A damaging attack is only a matter of time
The Vectra Cognito attack detection solution is the fastest and most efficient way to find and stop attackers on your network before they cause any commercial damage.
A new network traffic analysis method
Instead of the traditional check-ups of network traffic, it uses an advanced network traffic behaviour analysis revealing the basic behaviours of attackers when they are already in the network. Unlike solutions that only search for unusual or different behaviours, the Vectra’s threat detection intelligence identifies basic cyber-attack techniques such as the use of remote access tools, hidden tunnels, robot network behaviours and reconnaissance tools.
The solution also constantly learns from your local environment and continuously follows all connected devices, both physical and virtual. This allows it to recognise the solution if a particular device has fallen under the influence of attackers, allowing them to move through the network laterally or steal data. The combination of deterministic detection and anomaly checking guarantees us to maintain full insight into any active attack.
By focusing on real-world device monitoring, the solution provides the same level of protection for all devices, including those that the users bring from home as well as IoT devices, laptops, servers, virtual resources, and devices active in the entire physical infrastructure of your network such as routers, switches, and firewalls.
The solution provides visibility from every corner of the network infrastructure in your company, from the office building to remote locations, data centres and the cloud, leaving the attackers no place to hide.
The Vectra Cognito attack detection solution relieves and fortifies the most limited of resources – the time and knowledge of the information security teams.
This solution automates the lengthy first-tier analysis of security events and eliminates the need for security teams to constantly look for threats and detect them.
Protection at all levels, from hardware to work processes
Data centre security is more than just virtualisation, as it includes both physical server hardware and data centre management tools.
The solution provides an unparalleled threat detection that extends beyond the application layer, all the ways to the hardware that drives it.
The Vectra Port Knocking tool, for example, is able to detect servers infected by a rootkit, which can also be located below the physical operating system level.
In addition, the solution monitors and detects the inappropriate use of basic management protocols such as IPMI and iDRAC.
The two protocols are typically used by administrators to manage server hardware when turned off. Recently, they have increasingly been targeted by attackers, since they offer constant access to the virtual environment, while accesses are not logged and are rarely monitored by security teams.
A comprehensive insight into the course of the attack
The Vectra Threat Certainty Index™ consolidates thousands of low-relevance events and the network history to identify those devices that pose the greatest threat to your network. The assessments take into account the historical context of the device, as well as its progress through the life cycle of the attack.
Fortify your existing security infrastructure
Our experts can examine your challenges and help you deploy an intelligent solution that will prevent a new type of threat, while also acquiring significant added value from the existing security technologies and work of your teams.