'

Vectra AI unveils XDR platform with real-time attack signal intelligence

Threat detection and response vendor Vectra AI has announced the release of the Vectra AI Platform – a new extended detection and response (XDR) offering that uses attack signal intelligence. The platform enables organizations to integrate Vectra AI’s public cloud, identity, SaaS, and network signal data with existing endpoint detection and response (EDR) to help SOC teams keep pace with attacks, the firm said.

It uses native and third-party attack signals across hybrid cloud domains including AWS, Microsoft Azure, Google Cloud Platform, Microsoft 365, networks of all types, and endpoints leveraging the customer’s EDR tool of choice, according to Vectra AI. It also harnesses AI to analyze attacker behavior and automatically triage, correlate, and prioritize security incidents, the firm added.

XDR a growing cybersecurity market trend

XDR is very much a burgeoning trend in the current cybersecurity market, driven by organizations’ need for more advanced methods for detecting and responding to evolving attack threats. Threat detection and response has become more complex and challenging as enterprises shift more applications, workloads, and data to hybrid and multi-cloud environments, increasing the attack surface significantly.

“Regardless of how XDR is defined, security professionals are interested in using XDR to help them address several threat detection and response challenges,” said Jon Oltsik, distinguished analyst and Enterprise Strategy Group (ESG) fellow. “XDR seems like an attractive option since current tools struggle to detect and investigate advanced threats, require specialized skills, and aren’t effective at correlating alerts.”

Solution uses AI to map attacks, prioritize accounts and entities

The integrated signal the Vectra AI Platform uses enables security teams to cover more than 90% of MITRE ATT&CK techniques with patented and proven MITRE D3FEND countermeasures, map attacker progression/lateral movement across data center and cloud environments, and build/mature threat hunting programs/conduct deep forensic investigations, Vectra AI said in a press release.

Furthermore, the platform’s attack signal intelligence harnesses patented AI to:

  • Zero in on attacker behavior while privileged access analytics (PAA) focuses on accounts most useful to attackers.
  • Learn customers’ unique environments to distinguish between malicious and benign events to eliminate 80% of alert noise.
  • Prioritize entities across domains based on urgency and importance.

Respond UX Analyst Experience accelerates attack investigation

Vectra’s new product also features attack investigation capabilities to help security teams accelerate investigation and response workflows. These are appropriate for use by both experienced and junior analysts, according to the firm. The capabilities include:

  • Quick start guides to help analysts investigate prioritized entities under attack
  • Forensic analysis of Azure AD, Microsoft 365, or AWS Control Plane logs within the platform user interface
  • Large language models (LLM) that provide analysts with context on entities under attack

The platform also offers flexible response actions (native and orchestrated) that leverage over 40 ecosystem integrations, according to Vectra AI. This allows teams to manually or automatically lock down an account or isolate an endpoint, trigger security orchestration and automation (SOAR) playbooks and workflows, and streamline ticketing, communication, and escalation for incident response processes.

There are managed detection and response (MDR) elements, too, the firm said. Analyst reinforcements provide shared roles and responsibilities for monitoring, detection, investigation, hunting, and response, shared analytics on attacker behavior and emerging attacker tradecraft, tactics, techniques, and procedures, and shared transparency around SLAs, metrics, and reporting.

“In summary, CISOs want XDR tools that can improve security efficacy, especially regarding advanced threat detection. Additionally, they want XDR to streamline security operations and bolster staff productivity,” said Oltsik.

Cloud Security, Network Security, Threat and Vulnerability Management


Go to Source
Author: