Vectra Cognito Platform Integrates with Microsoft Azure
September 2018 by Marc Jacob
Vectra announced that its Cognito platform will detect hidden cyberattackers in native Microsoft Azure cloud environments with virtual sensors running in Azure that integrate with the Azure Virtual Network Terminal Access Point (TAP).
This integration enables Vectra to provide complete cyberattack visibility – without requiring agents – into both enterprise network traffic and Azure cloud workloads. With the AI-driven Cognito platform detecting advanced cyberthreats automatically and in real time, enterprise organizations can confidently protect business-critical workloads in the Azure cloud.
Sixty-percent of information technology workloads will run in the cloud by 2019, according to 451 Research. Enterprises that do not protect their cloud investments from cyberattackers may be putting more than half of their data and applications at risk.
The Azure Virtual Network TAP captures a copy of the data flowing between virtual machines, making it available to the Cognito virtual sensor (vSensor) running in Azure to extract metadata for analysis by the Cognito platform. In doing so, the Azure Virtual Network TAP provides transparency into all Azure cloud traffic, while Cognito automates the real-time detection of advanced threats, leaving cyberattackers with nowhere to hide.
Unlike agent-based traffic visibility and security products, the Azure Virtual Network TAP will collect network traffic from the hypervisor to avoid compromises and vulnerabilities that affect agents on virtual machines. The Cognito platform monitors all traffic through the Azure Virtual Network TAP to detect malicious reconnaissance, lateral movement and data exfiltration behaviors.
The Cognito platform
The Cognito platform from Vectra enables enterprises to automatically detect and hunt for cyberattacks in real time. Cognito uses AI to perform non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage. Cognito provides full visibility into cyberattacker behaviors from cloud and data center workloads to user and IoT devices, leaving attackers with nowhere to hide.
Cognito Detect and its AI counterpart, Cognito Recall, are the cornerstones of the Cognito platform. Cognito Detect automates the real-time detection of hidden attackers while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting and conduct conclusive incident investigations.