Account Lockdown feature empowers customers to eliminate threat progression through the attack lifecycle
Vectra AI, a leader in network detection and response (NDR), today announced expanded response capabilities for its flagship product, Cognito Detect™ using its Lockdown feature, made possible by integrating with CrowdStrike® Falcon Insight, CrowdStrike’s industry-leading endpoint and detection and response solution.
This deep product integration enables Vectra® to deliver well-coordinated, instantaneous responses to thwart cyberattacks directly at the device level. By blocking and isolating attackers, not resources, Lockdown gives customers the ability to significantly reduce cyberthreat actor dwell-time without disrupting business operations.
Dwell time represents the period from when a compromise first occurs to when it is detected. According to the 2020 CrowdStrike Services Cyber Front Lines Report, the average dwell time increased from 85 days in 2018 to 95 days in 2019 due in part to advanced adversaries employing stronger countermeasures that allowed them to remain hidden longer. Longer dwell time in an organization’s network allows threat actors to conduct reconnaissance and to better understand how the victim environment works so they can increase the effectiveness of their attack.
Cognito® is a network detection and response (NDR) platform driven by artificial intelligence (AI) to provide a unique advantage to organizations to proactively stop attacks without relying on traditional or legacy prevention tools. By detecting and responding to attacks inside cloud, data center, IoT, and enterprise networks, Cognito gives threat hunters the context they need to filter out false positives and prioritize threats across their network’s arsenal. Vectra unveiled the Cognito Lockdown feature earlier this year to enable automatic enforcement on privilege-based, high-fidelity signals.
Essentially, Lockdown can surgically freeze account access and avoid service disruption by disabling compromised accounts at the source. This gives security operation center (SOC) analysts time to conduct thorough investigations on alerts that matter with the knowledge that an attacker is not progressing through their network.
Lateral movement, a term used to describe this progression from one infected device or account to another, provides a definitive edge for malicious adversaries and creates a web of nearly untraceable points of control for them within a network.
Business is no longer conducted in an office environment. It is done online with tools like Office 365, Microsoft Remote Desktop Protocol (RDP), Virtual Desktop Infrastructures (VDI), and Zoom. Due to the remote nature of our world today, detecting lateral movement quickly and reliably is one of the most critical emerging skills in information security.
“We integrated with CrowdStrike back in 2018 because we recognized the need to drastically reduce response and investigation time so security teams can focus on threats that matter,” said Kevin Kennedy, vice president of product management at Vectra. “Our expanded capabilities with Falcon Insight empower Cognito with Lockdown to take action before cyberattacks lead to breaches, which means recognizing and halting lateral movement with advanced technology features like account Lockdown.”
CrowdStrike Falcon Insight delivers comprehensive endpoint visibility that spans detection, response, and forensics to ensure potential breaches are stopped. It provides unparalleled visibility through continuous monitoring, capturing endpoint activity so security teams know exactly what’s happening across the organization. Falcon Insight also delivers in-depth analysis to automatically detect suspicious activity and accelerate security operations, allowing users to minimize efforts spent handling alerts and quickly investigate, respond, and thwart attacks.
“Today, security leaders are tasked with detecting and responding to cyberattacks across multiple disparate environments and workloads – cloud, data centers, IoT devices, etc. – with more accuracy and speed than ever before,” said Amol Kulkarni, chief product officer at CrowdStrike. “CrowdStrike Falcon Insight’s integration with Cognito Detect from Vectra enables customers to stop cyberattacks directly at the device level by offering unprecedented endpoint visibility into threat activity from network and endpoint sources and the ability to shut down affected hosts swiftly.”
The integration of Cognito Detect and Falcon Insight allows security teams to:
Easily integrate network and endpoint content with instant access to additional information for verification and investigation. Host identifiers and other host data from Falcon Insight are shown automatically in the Cognito NDR platform UI to enrich Vectra detection information from the network perspective.
Reveal traits and behaviors of a threat that are only visible inside the host to verify a cyberthreat quickly and conclusively while also learning more about how the threat behaves on the host itself.
Take swift, decisive action armed with network and endpoint context. Security teams can quickly isolate compromised hosts from the network to halt cyberattacks and avoid data loss.
Vectra is the first NDR solution to confront automated enforcement based on prioritized, high-fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards against malicious access to resources that are critical to the host organization. There is no additional charge to enable the integration of CrowdStrike with the Cognito NDR platform from Vectra.