Vectra AI Adds Advanced Hybrid Attack Detection, Investigation and Response Capabilities for Amazon Web Services (AWS)
The Vectra AI Platform Extends Attack Coverage, Signal Clarity and Intelligent Controls forย AWS to Arm SOC Teams to Move at the Speed and Scale of Hybrid Attackers
Posted: Wednesday, Nov 15
  • KBI.Media
  • $
  • Vectra AI Adds Advanced Hybrid Attack Detection, Investigation and Response Capabilities for Amazon Web Services (AWS)
Vectra AI Adds Advanced Hybrid Attack Detection, Investigation and Response Capabilities for Amazon Web Services (AWS)

The Vectra AI Platform Extends Attack Coverage, Signal Clarity and Intelligent Controls forย AWS to Arm SOC Teams to Move at the Speed and Scale of Hybrid Attackers

 

Australia and New Zealand โ€“ November 15, 2023 โ€“ Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced advancements to the Vectra AI Platform with the introduction of enhanced Cloud Detection and Response (CDR)๏ฟผ for AWS environments. Armed with Vectra AIโ€™s patented Attack Signal Intelligence, Vectra CDR for AWS empowers security operations center (SOC) teams with real-time, integrated attack signal for hybrid attacks spanning network, cloud and identity domains.

 

As enterprises continue to move applications, workloads, and data into cloud environments, hybrid attack detection, investigation and response has become increasingly siloed and complex. According to Vectra AIโ€™s 2023 State of Threat Detection report, 90% of SOC analysts express a lack of confidence in their ability to keep pace with the increasing volume and variety of threats โ€” 71% expressing concerns that their organizations have already been the target of a compromise that they are yet unaware of. Additionally, 75% of SOC analysts say they donโ€™t have the visibility they need to adequately defend their organizations.ย 

 

Whatโ€™s more, the growth in hybrid deployments has added significant challenges for enterprise SOC teams. While attacker goals remain the same, attacks in the cloud manifest differently from those in traditional data center environments. Threats in the cloud focus primarily on credentials, leverage shallow kill chains and move faster compared to those observed on-premises. The same dynamic nature of the cloud enables faster innovation; however, attackers also leverage this advantage to infiltrate and compromise environments in similarly innovative ways. These fundamental differences in how attacks manifest mean defenders need to think like hybrid attackers to effectively defend the growing hybrid attack surfaces they are called on to protect.ย 

 

According to Chris Fisher, Director of Security Engineering, Vectra AI, Asia Pacific and Japan, โ€œThe reality is that the cyber security defense principles of the past decade are broken. Security teams can no longer rely heavily on signatures, anomalies and rules to see and stop cyber criminals. Today, as organisations shift more applications and data to the cloud, we are battling the โ€˜spiral of moreโ€™ โ€“ more attack surface for attackers to exploit, more methods for attackers to evade defenses and progress laterally and more noise, complexity and hybrid attacks.ย 

 

โ€œEnterprises will be hybrid forever โ€“ and so will attackers. It is more important than ever for companies to cut through the noise and achieve signal clarity at the speed and scale needed to stop cyber criminals from infiltrating the organisation and exfiltrating data,โ€ says Fisher.ย 

 

Vectra CDR for AWS brings the latest advancements in cloud threat detection and response to the Vectra AI Platform including:

 

Advancements in detecting sophisticated hybrid attacks

 

  • AI-driven event detections: Purpose-built AI detection models eliminate the need to write custom detection rules. The CDR for AWS portfolio brings together the best of Vectra AI’s security research and data science to surface multi-step sophisticated attacker behavior across an AWS footprint.
  • Real-time context on cloud-based threats: Real-time detections that reduce cloud threat detection latency, providing SOC analysts with real-time visibility to threatening activity in their AWS environment.
  • Complete visibility into entire hybrid cloud: AI-driven detection based on both AWS logs and network traffic and any other related AWS resource to accurately distinguish between malicious behaviors and routine AWS activity across different forms of cloud metadata.ย 
  • Expansive AWS coverage in minutes: Provides coverage for the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions, and across accounts, identifying previously unknown attacker activity while delivering a complete view of AWS security risk in mere minutes.

ย 

Advancements in AI-driven Attack Signal Intelligence for hybrid attacks

 

  • Machine Learning understands which AWS account does what: Learns AWS credentials and permissions to know which accounts are most useful to attackers to pinpoint identity-based attacks.ย 
  • AI-driven prioritization: Prioritizes the most critical threats and shifts the focus from individual AWS threat events to AWS entities (hosts and accounts) under attack, reducing the time and resources needed to correlate, score and rank multiple and concurrent threat detections as they unfold.
  • Complements existing native cloud investments: Vectra CDR for AWS complements investments in native tooling such as Amazon Guard Duty (which relies primarily on anomalies and signatures) and preventative posture tools to zero in on the true source and provide the most precise signal clarity.

 

Advancements in investigations and response for hybrid attacks

ย 

  • Integrated investigations: Powerful features to support simple and advanced query-based investigations of all prioritized entities.ย 
  • End-to-end hybrid deployment visibility: Integrated attack signal that surfaces progression of threats across cloud, identity, and network environments in a single pane of glass.
  • Native response capabilities: AWS lockdown capabilities provide SOC analysts and incident responders the means to isolate and remediate compromised principals.

 

Advancements in hybrid attack tools, training and support

ย 

  • Advanced open-source toolkits: Learn to think like a hybrid attacker with open-source toolsets. DeRF, MAAD-AF and ./HAVOC are open-source tools developed by Vectra Security Researchers to help SOC teams think like an attacker and become experts in sophisticated attacker methods.
  • Extensive AWS training: Vectra CDR for AWS BlueTeam workshops provide personalized hands-on training for SOC teams to hone in on skills around thwarting advanced cloud threats.ย 
  • Managed SOC experience: Vectra managed detection and response (MDR) for AWS reinforces customersโ€™ SOC with global, 24×7 analysts trained to defend against attacks spanning hybrid footprints.

 

For more information

  • Click here to learn more about the Vectra AI Platform
  • Click here to learn more about Vectra CDR for AWS

Supporting Resources

 

About Vectra AI, Inc.ย 

Vectra AI, Inc. is the leader in hybrid attack detection, investigation and response. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Vectra AIโ€™s patented Attack Signal Intelligence empowers security teams to rapidly detect, prioritize, investigate and stop the most advanced hybrid cyber-attacks. With 35 patents in AI-driven detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI Platform and MDR services to move at the speed and scale of hybrid attackers. For more information, visit www.vectra.ai.

Share This