Vectra, the leader in network threat detection and response, today announced that its Cognito platform now uses Amazon Virtual Private Cloud (VPC) traffic mirroring and integrates with the Amazon Web Services (AWS) Security Hub. Enterprises can now natively run the Cognito platform in AWS environments to rapidly detect and respond to cyberthreats in the cloud.
“As enterprises move their high value data and services to the cloud, it’s imperative to reduce cyber-risks that can take down businesses,” said Hitesh Sheth, president and CEO of Vectra. “This partnership positions the Vectra Cognito platform to provide enterprises with visibility into attacks on their cloud footprint, empowers conclusive threat hunting and enables faster incident response.”
Visibility gaps can exist in connections between Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3) instances. With Amazon VPC traffic mirroring, customers gain further visibility into these connections with the Cognito platform.
Cyberattackers are aware of this gap. A recent survey by the SANS Institute found that one in five businesses had serious unauthorized access to their cloud environments this past year alone, and many more were unknowingly breached. This will only become more pronounced as nearly four out of 10 organizations plan to move to a cloud-first approach to deploy new applications, according to a recent study by the Enterprise Strategy Group (ESG).
To close this visibility gap, Vectra is demonstrating the Cognito platform’s ability to further secure AWS environments at AWS re:Inforce 2019. It provides 360-degree visibility into cloud, data center, user and internet-of-things (IoT) infrastructures, leaving attackers with nowhere to hide.
“We see significant value in a detection and response platform that combines visibility of attacker behaviors from both the cloud and corporate enterprise while taking advantage of our existing investments,” said Alex J. Attumalil, director of global information and cyber security at Under Armour. “Even native AWS instances can benefit from this critical visibility into threat behaviors and respond rapidly.”
The Cognito platform uses Amazon VPC traffic mirroring to monitor connections between Amazon EC2 and Amazon S3 instances and detect hidden threats without using agents. The integration with AWS Security Hub enables the correlation of Cognito detections with other data sources to accelerate threat hunting and incident investigations. The result of deploying Cognito in AWS environments is the real-time detection of threats, accelerated investigation and breach prevention.