Review: Using AI to outsmart threats with Vectra Cognito

Part traffic monitoring tool, part IDS, part SIEM, the Vectra Cognito platform defies classification.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Don't expect the pace of change to slow down in the cybersecurity industry. Even the so-called traditional protection methods will need to incorporate new technologies and methodologies. Many new cybersecurity programs will span multiple categories, or even resist neat categorizations at all.

The Vectra Cognito platform is a perfect early example of this trend. It incorporates artificial intelligence (AI), deep machine learning and traffic monitoring into a tool that is able to detect threats that other programs miss, even if they are already entrenched inside a protected network. Cognito would probably be classified as a traffic monitoring tool, though that is a poor fit.

With its ability to dynamically detect threats and track them as they expand or are remediated within a network, Cognito acts more like a competent intrusion detection system (IDS). An even better description might be that it provides a look at how IDS systems in the future may operate when faced with advanced intrusions. There is even a threat hunting component, which further complicates any easy categorization.

Regardless of what you call it, the Cognito suite from Vectra is installed as two main components. The first is comprised of network sensors that collect both vertical and horizontal traffic. They can be tiny hardware sensors or virtualized ones. Sensors report to the brains of the suite, which is a 1U appliance where all the artificial intelligence about what is going on in the network is applied.

Currently, the brains of Cognito is only available as hardware. Each appliance can handle data from up to 500 sensors, so many organizations will likely only need one. Reports are compiled by the appliance and sent to the dashboard interface, making it act like a more traditional Security Information and Event Management (SIEM) console in that respect. Cognito can also send its data to many other SIEM or security appliances if desired.

Vectra Dashboard John Breeden II/IDG

Looking like a traditional Security Information and Event Management console, the Cognito Detect dashboard is actually a window into dynamic threat tracking.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.