Vectra Cognito
The Cognito platform accelerates customer threat detection and investigation using sophisticated artificial intelligence to collect, store and enrich metadata with insightful context to detect, hunt and investigate known and unknown threats in real-time. It replaces technology that fails to solve today’s security challenges, from cloud-native environments to data centre workloads.
Features
- AI-driven threat detection and response
- Detect attackers in real-time, based on behviours not signatures
- Automate manual processes and consolidate thousands of events pinpointing threats
- Works with EDR and SIEM to provide complete SOC visibility
- Enrich threat investigations with a conclusive chain of evidence
- Embedded with data science-derived security Insights
- Advanced mMachine learning techniques, including deep learning and neural networks
- Provides enterprise-wide visibility into cyberattackers by analyzing all network traffic
- Software updates with new threat detection algorithms are delivered continuously
- Designed by award-winning team of data scientists and threat researchers
Benefits
- Always-learning behavioral models use AI to find unknown attackers
- Unique context eliminates the endless hunt-and-search for threats
- Enables proactive and immediate action presenting the most relevant information
- Provides a clear starting point for more extensive investigations
- Empowering quick, decisive action in response to in-progress attacks
- Capture metadata at scale, enriched with machine learning-derived security information
- Software updates with new threat detection algorithms are delivered continuously
- Automating time-consuming analysis, Cognito condenses weeks of work into minutes
- Reduces the security-analyst workload on threat investigations by 37X
- Cognito uses STIX threat intelligence to detect threats based IOCs
Pricing
£35,000 an instance a year
- Education pricing available
- Free trial available
Service documents
Framework
G-Cloud 12
Service ID
2 1 0 7 3 2 8 9 5 9 6 4 6 8 3
Contact
AIT Partnership Group Ltd
Mr Steven Bailey
Telephone: 08450177017
Email: steven.bailey@ait-pg.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- Add constraints
- System requirements
- Add up to 10 requirements
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Std SLA is Monday to Friday UK business hours - 4 hours response
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
All support contracts include Telephone support, additional support levels add in the following.
Bronze; configuration backup, monthly health check +10%
Silver; Quarterly Wireless Configuration +15%
Gold; Monthly Wireless Configuration, wireless monitoring +20%
All support is provided via a ticketed help desk - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Full onsite training is provided with additional online training and documentation provided
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- At the end of the contract, customers have the ability to extract key detection information via reports.
- End-of-contract process
- There are no additional costs assocated with service termination with the Vectra Congito solution
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- Description of service interface
- Yes, the Cognito platform provides enterprise-wide visibility into hidden cyberattackers by analysing all network traffic from cloud to enterprise, authentication systems and SaaS applications. This leaves attackers with nowhere to hide – from cloud and data centre workloads to user and IoT devices.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Testing includes the use of high-contrast settings, screen-readers and screen magnification software across a selection of browsers
- API
- Yes
- What users can and can't do using the API
-
"A REST API is available for administrators and developers to integrate Vectra’s breach detection data into their applications. Vectra X-series RESTful API provides access to security event data, platform configuration, and health information via URI paths.
Vectra REST API is based on open standards. You can use any web development language to access and retrieve information via the API." - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- The Vectra Cognito platform allows organisations to customise and tune the system to the buyer's environment providing the technology with an understanding of known good behaviours within the environment
Scaling
- Independence of resources
- The Vectra Cognito platform is not a shared service, therefore each organisation is provided with a dedicated instance/resources. This guarantees that other users actions does not affect the buyer's environment.
Analytics
- Service usage metrics
- Yes
- Metrics types
- The Vectra Cognito platform provides operational visibility across the estate providing key information and privatisation through the use of Threat/Certainty scoring
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Vectra
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported through the reporting capability within the Cognito UI.
- Data export formats
- Other
- Other data export formats
-
- API
- XML formats such as STIX
- Data import formats
- Other
- Other data import formats
-
- API
- XML formats such STIX
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- To protect a buyer's data, Vectra ensure that it is encrypted at rest and on the wire. AES-256 encryption is used (via AWS’s Key Management Service) to protect data in storage and TLS encryption is used on each data connection. The connection from Detect to Recall is authenticated using mutual certificate authentication with per-customer server and client certificates. This ensures that each Recall instance will only accept connections from the corresponding Detect instance and Detect instances will not connect to anything other than the intended Recall instance.
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Yes, SLA dependant on service selected. Further information upon request.
- Approach to resilience
- Available on request
- Outage reporting
-
API
Email alerts
SYSLOG"
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Additional access restriction is via specific ACLs, only known public address may be permitted to authenticate with the Cognito Recall web UI
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Security Metrics
- PCI DSS accreditation date
- 8th March 2020
- What the PCI DSS doesn’t cover
-
Based on the information provided by AIT Partnership Group Ltd involving its security policies, procedures, and regulations,
Security Metrics has found the merchant to be compliant with the Payment Card Industry Data Security Standards (PCI DSS),
endorsed by Visa, MasterCard, American Express, Discover, and JCB card brands. AIT holds SAQ C3.1 level certification which excludes electronic storage of credit card data - Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Enterprise level firewall appliance which has regular intrusion tests.
Complex user passwords with a 30 days enforced change policy.
L2TP VPN for remote access.
All policies are communicated during the staff induction process and regularly communicated during departmental meetings.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
AIT follows an ITIL methodology. All changes made to our internal systems must first be approved by our senior management team before being thoroughly test. When the acceptance criteria has been met the change will be implemented.
All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implements to all perimeter and internal appliances as appropriate.
Our security appliances have proprietary software that will detect any unauthorized activities and notify our systems manager.
Incident management is handled using our Ticketing / CRM system - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implemented to all perimeter and internal appliances as appropriate and when advised by the vendor. Information in relation to potential threats is gathered from vendor websites.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- This is handled by our perimeter security appliance. Our systems manager will be alerted to any unauthorised activity by way of text / email notification and it will be immediately investigated.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Incidents are management / tracked by our CRM system. Incidents can be raised by phone or email and this will be logged as a ticket with the appropriate SLA. Our CRM has the ability to provide granular reporting on all tickets raised.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £35,000 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Details of free service are customised for each user