Network threat detection and response company Vectra has announced that Privileged Access Analytics (PAA) are available with the Cognito platform to monitor the interactions between user accounts, services and hosts, and provide continuous visibility and assessment of privileges required to enforce zero trust.
A traditional access-based approach to zero trust relies on one-time security gating decisions that use a predefined list of privileged identities. This approach is fundamentally flawed when cyber-attackers steal credentialed access or have escalated privileges.
“We must have visibility into what the entity – the user, the executable, the device, the network connection and so on – is doing once it gains access,” said Neil MacDonald, Gartner distinguished VP analyst and author of the Seven Imperatives to Adopt a CARTA Strategic Approach report. “How is it behaving? Does the entity or its behaviours represent excessive risk? If so, then we should have the ability to detect this, confirm that it is real, prioritise it and take action.”
With PAA, the Cognito platform continuously monitors the behaviours of user accounts, services and hosts once they gain access to and operate on the network. As a result, Cognito delivers both a continuous real-time assessment of their privilege levels by scoring their behaviours for threat and certainty, and a risk-level prioritization for them. This empowers security teams with the right information to take quick action against the malicious use of privilege across cloud and hybrid environments.
“The real-time assessment of trust is performed by continuously observing the behaviour of user accounts, services and hosts on the network,” said Dr. Jacob Sendowski, director of product management at Vectra. “Now, when privileged credentials are compromised and abused, the new suite of Cognito PAA detection models are able to uniquely determine the malicious use of privilege in real-time.”
PAA is immediately available in the Cognito platform as a suite of detection models in Cognito Detect and as searchable security enrichments to network metadata in Cognito Stream and Cognito Recall. Enforcement can be accomplished through native integrations with endpoint detection and response (EDR), security information and event management (SIEM) systems and orchestration tools. Custom integration is available by accessing attributes through the Cognito REST API.