AI-driven threat detection and response platform

Vectra is the leader in AI-based network detection and response (NDR) solution for cloud, SaaS, data center and enterprise infrastructures in real time, while empowering security analysts to perform conclusive incident investigations and AI-assisted threat hunting.

Comprehensive cyberattack detection and response is mandatory in today’s hostile data environments, and the stakes have never been higher. No other company comes close to Vectra in proactively hunting down cyberattackers and reducing business risk.

The Cognito platform

Intelligent, AI-driven threat detection and response for cloud, SaaS, and on-prem footprints

The Cognito platform represents the rich, security-enriched data output of a holistic approach to security – capturing network metadata at scale, enriching it with machine learning-derived security information and flexibly applying it across Cognito products.

Detects attackers in real time and enriches threat investigations with a conclusive chain of evidence

How it works

1. Capture data
Sensors extract relevant metadata traffic or logs in from cloud, SaaS, data center and enterprise environments. A uniquely efficient software architecture developed from Day 1, along with custom-developed processing engines, enable data capture and processing with unprecedented scale.
2. Normalize data
Traffic flows are deduplicated and a custom flow engine extracts metadata to detect attacker behaviors. The characteristics of every flow are recorded, including the ebb and flow, timing, traffic direction, and size of packets. Each flow is then attributed to a host rather than being identified by an IP address.
3. Enrich data
Vectra data scientists and security researchers build and continually tune scores of self-learning behavioral models that enrich the metadata with machine learning-derived security information. These models fortify network data with key security attributes, including security patterns (e.g. beacons), normal patterns (e.g. learnings), precursors (e.g.weak signals), attacker behaviors, account scores, host scores, and correlated attack campaigns.
4. Detect and respond
  • Scores of custom-built attacker behavior models detect threats automatically and in real time, beforea they do damage.
  • Detected threats are automatically triaged, prioritized based on risk level, and correlated with compromised host devices.
  • Tier 1 automation condenses weeks or months of work into minutes and reduces the security analyst workload by 37X.
  • Machine learning-derived attributes like host identity and beaconing provide vital context that reveals the broader scale and scope of an attack.
  • Custom-engineered investigative workbench is optimized for security-enriched metadata and enables sub-second searches at scale.
  • Puts the most relevant information at your finger tips by augmenting detections with actionable context to eliminate the endless hunt and search for threats.