Vectra AI Offers a Security Assist to Microsoft Defender ATP and Azure Sentinel -- Redmond Channel Partner

Bekker's Blog by Scott Bekker, Editor in Chief

Vectra AI Offers a Security Assist to Microsoft Defender ATP and Azure Sentinel

Vectra AI, a surging security company applying artificial intelligence to network-based intrusion detection, on Tuesday unveiled strategic integrations with Microsoft's core security technologies.

The eight-year-old, San Jose, Calif.-based Vectra attracted $100 million in a Series E funding round last June in part due to growing interest in its approach to network threat detection and response (NDR).

Vectra's Cognito platform uses artificial intelligence to help identify attacks coming over the network and over the cloud and deploys easy-to-understand scoring and charting to help professionals in a security operations center (SOC) prioritize the most critical threats and respond to them quickly or automatically based on user-defined rules.

The company is going to market through partnerships with major security players, emphasizing a Gartner-published concept known as the "SOC visibility triad." In Vectra's implementation, the triad consists of the company's own NDR tool for network and cloud visibility, combined and integrated with other vendors' endpoint detection and response (EDR) tools and with partners' security information and event management (SIEM) tools.

In theory, the triad would cast a wider, more comprehensive net for potential attacks while dramatically reducing the signal-to-noise problem with security alerts. Current Vectra partners for other legs of the triad include CrowdStrike, Carbon Black, Cybereason, SentinelOne, ArcSight, IBM, Chronicle and Splunk.

The news on Tuesday is not Vectra's first foray into Microsoft technologies. In February, Vectra launched Cognito Detect for Office 365, which used detection models focused on credentials and privilege in SaaS applications to stop attacks.

But the Tuesday announcement involves working with Microsoft to bring the SOC visibility triad effort to the Microsoft stack. In triad terms, Vectra is the NDR piece, and as of Tuesday, it is integrated with Microsoft Defender Advanced Threat Protection (ATP) for the EDR piece and with Azure Sentinel for the SIEM piece.

The Defender ATP integrations with Vectra combine the cloud/datacenter detections with Microsoft's process-level context from the endpoint, and allow for the isolation or disabling of compromised systems. On the Sentinel side, Vectra created custom workbooks in Azure Sentinel that bring elements of their dashboard into Microsoft's cloud SIEM product.

By working with those two strategic components of the Microsoft security mix, Vectra also on Tuesday joined the Microsoft Intelligent Security Association (MISA), a group of more than 80 members with deep programmatic hooks into a dozen Microsoft security technologies or products. In addition to Defender ATP and Azure Sentinel, the MISA-related technologies include Azure Active Directory, Azure Information Protection, Microsoft Endpoint Manager, Microsoft Graph Security API, Microsoft Cloud App Security, Azure Security Center, Azure Security Center for IoT Security, DMARC reporting for Microsoft 365, Windows antimalware platform and Azure DDOS Protection.

Posted by Scott Bekker on June 09, 2020

Free Webcast! Learn about Password Management Best Practices

Featured

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

Broadcom CEO Hock Tan recently shared his company's motives for controversially changing VMware licensing policies, a move that had been met by widespread backlash.
2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
The 2024 Microsoft Product Roadmap

Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.
Microsoft Makes AI Push in London and Japan with Strategic Investments

Looking to further the global reach of its aggressive AI push, Microsoft made a couple of announcements this week focused on overseas initiatives and investments.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Bekker's Blog by Scott Bekker, Editor in Chief

Vectra AI Offers a Security Assist to Microsoft Defender ATP and Azure Sentinel

Featured

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Makes AI Push in London and Japan with Strategic Investments

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

The 2024 Microsoft Product Roadmap

The Most Important Document for Partners To Read Now: CSF 2.0

What's Going On at CompTIA?

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

In Wake of VMware Changes, Broadcom Still Struggling To Win Critics Over

The 2024 Microsoft Product Roadmap

The Most Important Document for Partners To Read Now: CSF 2.0

What's Going On at CompTIA?

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Coffee Talk: Phishing Awareness Training 101 for Partners

Security Essentials: Empowering MSPs with Datto’s Integrated Solutions

Coffee Talk: Endpoint Security 101: Threats & Strategies SMB Partners Need to Know

Automated Intelligence: Simplifying M365 Governance for MSPs

FREE WHITE PAPERS FROM OUR SPONSORS

A guide to zero trust for MSPs

Microsoft CSP Guide

10 Reasons to Bundle Security with your Managed Services

Battling Business Email Compromise