Vectra, the leader in automating the hunt for in-progress cyberattacks, today announced a significant technology integration and partnership with CrowdStrike, the leader in cloud-delivered endpoint protection, integrating two authoritative views of a cyberattack – the network and the endpoint. Together, Vectra Cognito and CrowdStrike Falcon Insight™ create an efficient security operations workflow that reduces response and investigation time, enabling security teams to quickly mitigate high-risk threats.
CrowdStrike Falcon® complements network-based threat detections from Vectra by providing rich contextual data about specific devices that are under attack in the network, including machine name and operating system. With comprehensive endpoint context, IT security teams can quickly identify malicious processes on the endpoint and respond quickly.
"Every day is a race to stay ahead of threat actors," said John Shaffer, CIO at Greenhill, a leading independent investment bank. "We need the best and fastest way to pinpoint attacker behaviors on the network and immediately shut down attacks on the endpoint. Vectra gives us a head start in the network and CrowdStrike speeds across the finish line at the endpoint."
The Vectra integration with CrowdStrike empowers joint customers with:
Comprehensive detection – Monitor both network and endpoint activity to find attackers
Rapid triage – Integrated context from network and endpoint enables analysts to quickly assess potential threats and determine the proper course of action
Streamlined remediation – Enables efficient workflows to contain and mitigate attacks through a one-click pivot between consoles to kill suspect processes or quarantine a host to stop any in-progress attack that meets specific requirements
"Enabling Cognito to interoperate with other best-in-class products makes our customers more secure, which is why we invest in and promote an open ecosystem," said Kevin Kennedy, Vectra vice president of product management. "Integration with CrowdStrike combines valuable context from the network and the endpoint to paint a comprehensive picture of an active cyberattack. Joint customers can view endpoint context directly in the Cognito UI and take immediate action to mitigate the threat, eliminating the manual pivoting between consoles that takes up valuable analyst time and slows response."
Cognito automates the hunt for hidden cyberthreats by continuously analyzing all network traffic to detect attacker behaviors inside the network. In addition to automatically correlating detected threats with host devices that are under attack, Cognito provides unique context about what attackers are doing and prioritizes threats that pose the biggest risk. Using artificial intelligence (AI), Cognito combines data science, machine learning and behavioral analytics to reveal attacker behaviors without signatures or reputation lists.
With only a single, lightweight endpoint agent, the CrowdStrike Falcon Insight module enables customers to record everything, hunt for threats, and perform real-time and historical searches on endpoint information, as well as respond to threats and contain suspect hosts. Combining the unique threat detection approach of Cognito with context from CrowdStrike Falcon Insight enables security teams to quickly focus their time and resources on preventing or mitigating loss.
"Integrating Vectra's network-based attack detections with CrowdStrike's industry-leading cloud-delivered endpoint protection provides our customers with new levels of efficiency in security operations," said Matthew Polly, CrowdStrike vice president of worldwide alliances, channels, and business development. "The integrated solution reduces the time to detect, prevent and resolve threats, and the ease of use of the combined SaaS solution offerings turn the legacy vendors in the market on their head."
Gartner has positioned Vectra as the only company in the Visionaries quadrant of the 2018 Magic Quadrant for Intrusion Detection and Prevention Systems1. Gartner has positioned CrowdStrike in the Visionaries quadrant of the 2018 Magic Quadrant for Endpoint Protection Platforms2.
There is no additional charge for enablement of integration with CrowdStrike within the Vectra Cognito UI, and the integration is currently available in Cognito Version 3.14. For more information about the Vectra and CrowdStrike solution, register for the March 29 webcast, How to detect and respond faster to cyberattacks with Vectra and CrowdStrike, at https://info.vectra.ai/How-to-detect-and-respond-faster-to-cyberattacks-with-Vectra-and-CrowdStrike.
1 Gartner, Magic Quadrant for Intrusion Detection and Prevention Systems, by Craig Lawson and Claudio Neiva, 10 January 2018. Subscribers may view the report at: https://www.gartner.com/document/3844163.
2 Gartner, Magic Quadrant for Endpoint Protection Platforms, by Ian McShane, Avivah Litan, Eric Ouellet, and Prateek Bhajanka, 24 January 2018. Subscribers may view the report at: https://www.gartner.com/document/3848470.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Vectra® is transforming cybersecurity with AI. Its Cognito™ platform automates cyberattack detection and response from data center and cloud workloads to user and IoT devices. Cognito correlates threats, prioritizes hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 168x. Vectra was named a "Visionary" by Gartner in the 2018 Magic Quadrant for Intrusion Detection and Prevention Systems and the "Most Innovative Emerging Company" in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra has been issued five U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit vectra.ai.
Lumina Communications for Vectra