The extended attack coverage, signal clarity, and intelligent controls of the Vectra AI Platform for AWS enable SOC teams to move at the speed and scale of hybrid attacks
Vectra AI, the leader in AI-driven cyber threat detection and remediation for hybrid and multicloud enterprises, today announced enhancements to its Cloud Detection and Response (CDR) offering for AWS. With Vectra AI's patented Attack Signal Intelligence, Vectra CDR for AWS gives SOC teams an integrated, real-time attack signal for hybrid attacks that cross network, cloud, and identity.
As businesses continue to move applications, workloads and data to cloud environments, detecting, investigating and responding to cyber attacks have become increasingly siled and complex. According to the rapporto 2023 State of Threat Detection at Vectra AI, 90% of SOC analysts are unsure if they can keep up with the growing volume and wide variety of threats, and 71% fear their organization has already been compromised without their team even knowing about it. Additionally, 75% of SOC analysts say they lack the visibility needed to adequately defend their organization.
Additionally, the growth of hybrid environments has posed significant new challenges for enterprise SOC teams. While cybercriminals' goals remain the same, cloud attacks manifest themselves differently than they do in traditional data centers. In the cloud, threats focus primarily on credentials, leverage shallow kill-chains, and move faster than those seen on-premise. The very dynamic nature of the cloud allows for faster innovation; however, attackers also leverage this advantage to infiltrate and compromise environments. Given these fundamental differences in how attacks manifest, security teams must think differently to effectively defend the hybrid attack surfaces they are tasked with protecting.
Vectra CDR for AWS adds the latest advances in cloud-based threat detection and response to the Vectra AI Platform, including:
Advances in sophisticated hybrid attack detection
- AI-driven detections – Purpose-built AI-based detection models eliminate the need to write custom detection rules. The CDR for AWS offering brings together the best of Vectra's security research and data science to surface sophisticated, multi-layered attacker behaviors across an AWS region.
- Real-time context for cloud-based threats – Real-time detections reduce cloud threat detection latency by providing SOC analysts real-time visibility into threat activity in the AWS environment.
- Complete visibility across the entire hybrid cloud – AI-driven detection based on both AWS logs, network traffic, and any other related AWS resources, to accurately distinguish between malicious behavior and routine AWS activity through different forms of cloud metadata.
- Broad AWS coverage in minutes – Coverage of the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions and across accounts, to identify previously unknown attack activity and provide a complete view of the security risk on AWS in minutes.
Advances in AI-driven Attack Signal Intelligence for hybrid attacks
- Machine learning understands which AWS account does what: learns AWS credentials and permissions to know which accounts are most “useful” to attackers, so as to identify identity-based attacks.
- AI-driven prioritization to prioritize the most critical threats and shift focus from individual threat events on AWS to the AWS entities (hosts and accounts) under attack, reducing the time and resources needed to correlate, score, and classify multiple threat detections simultaneously as they occur.
- Complements existing cloud-native investments: Vectra CDR for AWS integrates investments in native tools such as Amazon Guard Duty (which relies primarily on anomalies and signatures) and preventive posture tools to pinpoint the true source and provide maximum signal clarity.
Progress in investigating and responding to hybrid attacks
- Integrated investigations – Powerful features to support simple and advanced queries-based investigations of all priority entities.
- End-to-end visibility of hybrid development – Integrated attack signal that brings to the surface the progression of threats from all cloud, identity and network environments in a single display.
- Native responsiveness – AWS Lockdown features provide SOC analysts and security incident responders with the tools to isolate and remediate compromised assets.
Advances in hybrid attack, training, and support tools
- Toolkit avanzati open source – Learn to think like a hybrid attacker with an open-source toolset: DeRF, MAAD-AF and Havoc are open-source tools developed by researchers at Vectra Security to help SOC teams think like an attacker and become proficient in the most sophisticated attack methods.
- Extensive AWS training: Vectra CDR for AWS BlueTeam workshops provide SOC teams with hands-on, personalized training to sharpen their capabilities to counter advanced cloud threats.
- Managed SOC experience: Vectra managed detection and response (MDR) for AWS strengthens customers' SOC with analysts available 24/7 around the world, trained to defend organizations against threats directed at hybrid environments.
“The current approach to threat detection and response is fundamentally inadequate as more organizations move to hybrid environments and security teams continue to face growing cloud complexity, ongoing alert fatigue and analyst burnout,” he said Hitesh Sheth, President and CEO of Vectra AI. “As pioneers in AI-driven cyber threat detection and response, our best-in-class platform provides the most accurate integrated signal across the entire hybrid enterprise landscape today, to make XDR a rapid, scalable reality.”
