Staying Ahead of Any Cyber Threat by Combining Two Leading AI Systems
As attackers become more advanced, they are increasingly adept at evading security controls and penetrating the network perimeter, while they spy, spread, and steal within the network. With attackers sidestepping the automated protections of firewalls and signature-based defenses, security teams have been forced to rely on timeconsuming manual investigations and post-mortem analysis after damage has been done. By combining VECTRA's Cognito real-time, precorrelated threat detection with IBM's QRadar security platform, automated cyber threat protection can be improved dramatically. Together, the Cognito™ automated threat detection and response platform from Vectra® and IBM QRadar deliver a practical solution to the persistent problems facing enterprise security – finding and stopping active cyber attacks, while getting more out of an IT security team’s limited time and manpower.
The need for a new approach to security
Attackers have repeatedly shown the ability to penetrate traditional perimeter defenses, which security practitioners have historically relied upon to keep networks safe. These breaches have resulted in massive losses, front-page news, and ever-declining job security for CISOs. Unable to rely entirely on perimeter defenses, security teams have been left to investigate threats manually, resulting in overworked analysts digging through vast amounts of noise in search of a weak signal. In practice, this often means that breaches are first discovered and reported by an external third-party, turning the investigation into a forensic rather than preventive exercise.
A new model of threat detection
Using artificial intelligence, Cognito automatically detect threats in real time by analyzing the underlying behavior of attackers viewed from the objective viewpoint of the network. This behavioral analysis of the network detects threats without signatures or reputation lists, and empowers security teams to detect new, custom or unknown threats, as well as attacks that do not rely on malware, such as malicious insiders or compromised users. Cognito applies this intelligence to all phases of an attack, ranging from command-and-control traffic, internal reconnaissance, lateral movement, and data exfiltration. The Cognito-QRadar integration brings all Cognito detections and host scores directly into the QRadar dashboard, allowing them to be easily added to existing security operational workflows Additionally, the integration allows IT security teams to use precorrelated Cognito detections to build fast and efficient custom rules within QRadar.
The Cognito-QRadar integration saves time, effort, and enables security teams to take action before a network intrusion leads to data loss. This enables fast, real-time investigations by showing the devices that pose the most risk to the network based on Cognito analysis, and automatically correlates those investigations with logs generated by other devices.