Sold by: Vectra AI
Vectra Threat Detection and Response for Partner Provided Consulting Engagements
4.3
Overview
Vectra Cognito is an AI-driven cloud and network detection & response (NDR) platform that provides the fastest and most efficient way to prioritize and stop attacks across cloud and data center applications and workloads, as well as user & IoT devices and accounts.
The Cognito® platform accelerates threat detection, investigation, and response using AI to enrich cloud logs and network metadata.
-
Cognito Detect™ provides the fastest most efficient way to prioritize and stop attacks across cloud, data center, applications, and workloads, as well as user & IoT devices and accounts
-
Cognito Detect for Office365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 Ecosystem
-
Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs in Zeek-format
-
Cognito Recall™ is a cloud-based application that stores and investigates threats in enriched metadata
Vectra Cognito integrates with AWS virtual private cloud (VPC) traffic mirroring to monitor all infrastructure-as-a-service traffic. Cognito also integrates with AWS Security Hub to publish Vectra detections as findings in Security Hub, enabling you to correlate Vectra attacker detections with other data sources for faster threat hunting and incident investigations.
For questions on how Vectra AI will work within your environment, please contact: aws-marketplace@vectra.ai
Highlights
- AI-driven threat hunting with Highest-fidelity data source. AI-enriched network metadata. Deep protocol visibility, not just connectivity attributes
- Vectra Cognito Detect is the only solution that can track and link cloud identity with on premises hosts to stop ransomware originating in one
- Deep integration with AWS Services (Traffic Mirroring, Cloudtrail, VPC Flowlogs), EPP Vendors (Crowdstike, Defender, SentinelOne), SIEMs (Splunk, Sentinel, ArcSight) and other services (zScaler, ServiceNow, PaloAlto, VMWare)
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Detect for PPC | Platform for Partner Provided Consulting - billed monthly | $15,000.00 |
O365 for PPC | Detect for O365 - Partner Provided Consulting - billed monthly | $60.00 |
Dimension | Cost/unit |
|---|---|
Cognito Platform for Partner Provided Consulting - Platform Overages | $1.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
support@vectra.ai https://www.vectra.ai/support or call us at (408) 326-2022 (US)
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Vectra Sensors are deployed in VPCs to monitor AWS deployments to detect hidden threats without requiring any endpoint agents.
For security leaders, builders, and operators, who are tasked with protecting a complex, ever-changing environment from attack, Vectra AI protects modern networks from modern attacks. When modern attackers beat customers' existing controls - and they will, Vectra AI sees their every move, connects the dots, prioritizes and stops the attack in real-time. Our customers say we are the cybersecurity AI that stops attacks others can't.
The Vectra Stream connector outputs Bro/Zeek formatted metadata from the Vectra Network Detection and Response Platform to any data-lake.
Vectra Detect for AWS identifies attacks across your global AWS IaaS and PaaS footprint early to stop misconfiguration, credential theft and supply chain compromise from turning into breaches. Vectra Detect enables SecOps to investigate and respond to attacks efficiently.
Customer reviews
Manufacturing
Vectra AI: Fast, Insightful Threat Detection with Strong M365 and Azure AD Integration
Reviewed on Apr 02, 2026
Review provided by G2
What do you like best about the product?
Vectra AI was a valuable addition to our cybersecurity tools. It helps us protect our assets and the company network from modern attacks.
Our security analysts use Vectra AI to go through detections of anomalies in our environment. Easily integrated with M365 and Azure AD.
We were able to quickly identify and prevent data leakage by investigating a suspicious M365 mail forwarding detection by Vectra AI. Other M365 detections we observed included risky Exchange Operations, Phishing simulation configuration change, Suspect eDiscovery Usage, Malicious links sent by external Teams user, and many more.
Detections that helped our SOC team prevent a major cyber incident was Azure AD Admin account creation, Login attempts from a disabled account, Azure AD TOR activity, Azure AD Suspicious device registration, among others.
A great feature is the AI intelligence as well as the Vectra AI Post-Quantum Cryptography Readiness dashboard. Quantum computing threatens today's public-key cryptography, putting SSH and TLS key exchanges at risk of future decryption. This Vectra AI dashboard highlights hosts and daily SSH connections still relying on non-PQC key exchange, helping us identify exposure and prioritize migration to quantum-resistant algorithms.
The interface loads fast and offers clear visualization allowing our SOC analysts to explore our environment to uncover emerging threats.
When assistance was needed, we received fast and professional support from the vendor.
Cost may be a limitation for some, however, for us being a large company with permissive budget, it was a good investment for the value it brought.
Our security analysts use Vectra AI to go through detections of anomalies in our environment. Easily integrated with M365 and Azure AD.
We were able to quickly identify and prevent data leakage by investigating a suspicious M365 mail forwarding detection by Vectra AI. Other M365 detections we observed included risky Exchange Operations, Phishing simulation configuration change, Suspect eDiscovery Usage, Malicious links sent by external Teams user, and many more.
Detections that helped our SOC team prevent a major cyber incident was Azure AD Admin account creation, Login attempts from a disabled account, Azure AD TOR activity, Azure AD Suspicious device registration, among others.
A great feature is the AI intelligence as well as the Vectra AI Post-Quantum Cryptography Readiness dashboard. Quantum computing threatens today's public-key cryptography, putting SSH and TLS key exchanges at risk of future decryption. This Vectra AI dashboard highlights hosts and daily SSH connections still relying on non-PQC key exchange, helping us identify exposure and prioritize migration to quantum-resistant algorithms.
The interface loads fast and offers clear visualization allowing our SOC analysts to explore our environment to uncover emerging threats.
When assistance was needed, we received fast and professional support from the vendor.
Cost may be a limitation for some, however, for us being a large company with permissive budget, it was a good investment for the value it brought.
What do you dislike about the product?
Initial setup required some reading and calls to support. Cost may be a limitation for some.
What problems is the product solving and how is that benefiting you?
Vectra AI helps us protect our assets and the company network from modern attacks. It is a very powerful solution that offers large amount of data neatly presented through very intuitive and modern interface.
Higher Education
Easy to Learn, Clear, and Truly Helpfulclear use of product
Reviewed on Feb 19, 2026
Review provided by G2
What do you like best about the product?
easy to work with and clear method of learning to use
What do you dislike about the product?
i have zero problems with it and find it quite helpful
What problems is the product solving and how is that benefiting you?
it is helping us to do better threat hunting and know things before they become problems
Paul D.
Team Manager, Enterprise Information Security
Reviewed on Sep 17, 2020
Review provided by G2
What do you like best about the product?
Ease of deployment, intuitive UI, and easy to work with sales and support staff.
What do you dislike about the product?
Reporting is lacking, currently only one report available with different timelines, also no ability to export from the console.
What problems is the product solving and how is that benefiting you?
Visibility of network traffic, analysis of network traffic, and baselining.
Joel V.
Easy to deploy and works great at finding evil.
Reviewed on Sep 11, 2020
Review provided by G2
What do you like best about the product?
Vectra finds what other controls miss. It is used to help with network visibility and integrates great with Splunk. We have passed every pen test since Vectra was deployed. The company has really listened to the customers and made big improvements over the last three years.
What do you dislike about the product?
It can get expensive if you have a lot of offices. The appliances are not cheap so if you have a bunch of smaller offices it can start to add up.
What problems is the product solving and how is that benefiting you?
Network visibility in east-west traffic is our primary use. Because we ingest the data in Splunk it is also used to evaluate incidents and help make decisions on incident prioritization.
Recommendations to others considering the product:
Vectra helps IR teams with prioritizing events. It can take some time to get everything reporting correctly so use the Vectra resources to help create the rules and whitelisting events is recommended.
Information Technology and Services
Unbeaten speed of innovation
Reviewed on Aug 27, 2020
Review provided by G2
What do you like best about the product?
Vectra does what it says on the tin, but goes beyond in providing a constant. speed of innovation that means they are constantly releasing new features. and detections, helping us to keep up to speed with any threats on our network
What do you dislike about the product?
As with any security tool, the alerts! But thankfully by monitoring the. quadrant based approach serious issues boil up for quick investigation.
What problems is the product solving and how is that benefiting you?
East-west visibility and identification of dark/unknown IT