The new Vectra Match capability improves network detection and response to provide visibility into known and unknown threats
Vectra AI, a leader in AI-driven cyber threat detection and remediation for hybrid and multicloud enterprises, today announced the introduction of Vectra Match. The new feature adds signature-based intrusion detection to Vectra's Network Detection and Response (NDR) solution, enabling security teams to accelerate their evolution towards threat detection and response. based on AI without sacrificing the investments already made in the signatures themselves.
“As businesses transform today, including identities, supply chains and digital ecosystems, Governance, Risk and Compliance (GRC) teams and Security Operation Centers (SOCs) are forced to keep pace. Staying ahead of existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats. The challenge for many security organizations is to do this without adding complexity and cost,” he says Kevin Kennedy, SVP Products di Vectra. “Vectra NDR now enables security teams to unify signatures for known threats and behavior-based, AI-driven detection for unknown threats in a single solution.”
With the addition of Vectra Match, Vectra NDR solves key GRC team and SOC use cases, enabling greater efficiency and effectiveness and offering:
- correlation and validation of threat signals to ensure maximum accuracy
- compliance per il rilevamento CVE (Common Vulnerabilities & Exposures) basato sulla rete con controlli compensativi
- threat hunting, investigation and incident response processes.
According to Gartner®, “recent NDR market trends indicate that many NDR offerings have expanded to capture new event categories and analyze additional traffic patterns. This includes new detection techniques adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines. This shift towards multifunctional network detection aligns well with the convergence of network and security operations, but also with the needs of medium-sized businesses."[1].
“The attack surface available to cybercriminals continues to grow exponentially, creating unknown threats on top of the tens of thousands of vulnerabilities already known. Attackers simply have exponentially more ways to infiltrate an organization and exfiltrate data, and they do so with far greater frequency, speed, and impact. Keeping pace with attackers exploiting known vulnerabilities and unknown threats is an immense challenge for every security, risk and compliance manager,” he says Ronald Heil, Global Risk Advisory Lead for Energy and Natural Resources and Partner at KPMG Netherlands. “Today, cyber resilience and compliance require complete visibility and context into known and unknown attack methods. In the absence of these elements, blocking and containing the impact of attacks becomes a mere exercise in controlling the damage to the brand's reputation and customer trust. Vectra Match's capabilities allow us to combine both worlds, with continuous, AI-based detection of 'movements' in real time and the ability to check for specific Suricata indicators, often required during incident response or proofing of compliance (as in the case of Log4J). Consolidating detection based on AI and signatures allows for optimization, because in our case, less is more.”
“The phenomenon of shadow IT does nothing but increase the spaces not subject to controls. Our SOC team can't protect what it doesn't have visibility into, making these unknown systems prime targets for attackers. No doubt, behavior-based and AI-driven detections are great for catching attackers implementing new evasion methods, but when it comes to attacks that exploit CVEs to compromise unknown, unpatched systems, we need AI-driven detection. on signatures. Combining this type of detection with behavior-based detection gives the SOC team visibility into both known and unknown threats. It's the best of both worlds,” he says Brett Fernicola, Sr. Director, Security Operations di Anywhere.it.
Vectra NDR con Vectra Match
Vectra NDR – a key component of the Vectra platform – provides end-to-end protection against hybrid and multicloud attacks. Deployed on-premises or in the cloud, the Vectra NDR console is a single source of visibility and the first line of control for attacks that traverse cloud and data center networks. Leveraging AI-powered Attack Signal Intelligence, Vectra NDR offers GRC and SOC teams:
- AI-driven detection, which “thinks” like an attacker, going beyond signatures and anomalies to understand attacker behavior and recognize TTPs (tactics, techniques and procedures) across the entire cyber kill chain after compromise, with 90% in fewer blind spots and three times as many threats proactively identified.
- AI-driven triage, which recognizes what is malicious by using machine learning to analyze detection patterns unique to the customer's environment, in order to assign a score to the significance of each detection, thus reducing 85% of the background noise of alerts and making only the truly relevant positive events that require the analyst's attention emerge.
- AI-driven prioritization, which focuses on what is urgent, automatically correlating attackers' TTPs across attack surfaces and evaluating each entity against observed attack profiles globally, to create an attack urgency rating that allows analysts to focus on the most critical threats to the organization.
Vectra NDR offers security and risk professionals superior intrusion detection. With a rich context of known and unknown threats, GRC and SOC teams not only improve the effectiveness of their threat detection, but also the efficiency of their threat hunting, investigation and incident response programs and processes. Vectra NDR with Vectra Match is available today for evaluation and purchase.
[1] Gartner Market Guide for Network Detection and Response, Published 14 December 2022 – ID G00730869 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
