Attacker detection

The most powerful way to find and stop attackers in real time

  • gps_not_fixed

    Detect unknown threats

    • Expose cyberattacker behaviors that hide in encrypted traffic - without requiring decryption.

    • Identify hidden tunnels in HTTP, HTTPS and DNS traffic that evade security enforcement points.

    • Detect external remote access communication and customized/unknown remote access tools.

    Check out the e-book
    Get the white paper

  • cloud_queue

    Cloud data centers

    • Gain visibility into virtual environments and learn the dynamics of change, even as hosts and workloads are added, deleted or moved.

    • Automatically learn administrative access models, including who manages specific servers and from where.

    • Detect abuse of admin credentials and protocols, use of rootkits, hidden tunnels and backdoors, and data accumulation or exfiltration.

    Check out the e-book
    Get the white paper

  • trending_down

    Reduce the SOC workload

    • Automatically roll-up a chain of related events into a single incident as a starting point for deeper investigations or immediate action.

    • Enable SOC teams to easily share the consistent information on demand or on a set schedule.

    • Drive dynamic response rules and automatically trigger responses from other security enforcement points.

    Check out the e-book
    Get the white paper

  • search

    Intrusion detection

    • Detect hidden and unknown attackers that evade existing security enforcement points.

    • Enterprise-wide visibility into internal reconnaissance and lateral movement that typically spreads unchecked in a cyberattack.

    • Identify devices or workloads at the center of an attack to stop in-progress threats and avert data loss.

    Check out the e-book
    Get the white paper

Threat hunting

The most efficient way to hunt for threats

  • fingerprint

    Threat hunting

    • Always-learning behavioral models provide a logical starting point for deeper incident investigations.

    • Use retrospective hunting techniques to investigate indicators of compromise and historic anomalies.

    • Provides a high-fidelity data source for threat hunting – enriched metadata – which requires far less storage space.

    Check out the e-book
    Get the overview

  • security

    In-depth threat investigation

    • Discover common threads between entities uncovered through automated threat detection.

    • Deep-dive into incidents triggered by security tools to gain context from threat activity.

    • Find all devices accessed by compromised credentials and identify files involved in exfiltration.

    Check out the e-book
    Get the overview

  • chat

    Content from rich metadata

    • Metadata can be stored for a limitless period of time for search and analysis in future investigations.

    • Enables intelligent investigation of any device or workload activity over time, regardless of IP address changes.

    • All network metadata is associated with devices, workloads and host names, not just IP addresses.

    • Deep protocol visibility, not just connectivity, accelerates analysis and investigation.

    Check out the e-book
    Get the overview

  • public

    Enterprise-wide visibility

    • Get conclusive, actionable attack details and statistics about network activity and device behavior.

    • Collect and store rich network metadata, relevant logs and cloud events for incident investigations.

    • High-fidelity visibility into attacker behaviors in cloud and data center workloads and user and IoT devices.

    • Delivers cloud-powered limitless scale so you can store and search metadata for as long as you need it.

    Check out the e-book
    Get the overview

Vectra is the Technology Innovator in EMA analyst evaluation of Network Security Analytics products

Gartner 2018 Magic Quadrant