The Vectra AI Platform with patented Attack Signal Intelligence has been introduced to deliver the integrated signal enterprises need to fulfill the promise of extended detection and response (XDR).
With the Vectra AI Platform, enterprises can integrate endpoint detection and response (EDR) signal with Vectra AI’s public cloud, identity, SaaS and network signal to arm SOC teams to keep pace with hybrid attacks.
As enterprises shift more applications, workloads and data to hybrid and multi-cloud environments, threat detection and response becomes more siloed and complex. Without an effective XDR solution for advanced hybrid attackers, security teams face a vicious spiral of more attack surfaces, more evasive attacker methods more alerts and thus, more SOC analyst workload and burnout.
The Vectra AI Platform integrates native and third-party attack signals across hybrid cloud domains including AWS, Microsoft Azure, Google Cloud Platform, Microsoft 365, Microsoft Azure AD, networks of all types, and endpoints leveraging the customer’s Endpoint Detection and Response (EDR) tool of choice.
The Vectra AI Platform integrated signal enables security teams to:
- Cover more than 90 percent of MITRE ATT&CK techniques with patented and proven MITRE D3FEND countermeasures.
- Combine AI-driven behavior-based detection, signatures and threat intelligence for the most accurate representation of active attacks in progress
- Map attacker progression and lateral movement from data center to cloud, cloud to data center and cloud to cloud.
Vectra AI Attack Signal Intelligence harnesses patented AI to automate threat detection, triage, and prioritization across hybrid cloud domains, by:
- Zeroing in on attacker behavior, analyzing in many dimensions to see real attacks in a sea of different while patented Privileged Access Analytics (PAA) focuses on accounts most useful to attackers
- Learning customers’ unique environments to distinguish between malicious and benign events to eliminate 80 percent of alert noise
- Prioritizing entities (hosts and accounts) across domains based on urgency and importance, saving individual SOC analysts over three hours per day of alert triage
With Vectra AI, security teams accelerate investigation and response workflows with integrated investigations sophisticated enough for experienced analysts, simple enough for junior analysts. New capabilities include:
- Instant Investigations arm analysts of every skill-level with quick start guides to investigate prioritized entities under attack
- Advanced Investigation enables forensic analysis of Azure AD, Microsoft 365 or AWS Control Plane logs directly in the platform user interface (UI)
- AI-Assisted Investigation leverages large language models (LLMs) to provide analysts with a simple way to gather 360 degrees of context on entities under attack
The Vectra AI Platform puts humans in control of response by offering flexible response actions native and orchestrated leveraging more than 40 ecosystem integrations to:
- Manually or automatically lock down an account, or isolate an endpoint
- Trigger security orchestration and automation (SOAR) playbooks and workflows
- Streamline ticketing, communication, and escalation for incident response processes
SOC teams continue to be stretched thin as the volume and variety of high-speed hybrid and multi-cloud attacks grows. With the Vectra AI Platform, enterprises can take advantage of analyst reinforcements in the form of MDR services, including:
- Shared roles and responsibilities for monitoring, detection, investigation, hunting and response.
- Shared analytics on attacker behavior and emerging attacker tradecraft, tactics, techniques, and procedures
- Shared transparency around SLAs, metrics, and reporting
Click here to learn more about the Vectra AI Platform.