Products

Cognito™

It's a security analyst in software

Cognito is the award-winning threat detection and response platform from Vectra. It automates the hunt for cyber attackers, shows where they’re hiding and tells you what they’re doing.

The highest-risk threats are instantly prioritized so security teams can respond faster to stop in-progress attacks and avert data loss – from cloud and data center workloads to user and IoT devices.

By automating the manual, time-consuming analysis of security events, Cognito condenses days or weeks of work into minutes and reduces the threat investigation workload by up to 29x.


LinkedIn Badge

Get the nine questions to ask AI vendors.

How Cognito works

  • Cognito uses artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage.

Enterprise Strategy Group

"ESG Lab validated that Vectra Cognito leverages advanced AI to quickly identify compromised hosts and attackers."

Tony Palmer, Senior IT Validation Analyst - Enterprise Strategy Group (ESG)

ESG

READ THE LAB REPORT

Rich metadata

  • Cognito gives you real-time threat visibility into cloud and data center workloads, servers, laptops, printers, BYOD and IoT by extracting and analyzing metadata from packets rather than performing deep packet inspection, enabling protection without prying.

Overview

The Cognito automated threat detection and response platform

Leveraging artificial intelligence, Cognito enables enterprises to detect and respond to cyber attacks in real time, delivers real-time attack visibility and puts threat details at your fingertips to empower immediate action. It performs non-stop, automated threat hunting, triage and correlation to prioritize the highest risks. Cognito integrates with endpoint, NAC, firewall and SIEM solution to enhance context and enable quick response while the attack is happening.

Data Sheet

Cognito platform specifications

Cognito provides full visibility into cyber attack behaviors from cloud and data center workloads to cloud and IoT devices. Multiple sensors provide input for Cognito's brain to cover diverse cloud providers, global data centers and remote office locations, ensuring attackers have nowhere to hide.

Identify attacker behaviors

Cognito analyzes the rich metadata with its algorithms to expose the fundamental behaviors hidden and unknown attackers such as remote access tools, hidden tunnels, backdoors, recon tools, credential abuse, and exfiltration.

Cognito also monitors and detects suspicious access to critical assets by authorized users, as well as policy violations related to the use of cloud storage, USB storage and other covert methods of moving data out of the network.

Automated analysis

Cognito shows what matters most, based on threat and certainty, instead of generating more events to analyze.

The Threat Certainty Index™ consolidates thousands of events and historical context to pinpoint hosts that pose the greatest risk to the enterprise.

Attack campaigns

Cognito groups hosts that are part of a larger attack into attack campaigns that expose related external command-and-control behaviors and lateral communication between infected hosts to further automate manual correlation of detections across multiple workloads and hosts to accelerates incident response.

Drive response

Cognito works with your endpoint, network access control, and firewall solutions to quickly contain and mitigate attacks as they happen. Cognito also provides a clear starting point for threat investigations, which boosts the efficiency of SIEMs and forensic analysis tools.

Vectra Cognito demos

User interface for Cognito reporting

This video demonstrates how to schedule and generate on-demand reports of the most critical cyber attack detections in your network.

Cognito dashboard

This video shows how to use the Cognito dashboard to quickly find the highest-risk attack detections in your network.

Cognito host detections

This video shows how to use the Cognito user interface to find the hosts at the center of an attack, and quickly investigate to any level of detail.

User interface for Cognito detections

This video shows how to use the Cognito user interface to quickly investigate threats across all phases of the cyber attack kill-chain.

An overview of the Cognito user interface

This short video provides an overview of the intuitive cyber attack detection capabilities of the Vectra X-series platform.

LinkedIn Badge