Integration with Microsoft Defender Advanced Threat Protection (ATP) Further Extends Vectra Automated Enforcement Capabilities to Enable SOCs to Stop Ongoing Attacks in Real-time.
Vectra AI, a leader in network threat detection and response (NDR), today announced expanded response capabilities for its flagship product, Cognito, and its Lockdown feature, made possible by integrating with Microsoft Defender Advanced Threat Protection (ATP). This builds on top of the automated identity-based enforcement actions in Vectra Cognito, known as Account Lockdown. This deep new product integration with Microsoft Defender ATP enables Cognito to deliver well-coordinated instantaneous responses directly on the device-level. Giving customers the ability to block and isolate attackers, not resources, will significantly reduce the dwell times that ultimately drive risk for the business without disrupting regular operation.
The technology and procedures that are the foundation of security enforcement are based on the quality and volume of security anomalies surfaced by an organization. It is, therefore, critical to avoid false positive alerts, which quickly lead to alert fatigue and degraded efficiency in analysts who are left struggling to prioritize response. This is further exacerbated when automating response, as incorrect alerts result in wrong enforcement, causing unnecessary disruptions and outages.
Recognizing this, the Cognito AI instead identifies real attacks and generates prioritized high-fidelity detections based on observed privilege and behavior in cloud and datacenter networks. These detections allow Cognito to automate surgical response actions that shut down the accounts involved in an attack. With the new Microsoft Defender ATP integration, automated response actions are taken one step further, and Cognito Lockdown takes immediate enforcement actions right on the devices involved in an attack. This automation allows customers to enhance the efficiency of their security operations, without causing disruptions to the business and ensures that analysts are spending their time and resources focused on investigating the most critical incidents.
“The incredibly high accuracy of our behavior-based detections allows us to reliably expose and stop real attackers,” adds Vectra VP of Product Management Kevin Kennedy. “Together with Microsoft Defender ATP, we can apply the precision of our automated response technology to immediately stop attackers right at the endpoints, before they can act.”
Vectra takes an industry-leading approach aligning cloud and network behaviors within the MITRE ATT&CK framework. By automating isolated events into a complete view, security operations teams can not only investigate a chain of events into a single incident, but also anchor their responses by elevated levels of privilege, risk, and the likelihood of threat. Anomaly-driven advances to security enforcement on the other hand have manifested enormous volumes of alerts that have proven to be unmanageable and often, irrelevant. Similarly, false positives take valuable time and resources away from combatting meaningful threats.
“Integration between Vectra Cognito and Microsoft Defender ATP enables customers to respond to attacks at the endpoints based on Vectra’s attacker behavior detections,” said Alon Rosental, Group Program Manager, Microsoft. “As a result, Vectra gives them the precision and speed they need to tackle any attack without causing disruption.”
Vectra is the first NDR solution to confront automated enforcement based on prioritized, high fidelity attacker behaviors and surgical, identity-based enforcement action. This safeguards malicious access to resources that are critical to the host organization. Building on this momentum, Vectra has also been invited to become a member of the Microsoft Intelligent Security Association, an ecosystem of independent software vendors purpose-built to defend against increasing cyber threats.
The Vectra open platform and rich technology ecosystem have empowered security operations teams to experience reduced workload, deeper context, and faster, more accurate response.