Vectra AI has unveiled the Vectra AI Platform with Attack Signal Intelligence in a move to help security operations center (SOC) teams keep pace with the sophistication, speed and scale of hybrid cyberattacks.
Randy Schirman, Vectra's vice president of Worldwide Channels and Alliances, explained to MSSP Alert what Vectra AI Platform with Attack Signal Intelligence means for MSSPs, MSPs and other channel partners that want to secure their customers' hybrid cloud domains:
"As organizations shift more applications, workloads and data to hybrid cloud infrastructure, security teams deal with more attack surface and thus, more advanced attackers. As trusted advisors, channel partners are the go-to for security leaders and engineers for guidance. The Vectra AI Platform empowers channel partners to provide clients the integrated and extended signal they need to improve their security effectiveness, efficiency and resilience to advanced hybrid attacks."
Vectra AI Platform Uses Native and Third-Party Attack Signals
The Vectra AI Platform integrates attack signals across hybrid cloud domains, including:
- Amazon Web Services (AWS)
- Google Cloud Platform
- Microsoft 365
- Microsoft Azure
- Microsoft Azure Active Directory
- Networks
- Endpoints leveraging endpoint detection and response (EDR) tools
SOC teams can use the platform to cover more than 90% of MITRE ATT&CK techniques, Vectra said. They also can utilize AI-driven and behavior-based detection, signatures and threat intelligence to:
- Understand active attacks
- Map attacker progression and lateral movement
- Develop threat hunting programs
- Conduct forensic investigations
Vectra AI Automates Threat Detection Across Hybrid Cloud Domains
Attack Signal Intelligence uses AI to help SOC teams analyze attacker behaviors, Vectra indicated. These teams can generate insights to distinguish between malicious and benign security events and reduce alert noise. Furthermore, they can prioritize hosts and accounts across their hybrid cloud domains based on urgency and importance to speed up alert triage.
Vectra AI provides SOC teams with quick-start guides that they can use to investigate hosts and accounts that are under attack, the company stated. It also gives these teams the ability to perform forensic analysis of Azure AD, Microsoft 365 or AWS Control Plane logs. They can utilize large language models (LLMs) to complete AI-assisted investigations and gain additional context into hosts and accounts that are under attack as well.
Vectra AI Extends Amazon Security Lake Support
The Vectra AI Platform with Attack Signal Intelligence announcement comes after Vectra in June 2023 integrated its cloud detection and response (CDR) solution with Amazon Security Lake. This integration provides Security Lake users with access to Attack Signal Intelligence security findings, Vectra said. As such, Security Lake users can utilize these findings to accelerate threat detection, investigation and response.
Vectra provides managed detection and response (MDR) services, a threat intelligence automation platform and other threat detection and response solutions. The company also offers a partner program that allows MSSPs, MSPs and other technology providers to incorporate network detection and response (NDR) capabilities into their portfolios.