Vectra AI today announced expanded response capabilities for its flagship product, Cognito and it’s Lockdown feature, made possible by integrating with Microsoft Defender Advanced Threat Protection (ATP). This builds on top of the automated identity-based enforcement actions in Vectra Cognito, known as Account Lockdown. This deep new product integration with Microsoft Defender ATP enables Cognito to deliver well-coordinated instantaneous responses directly on device-level. Giving customers the ability to block and isolate attackers, not resources, will significantly reduce the dwell times that ultimately drive risk for the business without disrupting regular operation.
The Cognito AI identifies real attacks and generates prioritized high-fidelity detections based on observed privilege and behavior in cloud and datacenter networks. These detections allow Cognito to automate surgical response actions that shut down the accounts involved in an attack. With the new Microsoft Defender ATP integration, automated response actions are taken one step further, and Cognito Lockdown takes immediate enforcement actions right on the devices involved in an attack. This automation allows customers to enhance the efficiency of their security operations, without causing disruptions to the business, and ensures that analysts are spending their time and resources focused on investigating the most critical incidents.
“The incredibly high accuracy of our behavior-based detections allows us to reliably expose and stop real attackers,” adds Vectra VP of Product Management Kevin Kennedy. “Together with Microsoft Defender ATP, we can apply the precision of our automated response technology to immediately stop attackers right at the endpoints, before they can act.”
Vectra takes an industry leading approach aligning cloud and network behaviors within the MITRE ATT&CK framework. By automating isolated events into a complete view, security operations teams can not only investigate a chain of events into a single incident, but also anchor their responses by elevated levels of privilege, risk, and likelihood of threat. Anomaly-driven advances to security enforcement on the other hand have manifested enormous volumes of alerts that have proven to be unmanageable and often, irrelevant. Similarly, false positives take valuable time and resources away from combatting meaningful threats.
Vectra is the first NDR solution to confront automated enforcement based on prioritized, high fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards malicious access to resources that are critical to the host organization. Building on this momentum, Vectra has also been invited to become a member of the Microsoft Intelligent Security Association, an ecosystem of independent software vendors purpose-built to defend against increasing cyber threats.