Vectra® Networks uses artificial intelligence to automate real-time cyber attack detection and response – from network users and IoT devices to data centers and the cloud. All internal traffic is continuously monitored to detect hidden attacks in progress. Detected threats are instantly correlated with host devices that are under attack and unique context shows where attackers are and what they are doing.


Threats that pose the biggest risk to an organization are automatically scored and prioritized based on their severity and certainty, which, enables security operations teams to quickly focus their time and resources on preventing and mitigating loss.





Vectra AI automates security operations


Vectra AI overcomes today’s cyber security challenges by blending human expertise with a broad set of data science, machine learning techniques and deep learning to automate the manual, time-consuming work associated with security analysts.


By automating cyber-attacker detection, analysis and incident response, Vectra AI condenses days or weeks of work into minutes, reducing the threat investigation workload by up to 29X.


Using behavioural detection algorithms to analyze metadata from captured packets, Vectra detects hidden and unknown attacks in real time, whether traffic is encrypted or not. Vectra only analyzes metadata captured from packets, rather than performing deep-packet inspection, to protect user privacy without prying into sensitive payloads.



Global learning


Global learning identifies the fundamental traits that threats share across all enterprise organizations. Global learning begins with Vectra Threat Labs, a full-time group of cybersecurity experts and threat researchers who continually analyze malware, attack tools, techniques, and procedures to identify new and shifting trends in the threat landscape.


Their work informs the data science models used by Vectra AI, including supervised machine learning. It is used to analyze very large volumes of malicious and attack traffic and distill it down to the key characteristics that make malicious traffic unique.



Local learning


Local learning identifies what’s normal and abnormal in an enterprise’s network to reveal attack patterns. The key techniques used are unsupervised machine learning and anomaly detection. Vectra uses unsupervised machine learning models to learn about a specific customer environment, with no direct oversight by a data scientist.


Instead of concentrating on finding and reporting anomalies, Vectra looks for indicators of important phases of an attack or attack techniques, including signs that an attacker is exploring the network, evaluating hosts for attack, and using stolen credentials.



Integrated intelligence


Vectra condenses thousands of events and network traits to a single detection. Using techniques such as event correlation and host scoring, Vectra performs the following:


  • Correlates all detection events to specific hosts that show signs of threat behaviors.
  • Automatically scores every detection and host in terms of the threat severity and certainty using the Vectra Threat Certainty Index.
  • Tracks each event over time and through every phase of the cyber-attack kill chain.


Vectra puts special focus on events that may jeopardize key assets inside the network or are of strategic value to an attacker. Devices that exhibit behaviors that cover multiple phases of the cyber-attack kill chain are also prioritized, as shown below.



How Vectra Cognito works:


Cognito uses artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage.




For more information or product demonstration, please contact us at