Vectra, the leader in automating the hunt for in-progress cyber-attacks, and Phantom, the leader in security automation and orchestration, today announced a partnership to automate threat detection and response, and the availability of the Vectra App for Phantom.
“Faster incident response is critical, but faced with a severe shortage of cybersecurity skills, enterprises are turning to security operations and analytics platform architecture, or SOAPA,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “This architecture enables cooperation amongst security tools while helping security analysts pivot across tools to find data and take action as they need in real time.”
“Vectra and Phantom share a mission to automate threat detection and response,” said Mike Banic, vice president of marketing at Vectra. “The Cognito platform from Vectra uses AI to automate the detection, triage, correlation and prioritisation of threats, and our partnership with Phantom enables automated security orchestration with a broad ecosystem of partners.”
The Vectra App for Phantom enables the prioritised threats detected by Cognito, as well as the host and detection context about these threats, to flow into the Phantom Security Automation and Orchestration platform.
Phantom playbooks then drive automated contextual correlation with indicators from other security tools and active enforcement based on prescriptive actions that enable security teams to stop threats faster – from data centre and cloud workloads to user and internet-of-things (IoT) devices.
With the Vectra App for Phantom, security teams can:
- Take action to stop threats faster – From the Cognito platform, security operations teams can use Phantom playbooks to take specific actions against in-progress attacks, such as blocking or quarantining a high-risk workload or device or killing a process.
- Streamline threat investigations – Together, Cognito and Phantom enable security teams to accelerate threat investigations using automated or semi-automated workflows to correlate host and detection information from Cognito with information from other security tools. The combined insights from across the security ecosystem reduce complex threat investigation times.
- Automate investigations for critical detection types – With insights from Cognito and the orchestration power of Phantom, security teams can quickly identify critical threats like ransomware, lateral movement or data exfiltration, and speed-up threat investigations.
- Enrich threat investigations with rich data – When managing cases through Phantom, security operations teams can tap into vast data from Cognito to reveal hidden attacker behaviours across the kill chain and gain more detailed views of every threat.
“The key to successful automation is having good threat data to act on,” said Rich Hlavka, vice president of business development at Phantom. “Cognito from Vectra prioritises and drives Phantom automation based on the threat level and certainty of an attack, ensuring better accuracy. Our automation playbooks help to reduce the analyst workload and increase consistency in the SOC.”