Why now

Threat hunting allows you to get ahead of attackers instead of constantly chasing them.

Avoid incident loss

Avoid incident loss by discovering hidden attackers early, before they accomplish their goals and well before other tools know about their presence.

Reduce costs

Reduce the costs associated with slow incident response by reducing attacker dwell-time beyond what is possible with other security tools.

Structure your hunts

Structure your hunts around specific types of attacker activities in your environment by using the MITRE ATT&CK framework.

Why Vectra

Proactively search for threats and investigate incidents across your entire environment including data center, cloud, and IoT devices.

Cognito Recall

Perform AI-driven threat hunting and retrospective threat hunting using behavioral detection algorithms derived from security domain-tailored machine learning.
Speed-up investigations by correlating threat-behavior data with host devices and workloads. The right information is always at your fingertips.

Gain complete visibility into unseen security vulnerabilities and gaps in regulatory and compliance mandates.

Attackers can run, But they can’t hide


   High-fidelity data from machine learning-derived, security-enriched metadata – no packet captures or NetFlow.

  Visibility using cloud logs and API calls. Integrate and share data with other security solutions – not just connectivity attributes.

  Data-driven hunting with insights based on devices, privilege, identity, host names, and workloads – not solely IP addresses. 


    Instant security insights give organizations complete visibility into relevant host activities and behaviors.

    Observe and understand common threads between compromised host devices, accounts and assets.

     Complete views of attack progression and campaigns help identify other issues related to the attack.


  Identify and categorize gaps in compliance to                                             meet government and corporate regulatory directives.

   Visualize and report on security-policy posture with                     unique Vectra data that is not available in other products.

  Extend and enhance security and compliance                                           through recurring assessments, detailed reports,                                     and other Vectra services. 

Did you know? 

Nearly half the breaches of sensitive data are the result of internal actors

Source: Forrester Research 2019

Command and control
  • Externak remote access
  • Hidden DNS tunnel 
  • Hidden HTTP/S tunnel
  • Suspicious relay 
  • Suspect domain activity 
  • Malware update 
  • Peer-to-peer
  • Pulling instructions 
  • Suspicious HTTP
  • TOR activity 
  • Threat intel match 
  • Internal darknet scan
  • Port scan
  • Port sweep
  • SMB account scan 
  • Kerberos account scan 
  • File share enumeration 
  • Suspicious LDAP query 
  • RDP recon 
  • RDC recon
Laternal movement
  • Suspicious remote exec
  • Suspicious remote desktop
  • Suspicious admin
  • Shell knocker
  • Automated replication 
  • Brute-force attack 
  • SMB brute-force
  • Kerberos brute force
  • Suspicous kerberos client 
  • Suspicious kerberos account
  • Kerberos server activity 
  • Ransomware file activity 
  • SQL injection activity 
  • Privilege access analytics  
Exfiltration and botnet monetization


  • Data smuggler
  • Smash and grab
  • Hidden DNS tunnel
  • Hidden HTTP/S tunnel

Botnet monetization

  • Abnormal web or ad activity
  • Cryptocurrency mining
  • Brute-force attack
  • Outbound DoS
  • Outbound port sweep
  • Outbound spam