Cognito Recall from Vectra

Additional Info

CompanyVectra
Websitehttp://www.vectra.ai
Company size (employees)100 to 499

Overview

Traditionally, threat hunting tools used manual techniques, suffered from inflexible data retention and access, relied on expensive and proprietary storage, and lacked the fidelity and context required for swift and thorough hunting and investigations.

Cognito Recall™ from Vectra is a cloud-based investigative workbench that enables security professionals to proactively hunt for threats and perform conclusive attack investigations.

What makes Cognito Recall so unique is its ability to extract metadata from network traffic, enrich that metadata with security insights and actionable context about cyberattacker behaviors, and store it in the Vectra cloud for faster, highly productive threat hunting and investigations.

Cognito Recall collects, analyzes and stores unlimited security-enriched metadata for forensic investigations and compliance mandates like GDPR. It also empowers AI-assisted threat hunting using high-quality indicators of compromise and provides a chain of forensic evidence behind every cyberattack.

The Cognito platform Vectra was first to apply artificial intelligence to automatically detect and respond to cyberattackers across cloud, data center and enterprise networks, while enabling security analysts to perform conclusive incident investigations and AI-assisted threat hunting.

Driven by AI, the Cognito platform automates the manual and mundane tasks of threat hunting and prioritizes advanced attacks that pose the highest risk. With Cognito’s automated threat hunting, security professionals have more time to proactively hunt for threats and investigate attacks.

How we are different

• Cognito Recall empowers threat hunters with real-time collection and storage of security-enriched network metadata, relevant logs and cloud events, enabling them to leverage their deep knowledge of advanced cyberattacks. Security researchers and analysts can also perform threat hunting based on alerts from third-party security solutions and use new, high-quality threat intelligence to hunt retrospectively.


Security analysts can hunt for threats using indicator of compromise that exist in metadata, including user agents, IP addresses and domains. Threat hunters can also identify anomalous behaviors that are displayed through intuitive visual graphs, including atypical use of TCP and UDP ports and applications, unusually high connection rates, and heuristic indicators.


• Cognito Recall provides high-fidelity visibility into the actions of all cloud and data center workloads and user and IoT devices. It provides visibility into network traffic by extracting metadata from all packets and storing it in the cloud for search and analysis. Every IP-enabled device on the network is identified and tracked and data can be stored for any amount of time.


Captured metadata includes all internal (east-west) traffic, internet-bound (north-south) traffic, virtual infrastructure traffic, and traffic in cloud computing environments.


This visibility extends to laptops, servers, printers, BYOD and IoT devices as well as all operating systems and applications, including traffic between virtual workloads in data centers and the cloud, even SaaS applications.


• Cognito Recall cloud-powered limitless scale to store and search metadata for as long it is needed while Vectra manages the infrastructure. Since Cognito Recall is delivered as a service in the cloud, there’s no big data infrastructure to purchase, install and manage.