NWU and Vectra AI: network security innovations at SteelDrum XVIII

July 31, 2021 marked a significant date for the Ukrainian IT community. The company NWU participated in the annual all-Ukrainian professional conference for system administrators, IT department heads, and technical directors, “SteelDrum XVIII”, which traditionally took place in Lviv. This event, known for its unique atmosphere, gathers hundreds of specialists annually to exchange experiences and present the latest solutions in the field of information technology.

A distinctive feature and highlight of the event, as is traditional, is its venue – the modern art center and museum-cultural complex of beer history – “Lvivarnya”. This location provides guests with a relaxed, friendly holiday atmosphere and unforgettable impressions throughout the event, fostering informal communication and professional discussions.

---

Revolution in threat detection: NWU’s presentation on Vectra Cognito NDR

This year, NWU presented a report on: “Improving network threat visibility. Automatic network traffic analysis for threat detection.” The report was delivered by the company’s leading sales support engineer, Mykola Syomakin. The presentation generated genuine interest and numerous questions from conference participants, sparking engaging professional discussions.

The report elaborated on the advanced capabilities of Vectra Cognito NDR – a Network Detection and Response platform – a real-time threat detection and response tool for cloud environments, SaaS, data centers, and enterprise infrastructures, from the global cybersecurity solutions leader, the American company Vectra AI.

What is Vectra Cognito NDR and how does it work?

Vectra Cognito NDR is not just a monitoring tool; it’s an intelligent platform for network event detection and response. It uses advanced Artificial Intelligence (AI) and Machine Learning (ML) to detect adversary behavior and protect both hosts and users. A key feature is that the platform operates without decrypting data, ensuring maximum security and confidentiality, whether in the cloud, a data center, enterprise networks, or IoT devices.

This approach allows Vectra Cognito NDR to identify threats based on behavioral anomalies, not just signatures, which is especially important for detecting zero-day attacks and sophisticated targeted attacks that bypass traditional security measures.

Key components and their capabilities:

• Vectra Cognito Detect:
  • Automatically detects adversary behavior such as reconnaissance, lateral movement, privilege escalation, data exfiltration, and Command & Control (C2) communication.
  • Prioritizes compromised devices that pose the greatest risk, using risk metrics for hosts and accounts. This allows SOC teams to focus on the most critical incidents.
  • For example, Vectra Cognito Detect can identify when an employee, typically working in the office, suddenly accesses confidential data from an unusual geographical location or uses credentials to access a system they’ve never accessed before.
• Vectra Cognito Recall:
  • Provides powerful threat hunting tools using artificial intelligence.
  • Enables deep forensic investigations across all environments: from cloud workloads and data centers to enterprise environments.
  • Retains rich network traffic metadata for extended periods, which is critically important for retrospective analysis and reconstructing the full picture of an attack. Statistically, in 2023, the average time to detect a cyberattack was 204 days, making Cognito Recall indispensable for rapid response.
• Vectra Cognito Stream:
  • Provides scalable network metadata with enhanced security for use in customizable detection and response tools.
  • This component allows for the integration of rich network data with other security tools, improving overall visibility and coordination.

Integration Capabilities:

The Cognito platform integrates with a wide range of other security tools, enabling the creation of cohesive and effective cybersecurity ecosystems:

• EDR (Endpoint Detection and Response) – for coordinating actions on endpoints.
• SIEM (Security Information and Event Management) – for centralized log collection and analysis.
• Firewalls – for automated blocking of detected threats.
• Native/hybrid cloud solutions.

These integrations allow for the automation of response processes, significantly reducing the time from detection to threat containment.

---

SteelDrum XVIII: more than just a conference

In addition to high-quality technical presentations, the “SteelDrum XVIII” conference traditionally creates a unique atmosphere for informal networking. The unique ambiance of the “Lvivarnya” art center, along with a wide selection of craft beers, fostered informal communication. This, along with contests, jokes, and gifts, made the conference an unforgettable experience, strengthening bonds within the professional community.

This synergy of professional development and a relaxed atmosphere is the key to the success of the SteelDrum conference, which attracts more participants year after year.

---

Vectra AI – a valuable asset for cybersecurity in Ukraine via NWU

In the context of constantly increasing cyber threats and the need to ensure a high level of cyber resilience, Vectra AI solutions are strategically important for Ukrainian organizations.

Vectra AI is a powerful solution that can help organizations defend against the most sophisticated attacks, including those leveraging GenAI capabilities. Thanks to its ability to accurately and quickly detect GenAI-driven attacks, as well as provide comprehensive visibility and ease of use, the Vectra AI platform is a valuable addition to any cybersecurity program.

Vectra AI is a leader in detecting and responding to hybrid cloud threats based on security artificial intelligence. Only Vectra optimizes artificial intelligence to detect adversary methods — TTP (Tactics, Techniques, and Procedures), which are the foundation of all attacks — instead of simply alerting about “anomalies” or “other” events. The resulting highly accurate threat signal and clear context allow cybersecurity teams to quickly respond to threats and prevent attacks from escalating into full-blown breaches.

The Vectra AI platform and services cover public cloud, SaaS applications, identity systems, and network infrastructure, both on-premises and in the cloud. Organizations worldwide rely on the Vectra AI platform and services to achieve resilience against: ransomware, supply chain compromise, credential theft, and other cyber attacks.

Thanks to NWU, the official distributor of Vectra AI in Ukraine, it is now possible for the domestic IT market to buy NDR (Network Detection and Response) from a global leader. NDR is an integral part of the SOC triad alongside SIEM and EDR, ensuring a complete cycle of threat detection and response. This allows Ukrainian enterprises to significantly enhance their level of cybersecurity and more effectively counter modern threats.

---

Equip your SOC with advanced threat detection capabilities. To buy NDR for SOC or request a demo of the Vectra AI solution in Ukraine, contact NWU today.