Cognito Detect provides enterprise-wide visibility into hidden cyberattackers by analyzing all network traffic from cloud to enterprise, authentication systems and SaaS applications. This leaves attackers with nowhere to hide – from cloud and data center workloads to user and IoT devices. Features: Rich metadata Cognito Detect gives you real-time visibility into cloud and enterprise traffic by extracting network metadata from packets rather than performing deep packet inspection, enabling protection without prying. Metadata analysis is applied to all internal (east-west) traffic, Internet-bound (north-south) traffic, virtual infrastructure, and cloud environments. Cognito Detect identifies, tracks, and scores every IP-enabled device from the cloud to the enterprise. Identify attacker behaviors The collected metadata is analyzed with behavioral detection algorithms that spot hidden and unknown attackers. This exposes fundamental attacker behaviors in cloud and enterprise traffic, such as remote access tools, hidden tunnels, backdoors, credential abuse, and internal reconnaissance and lateral movement. Cognito Detect continuously learns your local environment and tracks all cloud and on-premises hosts to reveal signs of compromised devices and insider threats. A wide range of cyberthreats are automatically detected in all phases of the attack lifecycle, including:

• Command-and-control and other hidden communications
• Internal reconnaissance
• Lateral movement
• Abuse of account credentials
• Data exfiltration
• Early indicators of ransomware activity
• Botnet monetization
• Attack campaigns, including the mapping of all hosts and their associated attack indicators

Automated analysis Instead of generating more events to analyze, Cognito Detect boils down mountains of data to show what matters most. Threat and certainty scores trigger notifications to your staff or a response from other enforcement points, SIEMs and forensic tools. Cognito Detect pivots to show views of hosts or related campaign detections, and analyzes event history spanning its entire lifetime to better understand the activity and full scope of attack Drive response Respond quickly and decisively to threats by putting the most relevant information and context at your fingertips. Unlike security analytics products, Cognito Detect eliminates manual investigations by automatically prioritizing and correlating threats with compromised hosts and key assets that are the target of an attack.