The Cognito® automated threat detection and response platform from Vectra® blends human expertise with a broadset of data science and machine learning techniques. This model delivers a continuous cycle of threat intelligenceand learning based on cutting-edge research, global learning models, and local learning models.
With Cognito, these different perspectives combine to provide an ongoing, complete and integrated view that revealscomplex multistage attacks as they unfold inside your network.These unique stages of intelligence are essential to the detection of modern threats. This white paper explains howeach critical stage contributes to the overall detection model, shows examples of specific detection techniques, anddescribes the various threats these detection techniques can find.
Intrusion detection dates back to the early 1980s and the pioneering work of Dorothy Denning and Peter Neumann.Research into IDS was driven largely by the U.S. government,which sought to protect confidential assets from internal users.This is a vital distinction because threats were defined more by misbehaving or internal users and not external attackers. At that time, all attacks were essentially insider attacks.
Many concepts behind the first IDS remain relevant today. The goal was to build rules that reveal suspicious behavior and identify deviations from normal baselines. They relied heavily on establishing baselines and finding anomalies by analyzing audit logs at the host level.Today, IDS is deployed on the host or the network, with host-based IDS monitoring a single host and network-based IDS monitoring the entire network. The two dominant detection models are signature-based and anomaly-based.First introduced in antivirus technology, signatures detect attacks by looking for specific patterns, such as distinct byte sequences in network traffic or malicious code used by malware.
Deze whitepaper is alleen in het Engels verkrijgbaar. Wilt u een toelichting in het Nederlands?
Bezoek dan onze Access42
stand, u kunt ons vind bij standnr. D01.059.