Understanding today's cybersecurity challenges


Cryptocurrency mining infographic and e-book

University students are exploiting free electricity on campus to do cryptomining while others become unsuspecting victims by visiting nefarious websites that take over their devices to process cryptocurrency hashes.

Six critical attack vectors to detect in your data center and private cloud

Today, data center security focuses mainly on protecting the virtualized layers, which has prompted professional cybercriminals to attack the data center's physical infrastructure. However, advanced detection models can expose attacks against the data center's underlying infrastructure as well as its virtualized layers.

Minding the cybersecurity gap

The cybersecurity gap exists between the time an attacker successfully evades prevention security systems at the perimeter and the clean-up phase when an organization discovers that key assets have been stolen or destroyed. And the risks of the cybersecurity gap are big and only getting bigger.

A new threat detection model that closes the cybersecurity gap

This e-book explains the requirements for an advanced threat detection model that identifies active cyberattacks based on what has been learned from the past as well as local context. This new model then connects events over time to reveal the progression and actions of threats inside of networks.

How cyberattackers evade threat signatures

Although signatures can stop known threats, the most dangerous ones have yet to be captured and mapped. The signature model has multiple blind spots that can leave your network vulnerable to cyberattackers. Understanding these blind spots requires understanding the weakness behind signatures.


2018 RSA Conference Edition of the Attacker Behavior Industry Report

Cyberattack detections and trends from 246 Vectra customers in 14 industries and over 4.5 million devices and workloads. The report also shows a stunning surge in cryptocurrency mining in higher education.

Download the German version
Download the French version

How to interpret network-based malware detection

This research paper examines the ecosystem nuances of network-based malware detection and the limits imposed on intelligence extraction of captured malware samples. It also explains the impact on organizations that strive to mitigate malware threats using network-based detection systems.

How Vectra closes the cybersecurity gap

White Papers

How Cognito secures cloud data centers from cyberattacks

This white paper explains how to protect cloud data centers from cyberattacks. It looks at unique architectural and operational challenges, examines real-world attacker techniques, and proposes a framework to defend against them.

How to augment security operations centers with AI

This paper examines obstacles in the fight against cyberattacks and how AI speeds-up detection and response in the SOC. AI augments the work of SOC teams to make operations more efficient and mitigates cyberthreats before damage is done.

How Cognito is ideal for replacing IDS

IDS relies on signatures to stop known threats from getting into networks. But they are blind to unknown threats. Cyberattackers know this and can change a few bits of code in known malware to create an unknown threat.

Download the French Version

The data science behind Cognito AI threat detection models

Cognito AI blends human expertise with a broad set of data science and machine learning techniques. It delivers a continuous cycle of intelligence based on threat research, global/local learning models, deep learning, and neural networks.

Download the German version
Download the French version

Surviving the ransomware pandemic

The early detection of ransomware attacks is essential. Ransomware is becoming more prevalent and increasingly sophisticated because the criminal appetite for juicy payouts and limited risk are too big for attackers to ignore.

How to detect malicious covert communications

Covert communications are key enablers of cyberattacks, enabling cybercriminals to remotely manage and control targeted attacks while staying hidden. Attackers use covert communications for its ability to evade signatures and reputation lists.

Check out the cool infographic


See how Cognito can transform you into a cybersecurity superhero

The Cognito threat detection and response platform finds hidden cyberattackers in real time -- from cloud and data center workloads to user and IoT devices -- so you can stop them early and prevent theft or damage.

Detecting cyberattacks in the data center

Data center security mainly protects virtualized layers, prompting attackers to create and exploit backdoors in the physical infrastructure. Only the most advanced detection models can expose attacks against the physical and virtualized layers.

Defeating and abusing machine learning detection technologies

To explain how Vectra uses AI to automate the detection of cyberattackers and speed-up incident response, CTO Oliver Tavakoli talks about data science, machine learning techniques, deep learning and more at Infosecurity Europe.

Hear from the former deputy secretary of the U.S. Department of Homeland Security

Jane Holl Lute is currently on the board of directors at the Center for Internet Security, president and CEO of SICPA North America and special advisor to the United Nations secretary general.

Analyst Reports

The road rises up to meet Vectra with $36 million funding round

By Eric Ogren, Senior Analyst | February 2018

We continue to see interest from enterprise CISOs in network traffic analysis to detect live threats as they go about their business of reaching out to other machines, gathering intelligence and exfiltrating data. We expect Vectra Networks to allocate some of its new investment capital to enhance its investigation and remediation features.

Gartner names Vectra the sole visionary in IDPS

By Craig Lawson, Research Vice President | January 2018

Vectra is the only “Visionary” in the 2018 Gartner Magic Quadrant for Intrusion Detection and Prevention Systems. We believe we are positioned as the visionary for our innovative use of machine learning and analytics that automate threat hunting, triage, correlation and prioritization, which reduces the security operations workload by up to 29x.

Download the French version
Download the German version

Automating security operations with AI

By Tony Palmer, Senior IT Validation Analyst | October 2017

This ESG Lab Spotlight explores the Cognito platform, which perform real-time detection and analysis of cyberattacks. The security landscape is bleak, and is only getting worse. Vectra is a promising next step toward a more secure infrastructure.

Tune in to learn what’s new at Vectra

Live Events

Is your blue team fast enough to win the race against attackers?

Now available on-demand

Some of the industry's top minds will provide their insights on the need to focus on faster and more efficient attacker detection and response capabilities, as the attacks are happening. This requires a combination of advanced technology and resources, in particular highly skilled people. 

Register Today

On-Demand Webcasts

AI and machine learning in cybersecurity

Chris Morales, head of security analytics at Vectra, and other industry experts, discuss how AI and machine learning can power cyberattacks and disrupt the operations of organizations on a global level. But AI and ML can also detect and analyze threats faster, as well as respond to attacks and security incidents.

Register here

A day in the life of a security operations center analyst

Now available on-demand

Watch this webinar to learn how security analysts at Texas A&M University System adapt to the constantly changing threat landscape and use artificial intelligence as part of their cybersecurity arsenal.

Register Here

How to strengthen your cybersecurity posture with artificial intelligence

Join Chris Morales, head of security analytics at Vectra and Holger Schulze, founder and CEO of Cybersecurity Insiders, as they discuss how AI can be used to augment the role of a Tier-1 security analyst and put them in the best position to effectively defend an attack.

Register today

How to integrate Vectra with Phantom

Extend threat intelligence to the automation and orchestration platform

This webcast shows how Vectra integrates with the Phantom automation and orchestration platform. It includes a playbook that showcases how to implement automated and semi-automated workflows using Vectra Active Enforcement for Phantom.

Register to watch it now

Ticketmaster automates threat hunting

Learn how AI secures transactions for more than 400 million ticket-buyers

Don't miss this 30 minute session with Beau Canada, vice president of information security at Ticketmaster, as he will explain how artificial intelligence in the Vectra cybersecurity platform automates the hunt for hidden cyber attackers inside the organization's network. Learn how AI has helped secure transactions for more than 400 million fans and protects the brand identity of more than 20 countries. 

Register to watch it now

Ransomware keeps working 24/7, why aren't you?

Join Vectra and Demisto as they discuss turning threat detections into action by integrating with other leading security solutions to stop in-progress cyber attacks and quarantine compromised host devices. 

Register Today

How AI detects and mitigates attacks in the software-defined data center

Join Vectra and VMware as they discuss cybersecurity challenges in virtualized environments and how their integration improves visibility into hidden cyber attacks in data centers, enabling faster threat detection, response and mitigation.

Register Today

Are you drowning looking for threats in a data lake?

Dan Basile, executive director of the Security Operations Center at the Texas A&M University System, talks about core capabilities of the SOC and how to make it smarter using artificial intelligence. 

Register Today

Automatically correlate attacker behavior detections and Splunk events

Join Albert Caballero, chief information security officer for HBO Latin America, to learn how to automatically correlate real-time attacker behaviors detected by the Vectra cybersecurity platform with events in Splunk Enterprise.

Register Today

How to quickly detect and stop hidden cyber attackers in the public cloud

Join Vectra and Gigamon for this compelling look at how you can detect and respond faster to cyber attackers that hide in your physical, virtual and cloud network infrastructures.

Register Today

Ransomware pandemic special

On Friday, May 12, 2017 a ransomware attack spread very rapidly among unpatched Windows systems worldwide.

Advances in AI augmenting security teams, is seeing the industry shift to identifying attacker behavior in real time. Attend this webinar to learn more about the attack and how Vectra®Networks automates the hunt for hidden cyber attacks.

Register Today

Automatically quarantine endpoints based on network attack behavior detections

Join Albert Caballero, information security officer for HBO Latin America, to learn how to automatically pivot from real-time attack behavior detections in the Vectra UI to Carbon Black Response to expedite forensic investigation and isolate compromised hosts.

Register Today

Why data center attackers are aiming low

While most data center security has focused on protecting the virtualized layers, real-world attackers are increasingly subverting the data center's physical infrastructure. This webcast analyzes the reality of data center cybersecurity. 

Register Today

Insider threats – How to prevent, detect and remediate insider attacks

Join Vectra for a discussion about insider threats and what cybersecurity professionals are doing to prevent, detect and remediate insider attacks.

Register Today

The expanding role of data analytics in threat detection

The SANS Institute

Recent SANS studies on malware, intrusion prevention and cyber threat intelligence agree that almost every organization, no matter how well prepared, is infected with malware to some degree and that many show signs of malicious activity.

This webinar provides insight and guidance about:
- The characteristics of the technologies being used in this modern age of intelligence-driven threat detection
- How this new type of threat detection differs from more traditional methods
- How data analytics affects existing security frameworks and complement critical security controls"

Register Today

Shouldn’t intrusion detection systems actually detect intrusions?


IDS has lost its ability to spot cyber intrusions. Sophisticated attackers are using more evasive, strategic intrusions to spread rapidly through networks. This webinar analyzes new approaches to IDS and how they detect today’s most advanced cyber attacks.

Register Today

How to detect hidden cyberattack communications inside today’s networks


Today’s cyber attackers survive by hiding their attack communications from the prying eyes of security. It’s a critical part of their attack arsenal and it lets them patiently manage and propagate attacks throughout your network, undetected.

Register Today

Hostage crisis survival: The ransomware pandemic

Tune-in to hear Jacob Sendowski, Ph.D., senior product manager at Vectra Networks and Wade Williamson, direct of threat analytics at Vectra Networks discuss ransomware, the implications for enterprises, and steps that can be taken to help IT organizations address the risks.

Register Today

Making cybersecurity manageable with high-fidelity security


Join David Monahan, research director at leading IT analyst firm Enterprise Management Associates (EMA), and Wade Williamson, director of threat analytics at Vectra Networks, to learn how to implement high-fidelity security to manage today’s most challenging threats, efficiently and effectively.

Register Today

Protecting healthcare organizations from cyber attacks

Connie Barrera, CISO of the internationally recognized Jackson Health System in Miami, will talk about the rising tide of cyber attacks and medical device vulnerabilities that are threatening healthcare organizations and how automated threat management has played a key role in mitigating this ominous problem – without requiring additional headcount.

Register Today


Cognito dashboard

This video shows how to use the Cognito dashboard to quickly find the highest-risk attack detections in your network.

Cognito host detections

This video shows how to use the Cognito user interface to find the hosts at the center of an attack, and quickly investigate to any level of detail.

An overview of the Cognito user interface

This short video provides an overview of the intuitive cyberattack detection capabilities of the Cognito user interface.

User interface for Cognito detections

This video shows how to use the Cognito user interface to quickly investigate threats across all phases of the cyberattack kill-chain.

User interface for Cognito reporting

This video demonstrates how to schedule and generate on-demand reports of the most critical cyberattack detections in your network.

Build an adaptive distributed architecture with S-series sensors

This short demo video shows how to deploy and use Vectra S-series sensors, which deliver real-time cyberattack detection capabilities to all corners of your network.

Learn about Vectra solutions


Everything you need to know about Cognito

Cognito delivers real-time cyberattack visibility and puts attack details at your fingertips to empower immediate action. Cognito performs non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage.

Data Sheet

Cognito platform specifications

The scalable, distributed Cognito platform enables customers to deploy a combination of physical S-series sensors, virtual sensors (vSensors) and X-series appliances across multiple locations for centralized analysis, detection and correlation of threats. It includes technical specifications about S-series sensors, vSensors and the X-series appliance.

Download the German version
Download the French version

White Paper

How to improve ROI and operational efficiency for cybersecurity

IT security is an ongoing exercise in ROI and operational efficiency. Organizations have a limited set of resources to address an unlimited set of risks, threats and attackers. This asymmetry means that security products must always be evaluated in terms of efficacy as well as their impact on the operational fitness of the organization.

Industry Solutions

How financial institutions can stop cyberattacks in their tracks

With the unique ability to automatically hunt down cyberattackers inside your network, Cognito from Vectra enables IT security teams in the financial services industry to respond to threat incidents with unprecedented speed, accuracy and efficiency – well before cybercriminals can steal key assets and cause public embarrassment.

Protecting patient health and privacy from cybercriminals

By combining data science, modern machine learning and behavioral analysis, Cognito from Vectra gives healthcare organizations a powerful new class of real-time threat detection that automates the hunt for cyberattackers inside your network and accelerates incident response to safeguard patient information and other critical assets.

How pharmaceutical companies can protect valuable IP

Cognito from Vectra helps pharmaceutical companies protect their IP by providing continuous, automated threat surveillance and detection inside the network. By automating threat detection and speeding up incident response, Cognito reduces threat investigations from days to minutes so security teams can prevent the damage and theft of IP.

How medical device manufacturers can safeguard vital IP

Cyberattacks are a key and growing vector for intellectual property theft. Understanding the nature and scope of these cyberthreats – and how to combat them – is critical to protecting IP. With Cognito from Vectra, medical device manufacturers get the advanced, real-time network analysis and detection they need to protect valuable IP assets.

Protecting higher education networks from cyberthreats

Universities and colleges will continue to be a juicy target for cyberattackers. Cognito from Vectra arms IT security teams at higher education institutions with real-time automated threat hunting and incident response to rapidly detect known and unknown cyberattacks inside any network across the constantly evolving threat landscape.

Compliance Solutions

How Cognito from Vectra helps meet FFIEC cybersecurity requirements

This compliance brief explains how the Cognito threat detection and response platform supports specific cybersecurity assessment categories under the Federal Financial Institutions Examination Council (FFIEC), in conjunction with the National Institute of Standards and Technology (NIST).

How Cognito enables compliance with the General Data Protection Regulation (GDPR)

The GDPR protects personal information and enables the free flow of data between European Union member states and foreign entities. This compliance brief details how Cognito contributes to GDPR compliance and protects personal data by providing continuous, automated threat surveillance and detection across an organization’s network.

Download the German version
Download the French version

How Cognito addresses key elements of the NIST framework

This compliance brief highlights key components of the NIST cybersecurity framework and explains in detail how the Cognito platform addresses these key components. Vectra provides operators of critical infrastructure with real-time automated threat hunting and incident response across the entire enterprise.

How Cognito supports DFARS and the NIST framework

Embracing key parts of the NIST framework in support of the Defense Federal Acquisition Regulation Supplement, the Cognito cybersecurity platform provides DoD contractors and subcontractors with continuous, automated threat detection and response across enterprise networks – from cloud and data center workloads to user and IoT devices.

How Cognito enables the implementation of an adaptive security architecture

An adaptive security architecture, as described by Gartner, encompasses four vital capabilities – prevention, detection, response and prediction – all of which must work in concert. Cognito addresses the need for an adaptive security architecture by providing continuous, automated threat hunting across the entire enterprise network.

Read the Gartner report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks

How Cognito meets CIS Critical Security Controls 6.0

Critical Security Controls developed through federal and community efforts, coordinated by the SANS Institute, and maintained by the Center for Internet Security can mitigate modern attack profiles. “By adopting basic cyber hygiene, enterprises can reduce their cyberrisk profile,” says Jane Holl Lute, board member and former CEO at CIS.

How Cognito meets PCI DSS 3.2 requirements

This compliance solution brief explains how Cognito addresses specific PCI DSS 3.2 compliance requirements while providing real-time insight into active cyberthreats. Automated reporting capabilities enable organizations to create a PCI DSS compliance audit trail and take decisive action to stop attacks and mitigate their impact.

Technology Partner Solutions

Cognito enhances data center protection through VMware

By integrating with the VMware vSphere hypervisor, vCenter management console and NSX Network Virtualization and Security Platform, Cognito addresses critical vulnerabilities at every layer of the virtualized data center and exposes cyberattacks against applications, data, virtualization layers and the underlying physical infrastructure.

Faster network and endpoint detection and response

The integration of the Cognito automated threat hunting platform with Falcon Insight endpoint detection and response unifies network and endpoint context to quickly detect, verify and isolate cyberattacks. Together, Cognito and Falcon Insight can stop active cyberattacks faster while increasing the efficiency security operations teams.

Detect and mitigate cyberattacks with Cognito and Carbon Black

The integration of Cognito from Vectra with Cb Response from Carbon Black lets security teams unify network and endpoint context to rapidly detect, verify, and isolate cyberattacks in the enterprise. Together, we make it easier to stop active cyberattacks while getting more out of limited time and manpower of IT security teams.

Integrating Cognito with Micro Focus ArcSight

The Cognito and Micro Focus ArcSight SIEM integration brings all Cognito detections and host scores directly into the ArcSight dashboard, enabling them to be easily integrated into existing security workflows.

Integrating Cognito with IBM QRadar

The Cognito and QRadar integration empowers fast, context-driven cyberattack investigations. They deliver practical solutions to persistent problems that often plague security teams – finding and stopping hidden cyberattacks inside networks, while getting more out of your security team’s limited time and resources.

Integrating Cognito with Splunk

Cognito integrates AI-based automated threat hunting and incident response with the operational intelligence of the Splunk platform. Together, they solve one of the most persistent problems facing enterprise cybersecurity teams – finding and stopping active cyberattacks while getting more out of limited time and resources.

Vectra Active Enforcement for the Demisto security automation and orchestration platform

Vectra Active Enforcement for Demisto turns Cognito threat detections into action by integrating with other security solutions to stop attacker traffic or quarantine infected hosts. Collaboration and forensics capabilities provide efficiency and include advanced investigation features that automate data enrichment and analysis.

Vectra Active Enforcement for the Phantom security automation and orchestration platform

The Vectra Active Enforcement application for Phantom automatically detects hidden cyberattack behaviors, pinpoints host devices at the center of an attack, and blocks threats before key assets are damaged or stolen. Together, they prompt rapid enforcement actions by next-generation firewalls, endpoint security and NAC solutions.

Juniper and Cognito create a new class of advanced persistent threat defense

Using the Spotlight Secure Connector API, the Cognito platform analyzes internal network traffic to reveal all phases of an active cyberattack, including hidden command-and-control communications, internal reconnaissance behaviors, lateral movement, botnet monetization fraud, and data exfiltration.

Gigamon provides intelligent traffic filtering for Cognito

The GigaSECURE® platform from Gigamon provides intelligent filtering on physical and virtual networks and passes that traffic to the Cognito threat detection and response platform for real-time threat analysis. Multiple Gigamon tap points deployed at the edge and core provide Cognito with intelligent traffic filtering at key points.

Ixia provides complete network access for Cognito

Ixia Network Packet Brokers passively direct out-of-band network traffic from multiple network access points – such as SPANs, taps and virtual taps (vTaps) – to the Vectra X-series appliance for inspection and analysis. Traffic is aggregated from these access points, which results in vastly improved network visibility and greater operational efficiency.

Company Backgrounder

Everything you need to know about Vectra

Incorporated in 2011, Vectra is the leader in real-time detection of in-progress cyberattacks. The company’s AI-based Cognito threat detection and response platform continuously and automatically monitors internal network traffic to immediately detect cyberattacks while they are happening.

What customers are saying about Vectra


Shop Direct embarks on a journey to cognitive security

Liam Fu, head of information security at Shop Direct, explains how Vectra enabled the online UK retailer to reduce its business risk by automating the detection of hidden threats and responding faster to cyberattacks.

Texas A&M cuts threat investigation time from days to minutes

Daniel Basile, executive director of the Security Operations Center at the Texas A&M University System, discusses how Vectra brought sweeping new efficiencies to the security team.

Riverbed has new visibility into hidden cyberthreats

RIverbed CISO Sam Kamran says his security team is more agile because cyberattack alerts from Vectra have already been analyzed and false positives removed.

Case Studies

Shop Direct

“The ability to quickly and accurately detect and respond to advanced cyberattacks is paramount, and Vectra is helping us reduce business risk.” — Liam Fu, Head of Information Security

Tribune Media Group

“Vectra is threat detection on steroids. It does the homework for me and tells me if we’re having an infiltration, such as a brute-force attack. Then I can dig deeper and get to the real problem.”   — Duane Smith, Chief Information Security Officer


“Vectra offered exactly what we needed. It automates attacker detections and allows us to respond faster to the most serious threats.” — Markus Müller-Fehrenbach, Head of IT Infrastructure and Operations

Texas A&M University System

"Vectra saved the Texas A&M University System $7 million in a year and we cut threat investigation times from several days to a few minutes.” — Daniel Basile, Executive Director of the Security Operations Center

Hydro Ottawa

“Vectra is a security analyst in software that handles tedious, labor-intensive threat hunting and automatically detects, scores and prioritizes the highest-risk threats.” — Jojo Malouf, IT Security Manager

Augmented Reality for the industrial workplace

“The machine learning techniques employed by Vectra easily tell the difference between anomalous user behaviors and attacker behaviors. That lets me focus on stopping the real threats.” — Minuk Kim, Director of Information Security

Tri-State Generation and Transmission Association

“Vectra gives us visibility so we can monitor our internal hosts and address any security issues in real-time. It doesn’t get confused by normal traffic that can set off bogus alerts.”   — Dave Buffo, Senior IT Security Administrator

Securities Exchange

“Malware can take days or weeks to be caught. Vectra gives us actionable security intelligence to find the threat. We are operationalizing Vectra as the brains of our cybersecurity.”   — Deputy Chief Information Security Officer

Barry University

“Vectra detected an attempted exfiltration that we mitigated right away. I didn’t think it was possible to have visibility into attacks as they were happening.”   — Dr. Hernan Londono, Associate Chief Information Officer

Press Release | In the news: Baseline | Register to watch the webcast


“Vectra translates into time savings. We don’t have to sit there and look at it all day because the alerts we get from Vectra have already been analyzed and the false positives removed.”   — Sam Kamran, Chief Information Security Officer

Good Technology

"Vectra shows me what’s going on. If there’s a data smuggler, I can click on the host, see the data smuggler, where it’s getting data, where it’s sending it, and how to mitigate the threat.”   — Chris DeKonink, Head of Cybersecurity

Reviews of the Vectra solution

Reviews of the Vectra Solution

Active breach detection: The Vectra X-series appliance

The complexity of what Vectra does is well-concealed under a well thought-out, comfortable user interface," writes Peter Stephenson, technology editor at SC Magazine. "This is a complete and focused package that is well worth the price."