University students are exploiting free electricity on campus to do cryptomining while others become unsuspecting victims by visiting nefarious websites that take over their devices to process cryptocurrency hashes.
Today, data center security focuses mainly on protecting the virtualized layers, which has prompted professional cybercriminals to attack the data center's physical infrastructure. However, advanced detection models can expose attacks against the data center's underlying infrastructure as well as its virtualized layers.
The cybersecurity gap exists between the time an attacker successfully evades prevention security systems at the perimeter and the clean-up phase when an organization discovers that key assets have been stolen or destroyed. And the risks of the cybersecurity gap are big and only getting bigger.
This e-book explains the requirements for an advanced threat detection model that identifies active cyberattacks based on what has been learned from the past as well as local context. This new model then connects events over time to reveal the progression and actions of threats inside of networks.
Although signatures can stop known threats, the most dangerous ones have yet to be captured and mapped. The signature model has multiple blind spots that can leave your network vulnerable to cyberattackers. Understanding these blind spots requires understanding the weakness behind signatures.
Cyberattack detections and trends from 246 Vectra customers in 14 industries and over 4.5 million devices and workloads. The report also shows a stunning surge in cryptocurrency mining in higher education.
This research paper examines the ecosystem nuances of network-based malware detection and the limits imposed on intelligence extraction of captured malware samples. It also explains the impact on organizations that strive to mitigate malware threats using network-based detection systems.
This white paper explains how to protect cloud data centers from cyberattacks. It looks at unique architectural and operational challenges, examines real-world attacker techniques, and proposes a framework to defend against them.
This paper examines obstacles in the fight against cyberattacks and how AI speeds-up detection and response in the SOC. AI augments the work of SOC teams to make operations more efficient and mitigates cyberthreats before damage is done.
Cognito AI blends human expertise with a broad set of data science and machine learning techniques. It delivers a continuous cycle of intelligence based on threat research, global/local learning models, deep learning, and neural networks.
The early detection of ransomware attacks is essential. Ransomware is becoming more prevalent and increasingly sophisticated because the criminal appetite for juicy payouts and limited risk are too big for attackers to ignore.
Covert communications are key enablers of cyberattacks, enabling cybercriminals to remotely manage and control targeted attacks while staying hidden. Attackers use covert communications for its ability to evade signatures and reputation lists.Check out the cool infographic
The Cognito threat detection and response platform finds hidden cyberattackers in real time -- from cloud and data center workloads to user and IoT devices -- so you can stop them early and prevent theft or damage.
Data center security mainly protects virtualized layers, prompting attackers to create and exploit backdoors in the physical infrastructure. Only the most advanced detection models can expose attacks against the physical and virtualized layers.
To explain how Vectra uses AI to automate the detection of cyberattackers and speed-up incident response, CTO Oliver Tavakoli talks about data science, machine learning techniques, deep learning and more at Infosecurity Europe.
Jane Holl Lute is currently on the board of directors at the Center for Internet Security, president and CEO of SICPA North America and special advisor to the United Nations secretary general.
By Eric Ogren, Senior Analyst | February 2018
We continue to see interest from enterprise CISOs in network traffic analysis to detect live threats as they go about their business of reaching out to other machines, gathering intelligence and exfiltrating data. We expect Vectra Networks to allocate some of its new investment capital to enhance its investigation and remediation features.
By Craig Lawson, Research Vice President | January 2018
Vectra is the only “Visionary” in the 2018 Gartner Magic Quadrant for Intrusion Detection and Prevention Systems. We believe we are positioned as the visionary for our innovative use of machine learning and analytics that automate threat hunting, triage, correlation and prioritization, which reduces the security operations workload by up to 29x.
By Tony Palmer, Senior IT Validation Analyst | October 2017
This ESG Lab Spotlight explores the Cognito platform, which perform real-time detection and analysis of cyberattacks. The security landscape is bleak, and is only getting worse. Vectra is a promising next step toward a more secure infrastructure.
This video shows how to use the Cognito dashboard to quickly find the highest-risk attack detections in your network.
This video shows how to use the Cognito user interface to find the hosts at the center of an attack, and quickly investigate to any level of detail.
This short video provides an overview of the intuitive cyberattack detection capabilities of the Cognito user interface.
This video shows how to use the Cognito user interface to quickly investigate threats across all phases of the cyberattack kill-chain.
This video demonstrates how to schedule and generate on-demand reports of the most critical cyberattack detections in your network.
This short demo video shows how to deploy and use Vectra S-series sensors, which deliver real-time cyberattack detection capabilities to all corners of your network.
Cognito delivers real-time cyberattack visibility and puts attack details at your fingertips to empower immediate action. Cognito performs non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage.
The scalable, distributed Cognito platform enables customers to deploy a combination of physical S-series sensors, virtual sensors (vSensors) and X-series appliances across multiple locations for centralized analysis, detection and correlation of threats. It includes technical specifications about S-series sensors, vSensors and the X-series appliance.
IT security is an ongoing exercise in ROI and operational efficiency. Organizations have a limited set of resources to address an unlimited set of risks, threats and attackers. This asymmetry means that security products must always be evaluated in terms of efficacy as well as their impact on the operational fitness of the organization.
With the unique ability to automatically hunt down cyberattackers inside your network, Cognito from Vectra enables IT security teams in the financial services industry to respond to threat incidents with unprecedented speed, accuracy and efficiency – well before cybercriminals can steal key assets and cause public embarrassment.
By combining data science, modern machine learning and behavioral analysis, Cognito from Vectra gives healthcare organizations a powerful new class of real-time threat detection that automates the hunt for cyberattackers inside your network and accelerates incident response to safeguard patient information and other critical assets.
Cognito from Vectra helps pharmaceutical companies protect their IP by providing continuous, automated threat surveillance and detection inside the network. By automating threat detection and speeding up incident response, Cognito reduces threat investigations from days to minutes so security teams can prevent the damage and theft of IP.
Cyberattacks are a key and growing vector for intellectual property theft. Understanding the nature and scope of these cyberthreats – and how to combat them – is critical to protecting IP. With Cognito from Vectra, medical device manufacturers get the advanced, real-time network analysis and detection they need to protect valuable IP assets.
Universities and colleges will continue to be a juicy target for cyberattackers. Cognito from Vectra arms IT security teams at higher education institutions with real-time automated threat hunting and incident response to rapidly detect known and unknown cyberattacks inside any network across the constantly evolving threat landscape.
This compliance brief explains how the Cognito threat detection and response platform supports specific cybersecurity assessment categories under the Federal Financial Institutions Examination Council (FFIEC), in conjunction with the National Institute of Standards and Technology (NIST).
The GDPR protects personal information and enables the free flow of data between European Union member states and foreign entities. This compliance brief details how Cognito contributes to GDPR compliance and protects personal data by providing continuous, automated threat surveillance and detection across an organization’s network.
This compliance brief highlights key components of the NIST cybersecurity framework and explains in detail how the Cognito platform addresses these key components. Vectra provides operators of critical infrastructure with real-time automated threat hunting and incident response across the entire enterprise.
Embracing key parts of the NIST framework in support of the Defense Federal Acquisition Regulation Supplement, the Cognito cybersecurity platform provides DoD contractors and subcontractors with continuous, automated threat detection and response across enterprise networks – from cloud and data center workloads to user and IoT devices.
An adaptive security architecture, as described by Gartner, encompasses four vital capabilities – prevention, detection, response and prediction – all of which must work in concert. Cognito addresses the need for an adaptive security architecture by providing continuous, automated threat hunting across the entire enterprise network.
Read the Gartner report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks
Critical Security Controls developed through federal and community efforts, coordinated by the SANS Institute, and maintained by the Center for Internet Security can mitigate modern attack profiles. “By adopting basic cyber hygiene, enterprises can reduce their cyberrisk profile,” says Jane Holl Lute, board member and former CEO at CIS.
This compliance solution brief explains how Cognito addresses specific PCI DSS 3.2 compliance requirements while providing real-time insight into active cyberthreats. Automated reporting capabilities enable organizations to create a PCI DSS compliance audit trail and take decisive action to stop attacks and mitigate their impact.
Technology Partner Solutions
By integrating with the VMware vSphere hypervisor, vCenter management console and NSX Network Virtualization and Security Platform, Cognito addresses critical vulnerabilities at every layer of the virtualized data center and exposes cyberattacks against applications, data, virtualization layers and the underlying physical infrastructure.
The integration of the Cognito automated threat hunting platform with Falcon Insight endpoint detection and response unifies network and endpoint context to quickly detect, verify and isolate cyberattacks. Together, Cognito and Falcon Insight can stop active cyberattacks faster while increasing the efficiency security operations teams.
The integration of Cognito from Vectra with Cb Response from Carbon Black lets security teams unify network and endpoint context to rapidly detect, verify, and isolate cyberattacks in the enterprise. Together, we make it easier to stop active cyberattacks while getting more out of limited time and manpower of IT security teams.
The Cognito and Micro Focus ArcSight SIEM integration brings all Cognito detections and host scores directly into the ArcSight dashboard, enabling them to be easily integrated into existing security workflows.
The Cognito and QRadar integration empowers fast, context-driven cyberattack investigations. They deliver practical solutions to persistent problems that often plague security teams – finding and stopping hidden cyberattacks inside networks, while getting more out of your security team’s limited time and resources.
Cognito integrates AI-based automated threat hunting and incident response with the operational intelligence of the Splunk platform. Together, they solve one of the most persistent problems facing enterprise cybersecurity teams – finding and stopping active cyberattacks while getting more out of limited time and resources.
Vectra Active Enforcement for Demisto turns Cognito threat detections into action by integrating with other security solutions to stop attacker traffic or quarantine infected hosts. Collaboration and forensics capabilities provide efficiency and include advanced investigation features that automate data enrichment and analysis.
The Vectra Active Enforcement application for Phantom automatically detects hidden cyberattack behaviors, pinpoints host devices at the center of an attack, and blocks threats before key assets are damaged or stolen. Together, they prompt rapid enforcement actions by next-generation firewalls, endpoint security and NAC solutions.
Using the Spotlight Secure Connector API, the Cognito platform analyzes internal network traffic to reveal all phases of an active cyberattack, including hidden command-and-control communications, internal reconnaissance behaviors, lateral movement, botnet monetization fraud, and data exfiltration.
The GigaSECURE® platform from Gigamon provides intelligent filtering on physical and virtual networks and passes that traffic to the Cognito threat detection and response platform for real-time threat analysis. Multiple Gigamon tap points deployed at the edge and core provide Cognito with intelligent traffic filtering at key points.
Ixia Network Packet Brokers passively direct out-of-band network traffic from multiple network access points – such as SPANs, taps and virtual taps (vTaps) – to the Vectra X-series appliance for inspection and analysis. Traffic is aggregated from these access points, which results in vastly improved network visibility and greater operational efficiency.
Incorporated in 2011, Vectra is the leader in real-time detection of in-progress cyberattacks. The company’s AI-based Cognito threat detection and response platform continuously and automatically monitors internal network traffic to immediately detect cyberattacks while they are happening.
Liam Fu, head of information security at Shop Direct, explains how Vectra enabled the online UK retailer to reduce its business risk by automating the detection of hidden threats and responding faster to cyberattacks.
Daniel Basile, executive director of the Security Operations Center at the Texas A&M University System, discusses how Vectra brought sweeping new efficiencies to the security team.
RIverbed CISO Sam Kamran says his security team is more agile because cyberattack alerts from Vectra have already been analyzed and false positives removed.
“The ability to quickly and accurately detect and respond to advanced cyberattacks is paramount, and Vectra is helping us reduce business risk.” — Liam Fu, Head of Information Security
“Vectra is threat detection on steroids. It does the homework for me and tells me if we’re having an infiltration, such as a brute-force attack. Then I can dig deeper and get to the real problem.” — Duane Smith, Chief Information Security Officer
“Vectra offered exactly what we needed. It automates attacker detections and allows us to respond faster to the most serious threats.” — Markus Müller-Fehrenbach, Head of IT Infrastructure and Operations
"Vectra saved the Texas A&M University System $7 million in a year and we cut threat investigation times from several days to a few minutes.” — Daniel Basile, Executive Director of the Security Operations Center
“Vectra is a security analyst in software that handles tedious, labor-intensive threat hunting and automatically detects, scores and prioritizes the highest-risk threats.” — Jojo Malouf, IT Security Manager
“The machine learning techniques employed by Vectra easily tell the difference between anomalous user behaviors and attacker behaviors. That lets me focus on stopping the real threats.” — Minuk Kim, Director of Information Security
“Vectra gives us visibility so we can monitor our internal hosts and address any security issues in real-time. It doesn’t get confused by normal traffic that can set off bogus alerts.” — Dave Buffo, Senior IT Security Administrator
“Malware can take days or weeks to be caught. Vectra gives us actionable security intelligence to find the threat. We are operationalizing Vectra as the brains of our cybersecurity.” — Deputy Chief Information Security Officer
“Vectra detected an attempted exfiltration that we mitigated right away. I didn’t think it was possible to have visibility into attacks as they were happening.” — Dr. Hernan Londono, Associate Chief Information Officer
Press Release | In the news: Baseline | Register to watch the webcast
“Vectra translates into time savings. We don’t have to sit there and look at it all day because the alerts we get from Vectra have already been analyzed and the false positives removed.” — Sam Kamran, Chief Information Security Officer
"Vectra shows me what’s going on. If there’s a data smuggler, I can click on the host, see the data smuggler, where it’s getting data, where it’s sending it, and how to mitigate the threat.” — Chris DeKonink, Head of Cybersecurity
Reviews of the Vectra Solution
The complexity of what Vectra does is well-concealed under a well thought-out, comfortable user interface," writes Peter Stephenson, technology editor at SC Magazine. "This is a complete and focused package that is well worth the price."