US: Vectra, the world leader in AI-powered cyberattack detection and threat hunting, has announced that its Cognito platform will detect hidden cyberattackers in native Microsoft Azure cloud environments with virtual sensors running in Azure that integrate with the Azure Virtual Network Terminal Access Point (TAP).
This integration enables Vectra to provide complete cyberattack visibility – without requiring agents – into both enterprise network traffic and Azure cloud workloads. With the AI-driven Cognito platform detecting advanced cyberthreats automatically and in real time, enterprise organizations can confidently protect business-critical workloads in the Azure cloud.
Sixty-percent of information technology workloads will run in the cloud by 2019, according to 451 Research. Enterprises that do not protect their cloud investments from cyberattackers may be putting more than half of their data and applications at risk.
“Finding attacker behaviors and tracking the progression of advanced threats require visibility into traffic between cloud workloads,” said Gareth Bradshaw, technology architect at Vectra. “It isn’t enough to just deploy a virtual version of a traditional security tool as a workload in the cloud. Advanced threat detection solutions must provide visibility into all traffic to secure the hybrid cloud.”
“Customers are adopting Microsoft Azure at a rapid pace,” said Ross Ortega, partner program manager of Azure Networking at Microsoft. “By partnering with Vectra, we are enabling enterprise customers who want to embrace AI-based cybersecurity to extend the Cognito platform to protect Azure workloads.”
The Azure Virtual Network TAP captures a copy of the data flowing between virtual machines, making it available to the Cognito virtual sensor (vSensor) running in Azure to extract metadata for analysis by the Cognito platform. In doing so, the Azure Virtual Network TAP provides transparency into all Azure cloud traffic, while Cognito automates the real-time detection of advanced threats, leaving cyberattackers with nowhere to hide.
Unlike agent-based traffic visibility and security products, the Azure Virtual Network TAP will collect network traffic from the hypervisor to avoid compromises and vulnerabilities that affect agents on virtual machines. The Cognito platform monitors all traffic through the Azure Virtual Network TAP to detect malicious reconnaissance, lateral movement and data exfiltration behaviors.
“Relying on agents can introduce risk by creating coverage gaps in regulated and unmanaged cloud environments,” said Daniel Basile, executive director of the Security Operations Center at The Texas A&M University System. “The agentless approach demonstrated by Vectra and Microsoft will offer full visibility into hidden threats in dynamic Azure environments, where workloads are constantly spun up and spun down.”
The Cognito platform
The Cognito platform from Vectra enables enterprises to automatically detect and hunt for cyberattacks in real time. Cognito uses AI to perform non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage. Cognito provides full visibility into cyberattacker behaviors from cloud and data center workloads to user and IoT devices, leaving attackers with nowhere to hide.
Cognito Detect and its AI counterpart, Cognito Recall, are the cornerstones of the Cognito platform. Cognito Detect automates the real-time detection of hidden attackers while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting and conduct conclusive incident investigations.