Cognito artificial intelligence from Vectra augments security operations

  • Cognito AI from Vectra meets today's cybersecurity challenges by blending human expertise with a broad set of data science, machine learning techniques and deep learning to automate the manual, time-consuming work associated with security analysts.

    By automating cyberattacker detection, analysis and incident response, Cognito AI condenses days or weeks of work into minutes, reducing the threat investigation workload by up to 36X.

    Get the 2018 Black Hat Edition of the Attacker Behavior Industry Report

Nine questions to ask AI vendors

How Cognito AI works

Using behavioral detection algorithms to analyze metadata from captured packets, Cognito AI detects hidden and unknown attacks in real time, whether traffic is encrypted or not. Cognito AI only analyzes metadata captured from packets, rather than performing deep-packet inspection, to protect user privacy without prying into sensitive payloads.

Get the white paper, The data science behind Cognito AI threat detection models

Global learning

Global learning identifies the fundamental traits that threats share across all enterprise organizations. Global learning begins with the Vectra Threat Labs™, a full-time group of cybersecurity experts and threat researchers who continually analyze malware, attack tools, techniques, and procedures to identify new and shifting trends in the threat landscape.

Their work informs the data science models used by Cognito AI, including supervised machine learning. It is used to analyze very large volumes of malicious and attack traffic and distill it down to the key characteristics that make malicious traffic unique.

What: Find the hidden traits that all threats share in common

Why: Fast detection of bad behavior, no local learning required

How: Supervised machine learning and deep learning

Local learning

Local learning identifies what's normal and abnormal in an enterprise's network to reveal attack patterns. The key techniques used are unsupervised machine learning and anomaly detection. Cognito uses unsupervised machine learning models to learn about a specific customer environment, with no direct oversight by a data scientist.

Instead of concentrating on finding and reporting anomalies, Vectra looks for indicators of important phases of an attack or attack techniques, including signs that an attacker is exploring the network, evaluating hosts for attack, and using stolen credentials.

What: Learns normal behavior and finds signs of attack

Why: Reveals attack patterns that are unique to the network

How: Unsupervised machine-learning, k-means clustering

Integrated intelligence

Correlate, score, prioritize

Cognito condenses thousands of events and network traits to a single detection. Using techniques such as event correlation and host scoring, Cognito performs the following:

• Correlates all detection events to specific hosts that show signs of threat behaviors.

• Automatically scores every detection and host in terms of the threat severity and certainty using the Cognito Threat Certainty Index™.

• Tracks each event over time and through every phrase of the cyberattack lifecycle.

Cognito puts special focus on events that may jeopardize key assets inside the network or are of strategic value to an attacker. Devices that exhibit behaviors that cover multiple phases of the cyberattack lifecycle are also prioritized, as shown.

What: Automated scoring of hosts to reveal the overall risk to the network

Why: Quickly boil down many events to reveal the key elements of an attack

How: Bayesian networks

Get the white paper, The data science behind Cognito AI threat detection models

Machine learning fundamentals for cybersecurity professionals

A deeper look into machine learning

Vectra is the Technology Innovator in EMA analyst evaluation of Network Security Analytics products

Gartner 2018 Magic Quadrant