{"id":37246,"date":"2020-09-21T16:00:17","date_gmt":"2020-09-21T16:00:17","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=91921"},"modified":"2020-09-21T16:00:17","modified_gmt":"2020-09-21T16:00:17","slug":"vectra-and-microsoft-join-forces-to-step-up-detection-and-response","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/vectra-and-microsoft-join-forces-to-step-up-detection-and-response\/","title":{"rendered":"Vectra and Microsoft join forces to step up detection and response"},"content":{"rendered":"

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series<\/a>. Click here<\/a> to learn more about MISA.<\/em><\/p>\n

Traditional security operations center (SOC) processes typically involve a wide variety of disparate event notification tools that force overworked analysts to battle massive amounts of inbound alerts. This often leads to missed signals and incorrect alert prioritization.<\/p>\n

The move to cloud, hybrid environments, and IoT further exacerbates the situation as the attack surface is distributed, boundless, and ever-changing. Perimeter defenses, although necessary, are insufficient.<\/p>\n

To address these challenges, SOCs today are focusing on continuous real-time detection and response capabilities that are based on three tightly integrated vantage points and solutions \u2013 network detection and response (NDR), endpoint detection and response (EDR), and security information and event management (SIEM).<\/p>\n

Gartner calls this approach the SOC visibility triad<\/a>. It combines the widespread visibility of NDR with the deep process-level insight of EDR, and couples them together with log and security analytics from a variety of sources in the SIEM.<\/p>\n

Using these three components in a deeply integrated solution gives security professionals the tools and visibility into modern networking environments and allows them to detect and stop attacks that evade perimeter defenses.<\/p>\n

The Cognito\u00ae<\/sup> platform from Vectra\u00ae<\/sup> delivers high-fidelity NDR by keeping a watchful eye on hidden attacker behaviors in workloads in the cloud and hybrid cloud as well as on-premises enterprise networks.<\/p>\n

By combining security research with data science, Vectra AI-derived machine learning algorithms automatically detect and prioritize the highest-risk attacker behaviors in cloud\/SaaS and data center workloads as well as user and IoT devices.<\/p>\n

As a result, Vectra enables security professionals to reduce the SOC workload, instantly get deep insights and context about every attack, and respond faster to encroaching threats with surgical precision.<\/p>\n

\"An<\/p>\n

The deep native integrations between Vectra (NDR), Microsoft Defender ATP (EDR) and Microsoft Azure Sentinel (SIEM) make the SOC triad fully operational for customers, enabling them to use tools they are already familiar with.<\/p>\n

This SOC triad brings together context from each data source, creating an extraordinary solution that is greater than the sum of its parts.<\/p>\n

In addition to enriching Vectra detections with contextual endpoint data from Microsoft Defender ATP, this solution automatically shows attacker detections in the Microsoft Azure Sentinel dashboard, where SOC teams can conduct conclusive investigations.<\/p>\n

The SOC visibility triad further helps drive integrated enforcement actions like disabling compromised accounts and isolating hosts that an attacker is using. This allows SOCs to deliver well-coordinated responses, enhance efficiency, and reduce attacker dwell-times.<\/p>\n

The Host Lockdown<\/em> feature from Vectra is a perfect example of this. When a high-risk attack is detected by the Cognito platform, SOC teams can respond quickly and accurately to lockdown Microsoft Defender ATP hosts from the Cognito dashboard.<\/p>\n

This can be performed manually with a button-click or configured for automated enforcement that triggers when host threat, certainty, and observed-privilege scores exceed SOC-defined thresholds.<\/p>\n

In summary, together with Microsoft Defender ATP, Vectra enables SOC teams to:<\/p>\n