Adding AI to your cybersecurity toolbox with Vectra Cognito
Stopping covert activities intended to harm your organization is a difficult task in itself. Attackers are well-organized units that act more like businesses than any stereotypical images of gangs of rebellious anarchists.
Bad actors deliberately hide their activities as much as possible, so detecting attacks is made intentionally tricky as is containing the event and remediating after the fact.
Even in a perfect world, being a cybersecurity professional would be a tough gig, therefore. But in addition to the detail of the technical obstacles placed in the way, there are also problems for the cybersecurity operations manager to further cloud the water. One such is actually getting recruits to the industry (it’s estimated that in the Asia-Pac region, there’ll be more than two million unfilled cybersecurity roles by 2021), and another is that the quantities of data flowing across the enterprise are so vast (and are growing) that the number of false positives flagged by first-line staff is often overwhelming.
The latter specific problem, it should be noted, is a reflection not on the lack of professionalism on the part of the staff, but as a result of the fact that the line between suspect activities and healthy network behaviors is very fine indeed.
Plus, the conservatism that’s necessary to work successfully in cybersecurity tends to encourage an erring on the side of caution — and quite rightly too.
But the volume of flags raised makes the processes behind filtering potential issues to second-tier staff highly pivotal to successful workflows, and it’s here that there’s often a sense that the whole infrastructure is cracking at the edges.
While no cybersecurity vendor is rash enough to make claims of omniscience for its platform, the minds behind the Cognito solution have taken an entirely pragmatic approach to the problems outlined above.
Its three-part offering helps cut response times to threats by around 90 percent by combining the human expertise already deployed in the security center, and combining it with a broad range of machine learning techniques that provide significant assistance to Tier I, II and III staff.
Continuous monitoring of all network traffic is integral to the product, be that east-west internal traffic or north-south data. Also examined is network traffic between the corporate network and cloud providers such as Azure or AWS: whether nodes are real or virtual, on-premise or remote, anything with an IP address is overseen wherever it is in the wider enterprise network.
The cognitive routines learn about their environment and can spot anomalous behavior, and that’s achieved by looking for the tell-tale signs of an attack’s phases— like malware attempting to receive new data from a command and control point, for example.
As host identities are built up, information gathered by AI-powered network metadata monitors creates the type of picture of the network which cybersecurity professionals can use.
The beauty of the Vectra Cognito platform is that it’s an addition to, not a substitute for any other tools that represent legacy investment and useful defensive weaponry. The output from Cognito can be passed to other platforms in Zeek format, to SIEM solutions, or indeed any other standard tool in the cyber operations rooms.
Any threat is classified and given a priority, with a page of information passed onto Tier I staff. Alongside crucial facts, the Cognito platform presents peripheral data providing further information and historical context so human operators can see a threat as it progresses, if it is indeed a threat.
Detection rates improve, as does initial triage and report speeds, with the number of false red flags cut by order of magnitude. Issues are investigated more deeply in seconds, not hours, and the root cause of malicious activity quickly uncovered.
Remediation by Tier II or III staff can then be done as usual, but perhaps more efficiently given the exact nature and location of the issue identified thanks to Cognito.
Cognito reduces staffing costs by reducing detection times, automating data collection and sifting, finding threats faster, using in-depth analysis to slash false flags, and making containing issues (and then updating defenses) much quicker.
Instead of allowing malware months of dwell time, the cognitive routines ferret out the bad actors in a fraction of the period.
The speed at which the Tier I of your cyber operations staff can work will help your team solve one of the seemingly intractable problems faced by management: the skills shortage. It might seem trite but giving Tier I staff more involved (and dare we say it, interesting) problems to solve, staff job satisfaction levels will climb as apparent threat levels decline.
Whether or not potential issues present mission-critical dangers is for security personnel to decide; Cognito lets staff prioritize their response to the most critical incidents.
Until cybersecurity is entirely automated and run by all-powerful AI (if that ever comes to pass), it’s the human cybersecurity professionals that must bear the brunt of bad actors’ best efforts. By using a little common sense, and the platform’s AI assist, Vectra Cognito is saving companies across the globe millions of dollars annually.
- Why Savvy Businesses Should Use a Digital Experience Platform (DXP)
- Zero-trust security in the age of infrastructure as a service (IaaS)
- Exploring the business case for low-code development
- How marketing needs an enterprise’s-worth of data to personalize
- How Sitecore provides the process and technology that CMOs need to win at omnichannel