AIT Partnership Group Ltd

Vectra Cognito

The Cognito platform accelerates customer threat detection and investigation using sophisticated artificial intelligence to collect, store and enrich metadata with insightful context to detect, hunt and investigate known and unknown threats in real-time. It replaces technology that fails to solve today’s security challenges, from cloud-native environments to data centre workloads.

Features

  • AI-driven threat detection and response
  • Detect attackers in real-time, based on behviours not signatures
  • Automate manual processes and consolidate thousands of events pinpointing threats
  • Works with EDR and SIEM to provide complete SOC visibility
  • Enrich threat investigations with a conclusive chain of evidence
  • Embedded with data science-derived security Insights
  • Advanced mMachine learning techniques, including deep learning and neural networks
  • Provides enterprise-wide visibility into cyberattackers by analyzing all network traffic
  • Software updates with new threat detection algorithms are delivered continuously
  • Designed by award-winning team of data scientists and threat researchers

Benefits

  • Always-learning behavioral models use AI to find unknown attackers
  • Unique context eliminates the endless hunt-and-search for threats
  • Enables proactive and immediate action presenting the most relevant information
  • Provides a clear starting point for more extensive investigations
  • Empowering quick, decisive action in response to in-progress attacks
  • Capture metadata at scale, enriched with machine learning-derived security information
  • Software updates with new threat detection algorithms are delivered continuously
  • Automating time-consuming analysis, Cognito condenses weeks of work into minutes
  • Reduces the security-analyst workload on threat investigations by 37X
  • Cognito uses STIX threat intelligence to detect threats based IOCs

Pricing

£35,000 an instance a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steven.bailey@ait-pg.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 1 0 7 3 2 8 9 5 9 6 4 6 8 3

Contact

AIT Partnership Group Ltd Mr Steven Bailey
Telephone: 08450177017
Email: steven.bailey@ait-pg.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Add constraints
System requirements
Add up to 10 requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Std SLA is Monday to Friday UK business hours - 4 hours response
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All support contracts include Telephone support, additional support levels add in the following.
Bronze; configuration backup, monthly health check +10%
Silver; Quarterly Wireless Configuration +15%
Gold; Monthly Wireless Configuration, wireless monitoring +20%

All support is provided via a ticketed help desk
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full onsite training is provided with additional online training and documentation provided
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the end of the contract, customers have the ability to extract key detection information via reports.
End-of-contract process
There are no additional costs assocated with service termination with the Vectra Congito solution

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
Yes, the Cognito platform provides enterprise-wide visibility into hidden cyberattackers by analysing all network traffic from cloud to enterprise, authentication systems and SaaS applications. This leaves attackers with nowhere to hide – from cloud and data centre workloads to user and IoT devices.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Testing includes the use of high-contrast settings, screen-readers and screen magnification software across a selection of browsers
API
Yes
What users can and can't do using the API
"A REST API is available for administrators and developers to integrate Vectra’s breach detection data into their applications. Vectra X-series RESTful API provides access to security event data, platform configuration, and health information via URI paths.

Vectra REST API is based on open standards. You can use any web development language to access and retrieve information via the API."
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The Vectra Cognito platform allows organisations to customise and tune the system to the buyer's environment providing the technology with an understanding of known good behaviours within the environment

Scaling

Independence of resources
The Vectra Cognito platform is not a shared service, therefore each organisation is provided with a dedicated instance/resources. This guarantees that other users actions does not affect the buyer's environment.

Analytics

Service usage metrics
Yes
Metrics types
The Vectra Cognito platform provides operational visibility across the estate providing key information and privatisation through the use of Threat/Certainty scoring
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Vectra

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported through the reporting capability within the Cognito UI.
Data export formats
Other
Other data export formats
  • API
  • XML formats such as STIX
Data import formats
Other
Other data import formats
  • API
  • XML formats such STIX

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
To protect a buyer's data, Vectra ensure that it is encrypted at rest and on the wire. AES-256 encryption is used (via AWS’s Key Management Service) to protect data in storage and TLS encryption is used on each data connection. The connection from Detect to Recall is authenticated using mutual certificate authentication with per-customer server and client certificates. This ensures that each Recall instance will only accept connections from the corresponding Detect instance and Detect instances will not connect to anything other than the intended Recall instance.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Yes, SLA dependant on service selected. Further information upon request.
Approach to resilience
Available on request
Outage reporting
API
Email alerts
SYSLOG"

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Additional access restriction is via specific ACLs, only known public address may be permitted to authenticate with the Cognito Recall web UI
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Security Metrics
PCI DSS accreditation date
8th March 2020
What the PCI DSS doesn’t cover
Based on the information provided by AIT Partnership Group Ltd involving its security policies, procedures, and regulations,
Security Metrics has found the merchant to be compliant with the Payment Card Industry Data Security Standards (PCI DSS),
endorsed by Visa, MasterCard, American Express, Discover, and JCB card brands. AIT holds SAQ C3.1 level certification which excludes electronic storage of credit card data
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Enterprise level firewall appliance which has regular intrusion tests.
Complex user passwords with a 30 days enforced change policy.
L2TP VPN for remote access.

All policies are communicated during the staff induction process and regularly communicated during departmental meetings.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
AIT follows an ITIL methodology. All changes made to our internal systems must first be approved by our senior management team before being thoroughly test. When the acceptance criteria has been met the change will be implemented.

All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implements to all perimeter and internal appliances as appropriate.

Our security appliances have proprietary software that will detect any unauthorized activities and notify our systems manager.

Incident management is handled using our Ticketing / CRM system
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implemented to all perimeter and internal appliances as appropriate and when advised by the vendor. Information in relation to potential threats is gathered from vendor websites.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
This is handled by our perimeter security appliance. Our systems manager will be alerted to any unauthorised activity by way of text / email notification and it will be immediately investigated.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are management / tracked by our CRM system. Incidents can be raised by phone or email and this will be logged as a ticket with the appropriate SLA. Our CRM has the ability to provide granular reporting on all tickets raised.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£35,000 an instance a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Details of free service are customised for each user

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steven.bailey@ait-pg.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.