Article icon
  • News
  • News
  • Vectra

 Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced advancements to the Vectra AI Platform with the introduction of enhanced Cloud Detection and Response for AWS environments. Armed with Vectra AI’s patented Attack Signal Intelligence, Vectra CDR for AWS empowers security operations center (SOC) teams with real-time, integrated attack signal for hybrid attacks spanning network, cloud and identity domains.

 As enterprises continue to move applications, workloads, and data into cloud environments, hybrid attack detection, investigation and response has become increasingly siloed and complex. According to Vectra AI’s 2023 State of Threat Detection report, 90% of SOC analysts express a lack of confidence in their ability to keep pace with the increasing volume and variety of threats— 71% expressing concerns that their organizations have already been the target of a compromise that they are yet unaware of. Additionally, 75% of SOC analysts say they don’t have the visibility they need to adequately defend their organizations.

 What’s more, the growth in hybrid deployments has added significant challenges for enterprise SOC teams. While attacker goals remain the same, attacks in the cloud manifest differently from those in traditional data center environments. Threats in the cloud focus primarily on credentials, leverage shallow kill chains and move faster compared to those observed on-premises. The same dynamic nature of the cloud enables faster innovation; however, attackers also leverage this advantage to infiltrate and compromise environments in similarly innovative ways. These fundamental differences in how attacks manifest mean defenders need to think like hybrid attackers to effectively defend the growing hybrid attack surfaces they are called on to protect.

 Vectra CDR for AWS brings the latest advancements in cloud threat detection and response to the Vectra AI Platform including:

Advancements in detecting sophisticated hybrid attacks 

  •  AI-driven event detections: Purpose-built AI detection models eliminate the need to write custom detection rules. The CDR for AWS portfolio brings together the best of Vectra AI's security research and data science to surface multi-step sophisticated attacker behavior across an AWS footprint.
  •  Real-time context on cloud-based threats: Real-time detections that reduce cloud threat detection latency, providing SOC analysts with real-time visibility to threatening activity in their AWS environment.
  •  Complete visibility into entire hybrid cloud: AI-driven detection based on both AWS logs and network traffic and any other related AWS resource to accurately distinguish between malicious behaviors and routine AWS activity across different forms of cloud metadata.
  •  Expansive AWS coverage in minutes: Provides coverage for the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions, and across accounts, identifying previously unknown attacker activity while delivering a complete view of AWS security risk in mere minutes.  

Advancements in AI-driven Attack SignalIntelligence for hybrid attacks

  •  Machine Learning understands which AWS account does what: Learns AWS credentials and permissions to know which accounts are most useful to attackers to pinpoint identity-based attacks.
  •  AI-driven prioritization: Prioritizes the most critical threats and shifts the focus from individual AWS threat events to AWS entities (hosts and accounts) under attack, reducing the time and resources needed to correlate, score and rank multiple and concurrent threat detections as they unfold.
  • Complements existing native cloud investments: Vectra CDR for AWS complements investments in native tooling such as AmazonGuard Duty (which relies primarily on anomalies and signatures) and preventative posture tools to zero in on the true source and provide the most precise signal clarity.

Advancements in investigations and response for hybrid attacks

  •  Integrated investigations: Powerful features to support simple and advanced query-based investigations of all prioritized entities.
  •  End-to-end hybrid deployment visibility: Integrated attack signal that surfaces progression of threats across cloud, identity, and network environments in a single pane of glass.
  •  Native response capabilities: AWS lockdown capabilities provide SOC analysts and incident responders the means to isolate and remediate compromised principals. 

Advancements in hybrid attack tools, training and support

  •  Advanced open-source toolkits: Learn to think like a hybrid attacker with open-source toolsets.  DeRF, MAAD-AF and ./HAVOC are open-source tools developed by Vectra Security Researchers to help SOC teams think like an attacker and become experts in sophisticated attacker methods.
  •  Extensive AWS training: Vectra CDR for AWS BlueTeam workshops provide personalized hands-on training for SOC teams to hone in on skills around thwarting advanced cloud threats.
  •  Managed SOC experience: Vectra managed detection and response (MDR) for AWS reinforces customers’ SOC with global, 24x7 analysts trained to defend against attacks spanning hybrid footprints.

 “The current approach to threat detection and response is fundamentally broken, as more organizations shift to hybrid environments and security teams continue to face increasing cloud complexity, alert fatigue, and analyst burnout,” said Hitesh Sheth, president and CEO of Vectra AI. “As the pioneer of AI-driven threat detection and response, our best-in-class platform delivers the most accurate integrated signal across the hybrid Enterprise to make XDR a reality at speed and scale.”

About Vectra

 Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. Only Vectra optimizes AI to detect attacker methods — the TTPs at the heart of all attacks — rather than simplistically alerting on "different." The resulting high-fidelity threat signal and clear context enables cybersecurity teams to rapidly respond to threats and stop attacks from becoming breaches. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure — both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization. For more information: This email address is being protected from spambots. You need JavaScript enabled to view it.