So, it reduces alert fatigue follow ups for security operation center analysts. This is important because it enables us to use this platform to prioritize the most likely imminent threats.
This is both applied to individual and host detections. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part." "One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. Therefore, we don't have to look in all the logs. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time.
If it sees a server doing a lot of things, then it will assume that is normal.
We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it." "It is doing some artificial intelligence. The following table lists Cisco products that are affected by one or more vulnerabilities described in this advisory.Ģ.1.5 (N3K/N9K) (Available) 2.0.7 (N7K) (Available) 2.0."One of the key advantages for us is we define a 24/7 service around it.
0 kommentar(er)
