|Company size (employees)||100 to 499|
|Type of solution||Software|
The cybersecurity situation is getting worse, and security analysts are overwhelmed and overworked. They must search a mountain of alerts to manually determine if a threat is significant. Investigating the individual steps of an advanced attack can take days or weeks.
To make matters worse, there’s a big cybersecurity skills shortage. According to ESG research, 45 percent of organizations say they have a problematic shortage of cybersecurity skills, and 54 percent of survey respondents believe their cybersecurity analytics and operation skill levels are inappropriate (http://www.esg-global.com/hubfs/issa/ESG-ISSA-Research-Report_State-of-the-Industry-Dec-2016.pdf).
The Cognito™ automated threat detection and response platform from Vectra® alleviates that overload. Cognito automates the hunt for cyber attackers and speeds-up incident response. Using artificial intelligence (AI), Cognito automates the real-time detection and response to in-progress cyberattacks hiding inside enterprise networks. Quite simply, Cognito is the fastest way to find and stop active threats – from cloud and data center workloads to user and internet-of-things (IoT) devices.
Gartner states: “Cognito excels at the ability to roll up numerous security events to create a single incident to investigate that describes a chain of related activities, rather than isolated alerts that an analyst then has to piece together.”
How we are different
-- Cognito speeds-up incident response. Cognito employs a unique array of AI techniques – including supervised (pre-trained), unsupervised machine learning and deep learning techniques – to detect and respond to in-progress cyberattacks in real time. Integrated intelligence enables Cognito to correlate events to reveal the larger attack narrative.
Threats are automatically triaged, scored and correlated to compromised hosts, and attack behaviors are correlated across hosts to provide the “narrative” of developing attacks. Threats are prioritized on an intuitive user interface while alerting and remediation actions are taken with other security technologies that are integrated with Cognito.
Cognito reduces customers’ security operations workload by 29X or more, according to the 2017 Vectra Attacker Behavior Industry Report. https://info.vectra.ai/hubfs/Vectra-Attacker-Behavior-Industry-Report-2017-Q1.pdf
-- Connect the dots of attacker behaviors. Highly complex, multi-stage attacks are difficult to root out. Cognito connects the dots of related attacker behavior detections across all hosts in real time, relieving the burden on security analysts to find these relationships manually. A synthesized view of an attack campaign allows an entire attack to be stopped at the earliest signs of detection.
Cognito integrates threat intelligence and indicators-of-compromise (IoC) feeds. Threat intel detections capture metadata from data packets to protect personal privacy and are correlated with Cognito attacker behavior detection algorithms to amplify the attacker signal and provide the most complete context.
-- Stop in-progress attacks. Tight integration with leading security tools allows customers to build well-coordinated security infrastructures that automatically map active attacks to infected hosts, rank the certainty and severity of threats, and prioritize the threats that pose the highest risk. Cognito works with leading endpoint security (e.g., Carbon Black, Crowdstrike, McAfee, Symantec), network access control (e.g., Cisco ISE), firewall (e.g., Cisco ASA, Juniper, Palo Alto), SIEM (e.g., ArcSight, QRadar, Splunk), security orchestration (e.g., Demisto, Phantom) and network visibility (e.g., Gigamon, Ixia) products. https://vectra.ai/partners-technology