Vectra Cognito platform – intelligent, AI-driven threat detection and response for cloud, SaaS, and on-prem footprints
- Cognit Stream
- Cognito Recall
- Cognito Detect
- Reduce risk of breach
- Improve efficiency of security operations
- Achieve and maintain governance and compliance
- Security in the cloud & with hybrid environements
Advanced Cloud security simplified.
Network traffic analysis (NTA) uses a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks. NTA tools continuously analyze raw traffic and/or flow records to build models that reflect normal network behavior. (Source: Gartner)
Why NTA tools are important for advance threat management?
- To implement behavioral-based network traffic analysis tools to complement signature-based
- To include NTA-as-a-feature solutions in their evaluations, if they are available from security
information and event, firewall, or other security products.
- To focus on scalability
How Vectra Cognito platform works?
Using behavioral detection algorithms to analyze metadata from captured packets, Cognito AI detects hidden and unknown attacks in real time, whether traffic is encrypted or not. Cognito AI only analyzes metadata captured from packets, rather than performing deep-packet inspection, to protect user privacy without prying into sensitive payloads.
- Capture data everywhere without agents
- Enrich data by pairing research and science
- Apply the data to any of your use cases
Cognito integrates with an ecosystem of security technologies to fight cyberattacks
Firewall solutions detect compromised hosts, their IP addresses and threat certainty, and push this information to firewalls to quarantine infected devices, halt communication with command-and-control servers, and stop data exfiltration.
Endpoint-security solutions complement the Cognito platform by providing rich contextual data about specific devices in the network, including machine name and operating system, that Cognito has detected are under attack. With comprehensive endpoint context, security teams can quickly identify malicious processes on the endpoint and respond efficiently.