Cyber Security Engineer at a tech services company with 1,001-5,000 employees
MSP
Top 20
2024-11-11T15:42:51Z
Nov 11, 2024
As an end user, I do not have to commit manpower to manage Vectra since most of their use cases are managed by them. It's a hands-off kind of deployment.
We use Vectra AI for endpoints where we are unable to install agents, like endpoint agents, EDR agents, or antivirus tools. For example, BYOD devices or routers in our network. We don't have any control over those, but we need monitoring capability. Vectra AI can monitor the traffic from the wireless router to the firewall or any outgoing traffic. It can give us an idea of whether there is any C&C or C2 communication or any botnet activity from those source IPs. Without having any agents in the endpoint, it is a network monitoring tool. We use this tool to detect threats within the environment where the assets are unmanaged. Also, since we tap into certain network points such as firewalls or IDSs, we get more visibility from managed assets as well. So before the endpoint notices the behavior, Vectra notices some of the exfiltration techniques and alerts us.
Associate Director Security at a outsourcing company with 10,001+ employees
Real User
Top 10
2023-09-11T09:17:00Z
Sep 11, 2023
This tool operates on machine learning principles, utilizing its own AI-based models and rules to detect activity within your environment. Initially, Vectra AI observes and monitors your organization's behavior for a two-week period, identifying legitimate services operating within your environment. Once it completes this monitoring phase and detects all services, it begins to assign certainty and severity levels to the network traffic it observes.
Technical Sales Engineer at Barikat Cyber Security WLL
Reseller
Top 10
2023-08-04T12:13:00Z
Aug 4, 2023
Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis.
Cybersecurity Consultant at a tech services company with 201-500 employees
Consultant
Top 20
2023-03-07T08:55:00Z
Mar 7, 2023
Our company is in the retail arena, and we have stores, warehouses, and a data center. Right now, we're using Vectra AI in our offices and the data center. The major issue we had was that we were completely blind inside our data center in terms of seeing what traffic we had. Our main focus with Vectra AI was to see what's happening inside the data center through virtual sensors. We're going to expand it to include our stores because the franchisees requested that we monitor the networks in all of the stores. Every shop in our company is a franchise, and they can do whatever they want to in their shops. We won't have any idea as to what's on the network in the shops. By using Vectra AI, we will have visibility into the network. We have started the proof of concept for our warehouses as well.
Security Analyst at a computer software company with 1,001-5,000 employees
Real User
Top 20
2023-03-07T08:55:00Z
Mar 7, 2023
I'm a SOC analyst, and I use Vectra AI to detect and respond to security incidents. My team manages the critical detections, and another team takes the low-priority detections. They also use Vectra to hunt for the system root.
Security Consultant at a healthcare company with 10,001+ employees
Real User
Top 10
2023-03-07T08:53:00Z
Mar 7, 2023
We wanted to have an additional layer of protection. We have the standard IDSs and were looking for solutions that provide additional security features. We are still in the deployment phase and hope to be in production mode soon.
Security Engineer at a legal firm with 1,001-5,000 employees
Real User
Top 20
2023-03-07T08:51:00Z
Mar 7, 2023
We have a basic Vectra environment because we mainly only use the NDR for the solution's options. We do mainly filled logins, anomalies, and network flow monitoring.
As a sector, the education industry as a whole is under threat with quite a large volume of immediate threat offenders. We've seen numerous attacks coming through brute force or DDoS. The amount of ransomware and phishing attacks is on the rise compared to that of five years ago, for instance. I see regular threat campaigns from numerous actors around the world. Our main use case is to have Vectra AI as an addition to our security team. We have a large campus with 1,100 boarding students and about 600 staff on top of that. However, my security team only comprises myself and one other person. Being able to detect security threats in real-time and, more importantly, being able to get rid of the noise is very important to me. That is, getting rid of the false positives and just focusing on the actual high threats that we see coming through is a great benefit for us.
CSirt Manager at a construction company with 10,001+ employees
Real User
Top 20
2023-03-07T08:49:00Z
Mar 7, 2023
We use Vectra AI to detect incidents because we have offices in 50 countries and 30 to 40 sensors around the world. We want to be able to have a sensor or a foothold in as many offices as possible, and Vectra AI helps us achieve that goal.
Network Engineer at a university with 1,001-5,000 employees
Real User
Top 20
2023-03-07T08:47:00Z
Mar 7, 2023
We need to move our whole data traffic over the core switches. We also want to secure our network and have it integrated into our vCenter and into our Active Directory. We have 18,000 IP addresses, and in Recall, we have uploads from about 250 GB per day.
I work as an analyst who determines how our services should be built and integrated. We use Vectra to address a lack of visibility in our client environments. The tool has the potential to solve problems in a few areas, with new features on the way. We're exploring ways to build our services on top of the Vectra platform. We are considering the various integration options and how we can build a solid portfolio using this suite of products in future services. We have other tools like Palo Alto, and we hope to leverage our services on other platforms. There are several internal integration challenges that we need to examine.
Head of system and infrastucture at a government with 1,001-5,000 employees
Real User
Top 10
2023-03-06T12:59:00Z
Mar 6, 2023
Our primary use case for this solution is network traffic analysis. When we initially launched the solution, it gave us more detection compared to what we had before, but we needed more details in the field. However, once we added the Cognito feature, Vectra AI became an important solution in our environment. We now use it as a complete cybersecurity platform for detection, analysis, and referring security alerts. Vectra AI is the best. It is a major product in our cybersecurity.
Security at a financial services firm with 201-500 employees
Real User
Top 20
2023-03-06T10:54:00Z
Mar 6, 2023
We started with it as a replacement for the functionality we had in our SIEM solution. We mainly wanted a detection metric and something that was smart enough to detect some of the more complex attacks because we can have flow data and do nothing with it. We wanted to have some strong alerting capabilities on that. We were looking to get a detailed attack and AI perspective on it. We didn't want something that only sees something as malicious and can alert on it but also detect things that are a little bit out of the ordinary, which was something we could get with this.
We wanted something to understand what's happening on the network of the company, and we wanted something to protect us against attacks and cyber activities. We wanted visibility into our network and all the threats that we're facing.
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Real User
2022-10-06T18:19:00Z
Oct 6, 2022
The key challenge we face is visibility, things that happen in isolated and pocketed environments where visibility is limited. Silos and isolated networks exist across the environment, and it's difficult to control it completely. Blind spots are the main challenges.
Head of IT Security, Acting CISO at a retailer with 10,001+ employees
Real User
2021-10-14T20:04:00Z
Oct 14, 2021
Our key challenges are: * People Management: It is always a struggle to coordinate the few people that we have with the necessary skills to put them on the most important topics or projects. * Cloud adoption complexity: You need to figure out which systems, applications, and interfaces are talking to which cloud component in terms of data flow. That is a rather complex topic and usually sold well by the external supplier in terms of marketing to a company. Practically speaking, it is very difficult to elaborate all the connection requirements, on-prem to cloud, cloud to cloud, e.g., what is running where, what should run, and what is not running as it should. Cognito Platform: We are using the latest on-premises version and some of the cloud services too. We are mainly operating out of Switzerland. The IT Departments are based in our headquarters. We have a large network with a lot of points of sales and other geographical locations that are interconnected. We need visibility of all the client-initiated traffic to and from our main data centers and to the Internet. We have good network coverage. Vectra is deployed on different hotspots in our network.
Senior Security Engineer at a manufacturing company with 10,001+ employees
Real User
2021-07-01T16:53:00Z
Jul 1, 2021
In terms of deployment, we have one brain and seven physical sensors. We're currently working on deploying a large number of virtual sensors, but those aren't done yet. We also have a SIEM and an EDR.
Head of Information Security at Winterflood Securities Limited
Real User
2021-05-19T13:11:00Z
May 19, 2021
We use Cognito. The biggest challenge we face in protecting the organization against cyber attacks is mean time to detection, operating from a position of an assumed breach. Then being able to detect breaches or malicious traffic within the environment as quickly as possible to reduce dwell time. We have a small environment with only 300 users. It's very technically focused given the market that we operate in. There are two data centers, four offices, a small IT and security team. Cognito allows us to make the best investment for the most return, given we don't have dedicated SOC analysts looking at a SIEM environment.
Project Manager at a university with 1,001-5,000 employees
Real User
2020-10-29T10:12:00Z
Oct 29, 2020
We use it to monitor what is happening on our network, especially to protect our network from malicious activity. We also have the sensor into Office 365, so we can also monitor everything that is happening in there. At the moment, we use it to monitor all our endpoints.
Operational Security Manager at a financial services firm with 1,001-5,000 employees
Real User
2020-10-21T04:34:00Z
Oct 21, 2020
Vectra was deployed to give us a view of what is happening on the user network. It helps us to check what is being done by users, if that is compliant with our policies, and if what they're doing is dangerous. It covers cyber security stuff, such as detecting bad proxies, malware infections, and using packet defense on strange behaviors, but it can also be used to help with the assessment of compliance and how my policies will apply. We also use Vectra to administer servers and for accessing restricted networks. There are on-prem modules, which are called Cognito Detect, the NDR/IDS solution, which captures traffic. We also have the SaaS data lake, and we also have the Cognito Detect for Office 365, which is a SaaS-type sensor within the O365 cloud.
Head of Information Security at a outsourcing company with 1,001-5,000 employees
Real User
2020-07-26T08:19:00Z
Jul 26, 2020
Vectra AI sits across our entire estate, we have an outsource provider for a lot of our backend systems. It sits in theirs and it sits in our own estates. It's deployed across our other numerous offices across the country. It sits across our entire state.
Manager, IT Security at a energy/utilities company with 201-500 employees
Real User
2020-06-03T06:54:00Z
Jun 3, 2020
The Detect platform that we have is on-prem. We have what's called "the brain", then we have sensors placed in different key/strategic areas in the organization. It is helping us do a lot of the monitoring. We also have some SaaS offerings from the Recall platform, which look at some of the metadata, etc. If we were doing things like incident response, it gives us a bit more granular type of information to query. However, the Cognito Detect platform is all on-prem. We are using the latest version.
Director, Information Security at a university with 5,001-10,000 employees
Real User
2020-05-27T08:03:00Z
May 27, 2020
One of the reasons we went with this solution was because there is less that we have to customize; it's more commercial off the shelf. Therefore, my team can spend their time doing what's most beneficial for the university, which is protecting it, not upgrading custom software. We use it to inspect and look for malicious, abusive, or other types of forbidden behavior with our north-south and east-west traffic. We not only look at traffic from our campus to the Internet, but we look at traffic internally in our network as it does network AI. It not only looks when a specific event happens, but whether, "Is this a normal event? Or is it normal for the host to do that?"
Security Operations Specialist at a tech services company with 1,001-5,000 employees
Real User
2020-05-13T09:16:00Z
May 13, 2020
We use Vectra AI to sniff the network using Ixia taps so that we can identify potentially malicious activity on the network and at all points of the kill chain. What it's really good at is correlating seemingly unrelated events. It's in our data center, but the versioning is controlled by Vectra. They push it out discreetly so I don't have any touch on that.
We have two use cases. The first is that Vectra's platform allows us to get visibility into anomalous behavior, which, previously, we never really had access to, for threat hunting and incident response. We use it in support of our incident response operations to help supplement our investigations on hosts. We use it to correlate any suspicious activities, which is something that Vectra has been extremely accurate in, when used the right way. The second use case is that we've used the Vectra Cognito Recall and Cognito Stream devices. With these integrations, it's given us instant visibility into all the network data as well. That enables us to conduct our own hunts on our network data, data you'd see on a SIEM solution. It also gives us the ability to correlate with our playbooks because it gives us access to the data itself in much more depth and detail.
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Real User
2020-03-04T08:49:00Z
Mar 4, 2020
Our main intention was to see what type of visibility, in terms of detections, Vectra could give us. We use it on both our manufacturing perimeter and at the internet perimeter. That's where we have placed the devices. We have placed it across four sites, two in UAE and two outside UAE.
Global Security Operations Manager at a manufacturing company with 5,001-10,000 employees
Real User
2020-02-25T06:59:00Z
Feb 25, 2020
We use Vectra with the assumption that our other defensive controls are not working. We rely on it to be able to detect anomalous activities on our network and trigger investigation activities. It's a line of detection assuming that a breach occurred or has been successful in some way. That's our primary use case. We have it in some of other use cases, like anomalous network activity and detection for things. E.g., we are trying to refine or improve suspicious internal behaviours because we are a development technology company. We have developers doing suspicious things all the time. Therefore, we use it to help us identify when they are not behaving correctly and improve our best practices. We have it predominantly on-prem, which is a combination of physical and virtual sensors. We also have a very minor element on the cloud where we are trialing a couple of components that are not fully deployed. For the cloud deployment, we are using Azure. We are on the latest version of Cognito.
Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
2020-01-12T07:22:00Z
Jan 12, 2020
The original use case was because we had some legacy stuff that doesn't do encryption at rest. Compliancy-wise, we had to put in some additional mitigating actions to protect it. That was the start of it. Then, we extended it to check other devices/servers within our network as well. We are on the latest version.
Head of Information Security at a insurance company with 1,001-5,000 employees
Real User
2020-01-05T07:29:00Z
Jan 5, 2020
One of the biggest things is the visibility of stopping or identifying any infection as soon as possible. In this case, if someone downloads something malicious to their workstation, we have a number of controls in place. However, it wasn't so much the endpoint. It was the spreading of a worm type scenario or a WannaCry type thing. Anything that could potentially spread after the initial infection, which is where we wanted to come in and get that visibility. It was key for us to have something that we could use for identifying as soon as possible, which would be call center initiated. That was probably our biggest thing: To push it in that direction, as we're a regulated company from the FCA. They drive us continually for improvement and behavioral analysis. Network analysis sort of falls into that bucket. We already have a SIEM, which some people would argue gives us a lot of that visibility. It doesn't tend to give it the focus that we need. From Vectra, we get a lot of alerts of, "This is happening," or, "This is unusual." This is a lot easier than waiting for a couple of logs to come in, then a bit of AI logic at the back of it to potentially push it in that direction. It's very much for us to get a view of a potential attack, then deal with it as quickly as possible. To pinpoint where it's coming from, and where it is going to go. One of the biggest things that I wanted to ensure is that it covered our call centers because that is where I see my biggest risk. So, I was really key on getting sensors across all geographic locations within the UK and in all of our small communication rooms. It is all on-premise. We have a number of call centers spread around the UK. We look at all east-west traffic, as well as north-south. It all goes into our brain in our data center. We do have some branches out in Azure, but we're waiting on the new plugin that they are trying to develop. We are just starting in on our cloud journey and most of our infrastructure is in still private cloud. We haven't really gotten to the point where we have public cloud. We're up-to-date, but I don't know the exact version number that we are on.
Vectra AI is used for detecting network anomalies and potential malicious activities, providing visibility into network traffic and enhancing threat detection across environments.
Organizations deploy Vectra AI mainly on-premises with additional cloud components. It helps with compliance, incident response, security monitoring, detecting insider threats, and correlating network events. Vectra AI captures and enriches network metadata, provides detailed dashboards, reduces false...
As an end user, I do not have to commit manpower to manage Vectra since most of their use cases are managed by them. It's a hands-off kind of deployment.
We use Vectra AI for endpoints where we are unable to install agents, like endpoint agents, EDR agents, or antivirus tools. For example, BYOD devices or routers in our network. We don't have any control over those, but we need monitoring capability. Vectra AI can monitor the traffic from the wireless router to the firewall or any outgoing traffic. It can give us an idea of whether there is any C&C or C2 communication or any botnet activity from those source IPs. Without having any agents in the endpoint, it is a network monitoring tool. We use this tool to detect threats within the environment where the assets are unmanaged. Also, since we tap into certain network points such as firewalls or IDSs, we get more visibility from managed assets as well. So before the endpoint notices the behavior, Vectra notices some of the exfiltration techniques and alerts us.
Our Customers use Vectra AI to detect networks, endpoints, identities, SaaS-based, and private and public clouds.
This tool operates on machine learning principles, utilizing its own AI-based models and rules to detect activity within your environment. Initially, Vectra AI observes and monitors your organization's behavior for a two-week period, identifying legitimate services operating within your environment. Once it completes this monitoring phase and detects all services, it begins to assign certainty and severity levels to the network traffic it observes.
We've introduced Vectra AI to our clients and had it in proof of concepts with other technologies like Darktrace for network detection and response.
Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis.
We use it as our internal network monitoring solution.
Our company is in the retail arena, and we have stores, warehouses, and a data center. Right now, we're using Vectra AI in our offices and the data center. The major issue we had was that we were completely blind inside our data center in terms of seeing what traffic we had. Our main focus with Vectra AI was to see what's happening inside the data center through virtual sensors. We're going to expand it to include our stores because the franchisees requested that we monitor the networks in all of the stores. Every shop in our company is a franchise, and they can do whatever they want to in their shops. We won't have any idea as to what's on the network in the shops. By using Vectra AI, we will have visibility into the network. We have started the proof of concept for our warehouses as well.
I'm a SOC analyst, and I use Vectra AI to detect and respond to security incidents. My team manages the critical detections, and another team takes the low-priority detections. They also use Vectra to hunt for the system root.
We use Vectra AI mainly for presentations.
We wanted to have an additional layer of protection. We have the standard IDSs and were looking for solutions that provide additional security features. We are still in the deployment phase and hope to be in production mode soon.
Our primary use case for this solution is for security policy and to detect potential attacks on our networks.
We have a basic Vectra environment because we mainly only use the NDR for the solution's options. We do mainly filled logins, anomalies, and network flow monitoring.
As a sector, the education industry as a whole is under threat with quite a large volume of immediate threat offenders. We've seen numerous attacks coming through brute force or DDoS. The amount of ransomware and phishing attacks is on the rise compared to that of five years ago, for instance. I see regular threat campaigns from numerous actors around the world. Our main use case is to have Vectra AI as an addition to our security team. We have a large campus with 1,100 boarding students and about 600 staff on top of that. However, my security team only comprises myself and one other person. Being able to detect security threats in real-time and, more importantly, being able to get rid of the noise is very important to me. That is, getting rid of the false positives and just focusing on the actual high threats that we see coming through is a great benefit for us.
We use Vectra AI to detect incidents because we have offices in 50 countries and 30 to 40 sensors around the world. We want to be able to have a sensor or a foothold in as many offices as possible, and Vectra AI helps us achieve that goal.
We need to move our whole data traffic over the core switches. We also want to secure our network and have it integrated into our vCenter and into our Active Directory. We have 18,000 IP addresses, and in Recall, we have uploads from about 250 GB per day.
I work as an analyst who determines how our services should be built and integrated. We use Vectra to address a lack of visibility in our client environments. The tool has the potential to solve problems in a few areas, with new features on the way. We're exploring ways to build our services on top of the Vectra platform. We are considering the various integration options and how we can build a solid portfolio using this suite of products in future services. We have other tools like Palo Alto, and we hope to leverage our services on other platforms. There are several internal integration challenges that we need to examine.
Our primary use case for this solution is network traffic analysis. When we initially launched the solution, it gave us more detection compared to what we had before, but we needed more details in the field. However, once we added the Cognito feature, Vectra AI became an important solution in our environment. We now use it as a complete cybersecurity platform for detection, analysis, and referring security alerts. Vectra AI is the best. It is a major product in our cybersecurity.
Our primary use cases for this solution are detection and then investigation afterward.
We started with it as a replacement for the functionality we had in our SIEM solution. We mainly wanted a detection metric and something that was smart enough to detect some of the more complex attacks because we can have flow data and do nothing with it. We wanted to have some strong alerting capabilities on that. We were looking to get a detailed attack and AI perspective on it. We didn't want something that only sees something as malicious and can alert on it but also detect things that are a little bit out of the ordinary, which was something we could get with this.
We wanted something to understand what's happening on the network of the company, and we wanted something to protect us against attacks and cyber activities. We wanted visibility into our network and all the threats that we're facing.
Vectra AI is an NDR tool, and my company is using it for security and insider threat detection purposes.
The key challenge we face is visibility, things that happen in isolated and pocketed environments where visibility is limited. Silos and isolated networks exist across the environment, and it's difficult to control it completely. Blind spots are the main challenges.
Our key challenges are: * People Management: It is always a struggle to coordinate the few people that we have with the necessary skills to put them on the most important topics or projects. * Cloud adoption complexity: You need to figure out which systems, applications, and interfaces are talking to which cloud component in terms of data flow. That is a rather complex topic and usually sold well by the external supplier in terms of marketing to a company. Practically speaking, it is very difficult to elaborate all the connection requirements, on-prem to cloud, cloud to cloud, e.g., what is running where, what should run, and what is not running as it should. Cognito Platform: We are using the latest on-premises version and some of the cloud services too. We are mainly operating out of Switzerland. The IT Departments are based in our headquarters. We have a large network with a lot of points of sales and other geographical locations that are interconnected. We need visibility of all the client-initiated traffic to and from our main data centers and to the Internet. We have good network coverage. Vectra is deployed on different hotspots in our network.
In terms of deployment, we have one brain and seven physical sensors. We're currently working on deploying a large number of virtual sensors, but those aren't done yet. We also have a SIEM and an EDR.
We use Cognito. The biggest challenge we face in protecting the organization against cyber attacks is mean time to detection, operating from a position of an assumed breach. Then being able to detect breaches or malicious traffic within the environment as quickly as possible to reduce dwell time. We have a small environment with only 300 users. It's very technically focused given the market that we operate in. There are two data centers, four offices, a small IT and security team. Cognito allows us to make the best investment for the most return, given we don't have dedicated SOC analysts looking at a SIEM environment.
We use it to monitor what is happening on our network, especially to protect our network from malicious activity. We also have the sensor into Office 365, so we can also monitor everything that is happening in there. At the moment, we use it to monitor all our endpoints.
Vectra was deployed to give us a view of what is happening on the user network. It helps us to check what is being done by users, if that is compliant with our policies, and if what they're doing is dangerous. It covers cyber security stuff, such as detecting bad proxies, malware infections, and using packet defense on strange behaviors, but it can also be used to help with the assessment of compliance and how my policies will apply. We also use Vectra to administer servers and for accessing restricted networks. There are on-prem modules, which are called Cognito Detect, the NDR/IDS solution, which captures traffic. We also have the SaaS data lake, and we also have the Cognito Detect for Office 365, which is a SaaS-type sensor within the O365 cloud.
Vectra AI sits across our entire estate, we have an outsource provider for a lot of our backend systems. It sits in theirs and it sits in our own estates. It's deployed across our other numerous offices across the country. It sits across our entire state.
The Detect platform that we have is on-prem. We have what's called "the brain", then we have sensors placed in different key/strategic areas in the organization. It is helping us do a lot of the monitoring. We also have some SaaS offerings from the Recall platform, which look at some of the metadata, etc. If we were doing things like incident response, it gives us a bit more granular type of information to query. However, the Cognito Detect platform is all on-prem. We are using the latest version.
We use it as an intrusion detection system to monitor traffic that's going on within our network.
One of the reasons we went with this solution was because there is less that we have to customize; it's more commercial off the shelf. Therefore, my team can spend their time doing what's most beneficial for the university, which is protecting it, not upgrading custom software. We use it to inspect and look for malicious, abusive, or other types of forbidden behavior with our north-south and east-west traffic. We not only look at traffic from our campus to the Internet, but we look at traffic internally in our network as it does network AI. It not only looks when a specific event happens, but whether, "Is this a normal event? Or is it normal for the host to do that?"
We use Vectra AI to sniff the network using Ixia taps so that we can identify potentially malicious activity on the network and at all points of the kill chain. What it's really good at is correlating seemingly unrelated events. It's in our data center, but the versioning is controlled by Vectra. They push it out discreetly so I don't have any touch on that.
We have two use cases. The first is that Vectra's platform allows us to get visibility into anomalous behavior, which, previously, we never really had access to, for threat hunting and incident response. We use it in support of our incident response operations to help supplement our investigations on hosts. We use it to correlate any suspicious activities, which is something that Vectra has been extremely accurate in, when used the right way. The second use case is that we've used the Vectra Cognito Recall and Cognito Stream devices. With these integrations, it's given us instant visibility into all the network data as well. That enables us to conduct our own hunts on our network data, data you'd see on a SIEM solution. It also gives us the ability to correlate with our playbooks because it gives us access to the data itself in much more depth and detail.
Our main intention was to see what type of visibility, in terms of detections, Vectra could give us. We use it on both our manufacturing perimeter and at the internet perimeter. That's where we have placed the devices. We have placed it across four sites, two in UAE and two outside UAE.
We use Vectra with the assumption that our other defensive controls are not working. We rely on it to be able to detect anomalous activities on our network and trigger investigation activities. It's a line of detection assuming that a breach occurred or has been successful in some way. That's our primary use case. We have it in some of other use cases, like anomalous network activity and detection for things. E.g., we are trying to refine or improve suspicious internal behaviours because we are a development technology company. We have developers doing suspicious things all the time. Therefore, we use it to help us identify when they are not behaving correctly and improve our best practices. We have it predominantly on-prem, which is a combination of physical and virtual sensors. We also have a very minor element on the cloud where we are trialing a couple of components that are not fully deployed. For the cloud deployment, we are using Azure. We are on the latest version of Cognito.
The original use case was because we had some legacy stuff that doesn't do encryption at rest. Compliancy-wise, we had to put in some additional mitigating actions to protect it. That was the start of it. Then, we extended it to check other devices/servers within our network as well. We are on the latest version.
One of the biggest things is the visibility of stopping or identifying any infection as soon as possible. In this case, if someone downloads something malicious to their workstation, we have a number of controls in place. However, it wasn't so much the endpoint. It was the spreading of a worm type scenario or a WannaCry type thing. Anything that could potentially spread after the initial infection, which is where we wanted to come in and get that visibility. It was key for us to have something that we could use for identifying as soon as possible, which would be call center initiated. That was probably our biggest thing: To push it in that direction, as we're a regulated company from the FCA. They drive us continually for improvement and behavioral analysis. Network analysis sort of falls into that bucket. We already have a SIEM, which some people would argue gives us a lot of that visibility. It doesn't tend to give it the focus that we need. From Vectra, we get a lot of alerts of, "This is happening," or, "This is unusual." This is a lot easier than waiting for a couple of logs to come in, then a bit of AI logic at the back of it to potentially push it in that direction. It's very much for us to get a view of a potential attack, then deal with it as quickly as possible. To pinpoint where it's coming from, and where it is going to go. One of the biggest things that I wanted to ensure is that it covered our call centers because that is where I see my biggest risk. So, I was really key on getting sensors across all geographic locations within the UK and in all of our small communication rooms. It is all on-premise. We have a number of call centers spread around the UK. We look at all east-west traffic, as well as north-south. It all goes into our brain in our data center. We do have some branches out in Azure, but we're waiting on the new plugin that they are trying to develop. We are just starting in on our cloud journey and most of our infrastructure is in still private cloud. We haven't really gotten to the point where we have public cloud. We're up-to-date, but I don't know the exact version number that we are on.