Vectra AI Enhances Hybrid Attack Detection for Amazon Web Services (AWS)
Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced advancements to the Vectra AI Platform with the introduction of enhanced Cloud Detection and Response (CDR) for AWS environments. Armed with Vectra AI’s patented Attack Signal Intelligence, Vectra CDR for AWS empowers security operations centre (SOC) teams with real-time, integrated attack signals for hybrid attacks spanning network, cloud and identity domains.
As enterprises continue to move applications, workloads, and data into cloud environments, hybrid attack detection, investigation and response have become increasingly siloed and complex. According to Vectra AI’s 2023 State of Threat Detection report, 90% of SOC analysts express a lack of confidence in their ability to keep pace with the increasing volume and variety of threats — 71% expressing concerns that their organizations have already been the target of a compromise that they are yet unaware of. Additionally, 75% of SOC analysts say they don’t have the visibility they need to adequately defend their organizations.
What’s more, the growth in hybrid deployments has added significant challenges for enterprise SOC teams. While attacker goals remain the same, attacks in the cloud manifest differently from those in traditional data centre environments. Threats in the cloud focus primarily on credentials, leverage shallow kill chains and move faster compared to those observed on-premises. The same dynamic nature of the cloud enables faster innovation; however, attackers also leverage this advantage to infiltrate and compromise environments in similarly innovative ways. These fundamental differences in how attacks manifest mean defenders need to think like hybrid attackers to effectively defend the growing hybrid attack surface they are called on to protect.
According to David Sajoto, Regional Vice President, Vectra AI, Asia Pacific & Japan, “50% of critical enterprise applications will reside outside of centralized public cloud locations through 2027. As cloud computing markets and data centre infrastructure evolve, identifying the right partners and solutions to help accelerate innovation and prioritise, investigate and respond to advanced and urgent hybrid attacks in real-time becomes all the more critical.
“Vectra AI’s patented Attack Signal Intelligence empowers security teams to cut through the noise and achieve signal clarity at the speed and scale needed to stop attacks fast. Our advanced AI is programmed to think like an attacker and hone in on attacker behaviours, enabling SOC teams to effectively see and stop attacks before they become breaches,” says Sajoto.
Vectra CDR for AWS brings the latest advancements in cloud threat detection and response to the Vectra AI Platform including:
Advancements in detecting sophisticated hybrid attacks
- AI-driven event detections: Purpose-built AI detection models eliminate the need to write custom detection rules. The CDR for AWS portfolio brings together the best of Vectra AI’s security research and data science to surface multi-step sophisticated attacker behaviour across an AWS footprint.
- Real-time context on cloud-based threats: Real-time detections that reduce cloud threat detection latency, providing SOC analysts with real-time visibility to threatening activity in their AWS environment.
- Complete visibility into the entire hybrid cloud: AI-driven detection based on both AWS logs and network traffic and any other related AWS resource to accurately distinguish between malicious behaviours and routine AWS activity across different forms of cloud metadata.
- Expansive AWS coverage in minutes: Provides coverage for the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions, and across accounts, identifying previously unknown attacker activity while delivering a complete view of AWS security risk in mere minutes.
Advancements in AI-driven Attack Signal Intelligence for hybrid attacks
- Machine Learning understands which AWS account does what: Learns AWS credentials and permissions to know which accounts are most useful to attackers to pinpoint identity-based attacks.
- AI-driven prioritization: Prioritizes the most critical threats and shifts the focus from individual AWS threat events to AWS entities (hosts and accounts) under attack, reducing the time and resources needed to correlate, score and rank multiple and concurrent threat detections as they unfold.
- Complements existing native cloud investments: Vectra CDR for AWS complements investments in native tooling such as Amazon Guard Duty (which relies primarily on anomalies and signatures) and preventative posture tools to zero in on the true source and provide the most precise signal clarity.
Advancements in investigations and response for hybrid attacks
- Integrated investigations: Powerful features to support simple and advanced query-based investigations of all prioritized entities.
- End-to-end hybrid deployment visibility: Integrated attack signal that surfaces progression of threats across cloud, identity, and network environments in a single pane of glass.
- Native response capabilities: AWS lockdown capabilities provide SOC analysts and incident responders the means to isolate and remediate compromised principals.
Advancements in hybrid attack tools, training and support
- Advanced open-source toolkits: Learn to think like a hybrid attacker with open-source toolsets. DeRF, MAAD-AF and ./HAVOC are open-source tools developed by Vectra Security Researchers to help SOC teams think like an attacker and become experts in sophisticated attacker methods.
- Extensive AWS training: Vectra CDR for AWS BlueTeam workshops provide personalized hands-on training for SOC teams to hone in on skills around thwarting advanced cloud threats.
- Managed SOC experience: Vectra managed detection and response (MDR) for AWS reinforces customers’ SOC with global, 24×7 analysts trained to defend against attacks spanning hybrid footprints.