Vectra AI, a provider of hybrid attack detection, investigation, and response solutions, has unveiled advanced capabilities for Amazon Web Services (AWS) on its Vectra AI Platform. The Cloud Detection and Response (CDR) for AWS, fortified by Vectra AI’s patented Attack Signal Intelligence, equips Security Operations Center (SOC) teams with real-time, cohesive attack signals spanning network, cloud, and identity domains.
In an era where enterprises are progressively transitioning applications, workloads, and data to cloud environments, the complexity of hybrid attack detection, investigation, and response has surged. According to Vectra AI’s 2023 State of Threat Detection report, 90% of SOC analysts lack confidence in keeping up with the escalating volume and diversity of threats. Alarmingly, 71% fear that their organizations may have fallen victim to a compromise they are unaware of. Furthermore, 75% of SOC analysts express a deficiency in the visibility required for effective defense.
The surge in hybrid deployments has presented considerable challenges for enterprise SOC teams. While attacker objectives remain consistent, cloud-based attacks exhibit different characteristics from traditional data center environments. Cloud threats focus primarily on credentials, employ shallow kill chains, and move with greater speed. While the dynamic nature of the cloud fosters innovation, attackers exploit this advantage to infiltrate and compromise environments in equally innovative ways. To counteract these fundamental differences in attack manifestations, defenders must adopt a mindset akin to hybrid attackers.
Vectra CDR for AWS introduces cutting-edge features to the Vectra AI Platform, including:
Advancements in detecting sophisticated hybrid attacks:
– AI-driven event detections: Purpose-built AI detection models eliminate the need for custom rules, identifying multi-step sophisticated attacker behavior across AWS environments.
– Real-time context on cloud-based threats: Minimizes cloud threat detection latency, offering SOC analysts real-time visibility into threatening activities within AWS.
Advancements in AI-driven Attack Signal Intelligence for hybrid attacks:
– Machine Learning understands AWS account activity: Learns AWS credentials and permissions to identify accounts most valuable to attackers in pinpointing identity-based attacks.
– AI-driven prioritization: Prioritizes critical threats and shifts focus from individual AWS threat events to attacked AWS entities, reducing time and resources needed to correlate, score, and rank concurrent threat detections.
Advancements in investigations and response for hybrid attacks:
– Integrated investigations: Features robust support for both simple and advanced query-based investigations of prioritized entities.
– End-to-end hybrid deployment visibility: Offers an integrated attack signal that reveals the progression of threats across cloud, identity, and network environments in a unified view.
– Native response capabilities: Utilizes AWS lockdown capabilities, enabling SOC analysts and incident responders to isolate and remediate compromised principals.
Advancements in hybrid attack tools, training, and support:
– Advanced open-source toolkits: Offers open-source toolsets such as DeRF, MAAD-AF, and ./HAVOC to assist SOC teams in thinking like attackers and mastering sophisticated attack methods.
– Extensive AWS training: Conducts Vectra CDR for AWS BlueTeam workshops, providing hands-on training for SOC teams to enhance skills in thwarting advanced cloud threats.
– Managed SOC experience: Provides Vectra managed detection and response (MDR) for AWS, reinforcing customer SOCs with globally available, 24×7 analysts trained to defend against attacks spanning hybrid footprints.
Hitesh Sheth,
President and CEO of Vectra AI
“The current approach to threat detection and response is fundamentally broken. As more organizations shift to hybrid environments and security teams face increasing cloud complexity, alert fatigue, and analyst burnout, our best-in-class platform delivers the most accurate integrated signal across the hybrid Enterprise to make XDR a reality at speed and scale.”