Microsoft Azure Threat Hunting: Vectra Jumps In
Vectra has integrated its Cognito artificial intelligence-based cyberattack detection and threat hunting platform with Microsoft Azure and the Azure Virtual Network Terminal Access Point (TAP).
That news and other cloud security developments surfaced at the Microsoft Ignite 2018 conference in Orlando.
The Cognito-Azure integration enables Vectra to provide cyberattack visibility into both enterprise network traffic and Azure cloud workloads, according to a prepared statement.
With the integration, Azure Virtual Network TAP captures a copy of the data flowing between virtual machines (VMs) and makes it available via a Cognito virtual sensor (vSensor) running in Azure, Vectra said. Azure Virtual Network TAP then provides transparency into Azure cloud traffic, and Cognito automates the real-time detection of cyber threats.
In addition, Cognito monitors all traffic through the Azure Virtual Network TAP, according to Vectra. This helps organizations quickly detect malicious activities, lateral movement and data exfiltration behaviors.
What Is Cognito?
Cognito consists of two products: Cognito Detect and Cognito Recall. Together, these products provide organizations with full visibility into cyberattacker behaviors from cloud and data center workloads and user and Internet of Things (IoT) devices, Vectra indicated.
Cognito Detect helps organizations identify hidden and unknown cyberattackers in real-time, according to Vectra. It offers data science, behavioral analytics and machine learning capabilities to help organizations analyze cyberattack details and map out their cybersecurity efforts accordingly.
Comparatively, Cognito Recall allows organizations to hunt for cyber threats and identify devices or workloads accessed by compromised accounts and files involved in data exfiltration, Vectra stated. It also provides insights into compromised devices and workloads and stores historical incident metadata in the cloud.
Vectra: Here’s What You Need to Know
Vectra applies AI to cybersecurity to help organizations detect cyberattacks in real-time. The company grew its annual recurring revenue by 138 percent year over year in the first half of 2018 and continues to explore cybersecurity partnerships.
For example, Vectra partners with technology vendors to offer a variety of Cognito-based solutions, including:
- Automated security orchestration.
- Next-generation endpoint security.
- Next-generation firewalls.
- Security information and event management (SIEM).
- Traffic optimization.
- Virtualized data centers.
Vectra also offers a channel partner program for MSSPs, managed service providers (MSPs) and systems integrators (SIs). The Vectra channel partner program enables participants to simultaneously deliver Cognito-based managed security services and generate professional services revenue.