SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Vectra AI releases new endpoint integration to Cognito platform
Tue, 27th Apr 2021
FYI, this story is more than a year old

Cloud network detection and response company Vectra AI has released extended endpoint detection and response native integration into its Cognito platform.

The company says this will enhance the user experience in terms of its existing security tools and procedures.

By unifying the NDR and EDR experience in a single UI, Vectra says users will get fast and easy-to-use integrations, offering security coverage across enterprise, IoT devices, hybrid cloud, and cloud-native applications.

Vectra AI says to build on this coverage, it's added additional support for VMware Carbon Black EDR, VMware Carbon Black Cloud, Sentinel One Singularity, and FireEye Endpoint Security to its native EDR integration partners, which include CrowdStrike and Microsoft Defender for Endpoint.

These integrations, the company says, will allow users to extend their ability to automatically respond with Vectra Host Lockdown. Host Lockdown enables the Vectra Cognito platform to automatically disable hosts that demonstrate suspicious activity at the endpoint, and it says will give analysts the option to manually disable hosts during a security investigation.

Disabling a host will slow down an active attack by limiting an attacker's access to additional resources. This reduces the attack's reach and gives the Security Operations Center more time to investigate and remediate attacks.

“Vectra has always recognised the need to integrate with the best of breed security solutions and leads the way with over 34 integrations, of which ten are with EDR vendors,” says Vectra product manager, Jose Malacara.

“We are committed to offering customers support for their existing tools while expanding their visibility beyond endpoint to network and cloud with the automatic, AI-driven response that makes Cognito so appealing to SOC teams.

He says modern ransomware and supply chain attacks highlight the need for threat detection, not only at the endpoint but also at the network and in the cloud. While other NDR vendors have limited integrations.

“Vectra will continue to build an open platform that's rooted in collaboration and gives organisations complete visibility,” says Malacara.

“These strategically integrated workflows eliminate shifting between security products, so SOC teams can see and stop threats before they become breaches.

According to Vectra, some research publications such as Voice of the Enterprise Key Workloads and the Projects Advisory report both released in September, show that on average enterprises have 2.97 endpoint solutions deployed to combat discrepancies in traditional measures highlighted by recent work from home conditions.

It says that in the current landscape, it's important for organisations to have an NDR solution that integrates with a variety of EDR vendors.