing continuous, automated threat surveillance and detection inside the network. By automating threat detection and speeding up incident response, Cognito reduces threat investigations from days to minutes so security teams can prevent the damage and theft of IP.

Compliance Solutions

How Cognito enables compliance with the General Data Protection Regulation (GDPR)

The GDPR protects personal information and enables the free flow of data between European Union member states and foreign entities. This compliance brief details how Cognito contributes to GDPR compliance and protects personal data by providing continuous, automated threat surveillance and detection across an organization’s network.

How Cognito meets CIS Critical Security Controls 6.0

Critical Security Controls developed through federal and community efforts, coordinated by the SANS Institute, and maintained by the Center for Internet Security can mitigate modern attack profiles. “Realistically, only by adopting basic cyber hygiene will enterprises meaningfully reduce their cyber-risk profile,” said Jane Holl Lute, board member and former CEO at CIS.

How Cognito addresses key elements of the NIST framework

This compliance brief highlights key components of the NIST cybersecurity framework and explains in detail how the Cognito platform addresses these key components. Vectra provides operators of critical infrastructure with real-time automated threat hunting and incident response across the entire enterprise.

How Cognito meets PCI DSS 3.2 requirements

This compliance solution brief explains how Cognito addresses specific PCI DSS 3.2 compliance requirements while providing real-time insight into active cyber threats. Automated reporting capabilities enable organizations to create a PCI DSS compliance audit trail and take decisive action to stop attacks and mitigate their impact.

How Cognito supports DFARS and the NIST framework

Embracing key parts of the NIST framework in support of the Defense Federal Acquisition Regulation Supplement, the Cognito cybersecurity platform provides DoD contractors and subcontractors with continuous, automated threat detection and response across enterprise networks – from cloud and data center workloads to user and IoT devices.

How Cognito enables the implementation of an adaptive security architecture

An adaptive security architecture, as described by Gartner, encompasses four vitally important capabilities – prevention, detection, response and prediction – all of which must work in concert. Cognito addresses the need for an adaptive security architecture by providing continuous, automated threat hunting across the entire enterprise network.

Read the Gartner report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks

Technology Partner Solutions

Cognito enhances data center protection through VMware

By integrating with the VMware vSphere hypervisor, vCenter management console and NSX Network Virtualization and Security Platform, Cognito addresses critical vulnerabilities at every layer of the virtualized data center and exposes cyber attacks against applications, data, virtualization layers and the underlying physical infrastructure.

Detect and mitigate cyber attacks with Cognito and Carbon Black

The integration of Cognito automated threat hunting from Vectra with Cb Response from Carbon Black lets security teams unify network and endpoint context to rapidly detect, verify, and isolate cyber attacks in the enterprise. Together, we make it easier to stop active cyber attacks while getting more out of limited time and manpower of IT security teams.

Integrating Cognito with Micro Focus ArcSight

The Cognito and Micro Focus ArcSight SIEM integration brings all Cognito detections and host scores directly into the ArcSight dashboard, enabling them to be easily integrated into existing security operational center workflows. Together, they provide complete visibility into cybersecurity events and can pivot to any level of detail needed by security analysts.

Integrating Cognito automated threat management with IBM QRadar

The Cognito and IBM QRadar integration empowers fast, context-driven investigations into active cyber attacks. Together, we deliver practical solutions to persistent problems that often plague IT security organizations – finding and stopping active cyber attacks inside networks, while getting more out of your IT security team’s limited time and manpower.

Integrating Cognito with Splunk

Cognito integrates AI-based automated threat hunting and incident response with the operational intelligence of the Splunk platform. Together, they solve one of the most persistent problems facing enterprise cybersecurity teams – finding and stopping active cyber attacks while getting more out of limited time and resources.

Vectra Active Enforcement for the Demisto security automation and orchestration platform

Vectra Active Enforcement for Demisto turns Cognito threat detections into action by integrating with other security solutions to stop attacker traffic or quarantine infected hosts. Collaboration and forensics capabilities provide efficiency and include advanced investigation features that automate data enrichment and analysis.

Vectra Active Enforcement for the Phantom security automation and orchestration platform

The Vectra Active Enforcement application for Phantom automatically detects hidden cyber attack behaviors, pinpoints host devices at the center of an attack, and blocks threats before key assets are damaged or stolen. Together, they prompt rapid enforcement actions by next-generation firewalls, endpoint security and NAC solutions.

Vectra and Palo Alto Networks – Stopping threats with network-based behavioral analytics

The Palo Alto Networks and Vectra partnership aligns behavioral threat detection and real-time enforcement, which provides customers with increased visibility and synchronized protection to combat today's advanced threats. Customers can rapidly integrate Palo Alto Networks with the Cognito platform from Vectra in a matter of minutes with Vectra Active Enforcement (VAE).

Juniper and Cognito create a new class of advanced persistent threat defense

Using the Spotlight Secure Connector API, the Cognito platform analyzes internal network traffic to reveal all phases of an active cyber attack, including hidden command-and-control communications, internal reconnaissance behaviors, lateral movement, botnet monetization fraud, and data exfiltration.

Gigamon provides intelligent traffic filtering for Cognito

The GigaSECURE® Security Delivery Platform from Gigamon provides intelligent filtering on physical and virtual networks and passes that traffic to the Cognito threat detection and response platform for real-time threat analysis. Multiple Gigamon tap points deployed at the edge and core provide Cognito with intelligent traffic filtering at all key points in network.

Ixia provides complete network access for Cognito

Ixia Network Packet Brokers passively direct out-of-band network traffic from multiple network access points – such as SPANs, taps and virtual taps (vTaps) – to the Vectra X-series appliance for inspection and analysis. Traffic is aggregated from these access points, which results in vastly improved network visibility and greater operational efficiency.

Architectural Solutions

Cognito and next-generation firewalls

Augmenting next-generation firewalls with the Cognito automated threat detection and response platform enables organizations to identify any phase of an attack that goes undetected and sneaks past perimeter defenses.

Company Backgrounder

Everything you need to know about Vectra

Incorporated in 2011, Vectra Networks is the leader in real-time detection of in-progress cyber attacks. The company’s Automated Threat Management solution continuously monitors internal network traffic to immediately detect cyber attacks while they are happening.

What customers are saying about Vectra


Texas A&M cuts threat investigation time from days to minutes

Daniel Basile, executive director of the security operations center at the Texas A&M University System

Case Studies


“Vectra offered exactly what we needed. It automates attacker detections and allows us to respond faster to the most serious threats.” - Markus Müller-Fehrenbach, Head of IT Infrastructure and Operations at Vetropack

Texas A&M University System

“You’re looking at about $1 million every time you call in consultants to perform post-breach forensic analysis,” Basile explained. “By eliminating this, Vectra saved the A&M System $7 million in a year and we cut threat investigation times from several days to a few minutes.” 

Tribune Media Group

“Vectra is threat detection on steroids. It does the homework for me and tells me if we’re having an infiltration, such as a brute force attack. Then I can dig deeper and get to the real problem.”   — Duane Smith, Chief Information Security Officer

Hydro Ottawa

"Vectra is a security analyst in software that handles tedious, labor-intensive threat hunting and automatically detects, scores and prioritizes the highest-risk threats."  — Jojo Maalouf, IT security manager

Augmented Reality for the industrial workplace

“The modern machine learning techniques that are employed by Vectra easily tell the difference between anomalous user behaviors and attacker behaviors. That lets me focus on stopping the real threats.” — Minuk Kim, Director of Information Security

Tri-State Generation and Transmission Association

“Vectra gives us visibility so we can monitor our internal hosts and address any security issues in real-time. It doesn’t get confused by normal traffic that can set off bogus alerts.”   — Dave Buffo, Senior IT Security Administrator

Securities Exchange

“Malware can take days or weeks to be caught. Vectra gives us actionable security intelligence to find the threat. We are operationalizing Vectra as the brains of our cybersecurity.”   — Deputy Chief Information Security Officer

Barry University

“Vectra detected an attempted exfiltration that we needed to mitigate right away. We saw it and quickly stopped it. I didn’t think it was possible to have visibility into attacks as they were happening.”   — Dr. Hernan Londono, Associate Chief Information Officer

Press Release | In the news: Baseline | Register to watch the webcast


“Vectra translates into time savings. We don’t have to sit there and look at it all day because the alerts we get from Vectra have already been analyzed and the false positives removed.”   — Sam Kamran, Chief Information Security Officer

Good Technology

"Vectra shows me what’s going on. If there’s a data smuggler, I can click on the host, see the data smuggler, where it’s getting data, where it’s sending it, and how to mitigate the threat.”   — Chris DeKonink, Head of Cybersecurity

Reviews of the Vectra solution

Reviews of the Vectra Solution

Active breach detection: The Vectra X-series platform

SC Magazine reviews the Vectra X-Series Platform

Analyst Reports

ESG Lab Spotlight: Cognito - Automating security operations with AI

By Tony Palmer, Senior IT Validation Analyst | October 2017

This ESG Lab Spotlight explores the Cognito platform, which perform real-time detection and analysis of cyber attacks. The security landscape is bleak, and is only getting worse. Vectra is a promising next step toward a more secure infrastructure.

Reducing threat defense costs with a distributed architecture and triage capabilities

When analyzing the major breaches of 2014, they follow a consistent blueprint of the attacker gaining privileged access within the network, moving laterally to extend the compromise, and then stealing or destroying key assets.