Vectra AI has extended endpoint detection and response (EDR) native integration support in the Cognito platform, enhancing the user experience for the security tools and procedures already deployed in their arsenal.
According to the company, by unifying the NDR and EDR experience in a single UI, users get fast, simple, turnkey integrations that offer comprehensive security coverage across the enterprise, IoT devices, hybrid cloud, and cloud native applications. To build on this coverage, the company has added additional support for VMware Carbon Black EDR, VMware Carbon Black Cloud, Sentinel One Singularity, and FireEye Endpoint Security to its extensive list of native EDR integration partners, including CrowdStrike and Microsoft Defender for Endpoint.
With these integrations, users extend the unique ability to automatically respond with Vectra Host Lockdown. Host Lockdown enables the Vectra Cognito platform to automatically disable hosts that demonstrate suspicious activity at the endpoint and give analysts the option to manually disable hosts during a security investigation. Disabling a host will significantly slow down an active attack by limiting an attacker’s access to additional resources. This drastically curtails the attack’s reach and gives the Security Operations Center (SOC) more time to investigate and remediate attacks.
“Vectra has always recognised the need to integrate with the best of breed security solutions and leads the way with over 34 integrations, of which ten are with EDR vendors,” said Jose Malacara, Sr. Product Manager, Vectra AI. “We are committed to offering customers support for their existing tools while expanding their visibility beyond endpoint to network and cloud with the automatic, AI-driven response that makes Cognito so appealing to SOC teams.”
Modern ransomware and supply chain attacks highlight the need for threat detection not only at the endpoint but also at the network and in the cloud. While other NDR vendors have limited integrations, Vectra is and will continue to build an open platform that’s routed in collaborated and gives organizations complete visibility. These strategically integrated workflows eliminate shifting between security products, so SOC teams can see and stop threats before they become breaches.
