Supercharge Your IT Security Team with Vectra: Employing Artificial Intelligence and Ongoing Support to Detect Attackers and Hunt for Threats

TL; DR: Leveraging the power of AI, Vectra’s Cognito takes a proactive approach to reducing online business risk. Through behavior-based detection, the platform grants enterprises full visibility into their networks to shine a spotlight on attackers before they inflict damage. With continuous innovation, including integration with Microsoft Azure to detect threats in hybrid cloud environments, Vectra aims to provide next-level security solutions.

Between malware, phishing, DDoS attacks, and other malicious threats, the internet is beginning to resemble the crime-ridden streets of Gotham City. In lieu of wrought iron bars on windows, businesses in vulnerable digital environments often turn to firewalls and malware sandboxes to defend network perimeters.

But determined criminals often find workarounds to access networks, as well as ways to hide their tracks. In these scenarios, even the best security analysts need to unlock a few superpowers with the help of threat-hunting companies like Vectra.

According to Mike Banic, Head of Marketing at Vectra, the company’s Cognito platform brings X-ray vision to the table, empowering analysts to detect and destroy attackers lurking within their networks.

Deployed within cloud and datacenter environments, Cognito continuously monitors real-time network traffic, logs, and events to detect common behaviors of attackers, who are left with nowhere to hide.

“The platform uses artificial intelligence for continually automated threat detection to efficiently expose unknown attackers before they can cause damage,” Mike said.

From cloud and datacenter environments to user devices, Cognito pinpoints the location of attackers in the blink of an eye compared with time-consuming manual processes. Security teams then receive a threat certainty index outlining high-priority threats, empowering them to respond quickly and effectively. With a proactive, behavior-based approach and a forward-thinking focus on securing hybrid clouds, Vectra is driving the next generation of threat mitigation services forward.

Vectra’s founders brought the company into fruition in 2011 at a time when companies, such as Cylance and Tanium, focused primarily on endpoint security. “Back then, people weren’t exploring innovative approaches to security like AI,” Mike said. “We addressed this critical gap in the market, and the bet paid off.”

Vectra shipped its first product in 2014 when there wasn’t an established market for AI-powered threat hunting. “It took a little while for people to understand it and know where it would fit in their security architecture,” Mike said.

Fortunately, Cognito integrates seamlessly with existing endpoint security, network access control, firewalls, and SIEM to improve workflows. And, if Vectra’s recent financials are any indicator, this concept didn’t take long to resonate with customers. “In 2017 our annual recurring revenue grew 181%, and in the first half of 2018, it grew 138% compared to the same period in 2017,” Mike told us.

As the company’s revenues increase, it’s helping groups like Texas A&M University System — a network comprised of 11 universities and seven state agencies — save millions through the power of automation. According to Dan Basile, the Executive Director of the Security Operation Center at the A&M System, Vectra helped shave down time spent on threat investigation from days to minutes, thus drastically reducing workloads. By removing the need for post-breach forensic analysis, the A&M System saves an estimated $7 million per year.

Mike said Vectra representatives recently conducted an informal, four-question poll at a security conference in Las Vegas. For fun, they asked attendees which Avengers character they would like to be (the top pick was Iron Man), and what superpower they’d like to have (superhuman thinking). The representatives then asked the security professionals how they’d like to spend their time. Overwhelmingly, attendees stated they’d prefer to spend less time managing triage security alerts and more time threat-hunting.

“That’s exactly the benefit that Cognito delivers,” Mike said. “It automatically does all the triage correlation and scoring and empowers people to use that data in threat-hunting.”

According to Vectra, the key is “an innovative approach to correlating all attacker behaviors observed on a particular asset in an organization’s network and assigning threat and certainty scores to the observed timeline of attacker behaviors.” The resulting insights allow security analysts to stop attacks at the earliest possible point and before a data breach occurs.

“Our detection models are identifying behavior,” Mike said. “Instead of having a list of who the attackers are and where they’re coming from, we look at what they’re doing, which is a more sustainable process.”

Mike said Vectra has a customer in the financial services industry who routinely pits “red team” attackers again “blue team” defenders in exercises designed to test the effectiveness of security systems. These exercises, typically hosted by independent consultants, inspired Vectra to build a new series of detection models. They’ve also served to validate the company’s strengths.

“There’s one real experienced consultant who told one of our customers there are only two tools that can detect him: Vectra and ProofPoint,” Mike said. “I have a lot of respect for ProofPoint, so we’re in good company.”

According to Mike, Cognito users are some of the first people to leverage AI in online security. That’s why Vectra created Hunt Club, a peer community where security architects, analysts, first responders, and incident investigators can share experiences and grow. The annual event is packed with technical sessions presented by security researchers, data scientists, engineers, and technology integration partners.

Hunt Club 2018 took place in Nashville this past October, with details for the 2019 event forthcoming. Mike said Hunt Club provides users a broad perspective of the cybersecurity profession plus best practices in threat-hunting.

Between events like Hunt Club and the Cognito platform itself, Mike said Vectra allows businesses to save time and talent. “The unfortunate reality is that very talented people oftentimes have to do a lot of low-value work that they don’t like and is very time-consuming,” he said. “What Cognito does for them is take on some of the responsibility for mundane rotework.”

This also helps companies avoid errors. “Anytime someone is forced to do something repeatedly, they’re bound to make mistakes due to brain fatigue,” Mike said. “Let’s face it: You always want to buy the car that was built before lunch rather than after. Contigo frees people up to do the important work.”

As far as onboarding goes, Vectra offers training services to make set up as comfortable as possible. Once a business is up-and-running, the company also provides support 24 hours a day, seven days a week, which includes technical guidance, software updates, and configuration assistance.

“Cognito is designed so that the software itself turns the average security analyst into a superhero — but every once in a while, a superhero needs a sidekick: like how Batman needs Robin,” Mike said. “We have experienced professionals available around the clock.”

As Vectra moves forward, the company is actively updating Cognito to keep pace with evolving networking technologies. Recently, the company announced the integration of its platform with Microsoft Azure and the Azure Virtual Network Terminal Access Point (TAP) to enhance threat visibility in hybrid clouds.

“In comparison to AWS, Azure has made available a virtual network path which allows solutions like ours to listen to native traffic without having to use an agent,” Mike said. “We’re excited about that coming to market in 2019, especially because, with Windows 10, Microsoft’s made it easy for IT administrators to move workloads in and out of the enterprise; to the cloud and back again.”

With updates like this, security heroes everywhere have the opportunity to gain yet another superpower.