Vectra AI announced advancements to the Vectra AI Platform with the introduction of enhanced Cloud Detection and Response (CDR) for AWS environments. Armed with Vectra AI’s patented Attack Signal Intelligence, Vectra CDR for AWS empowers security operations centre (SOC) teams with real-time, integrated attack signal for hybrid attacks spanning network, cloud and identity domains.
As enterprises continue to move applications, workloads, and data into cloud environments, hybrid attack detection, investigation and response has become increasingly siloed and complex. According to Vectra AI’s 2023 State of Threat Detection report, 90% of SOC analysts express a lack of confidence in their ability to keep pace with the increasing volume and variety of threats — 71% expressing concerns that their organisations have already been the target of a compromise that they are yet unaware of. Additionally, 75% of SOC analysts say they don’t have the visibility they need to adequately defend their organisations.
What’s more, the growth in hybrid deployments has added significant challenges for enterprise SOC teams. While attacker goals remain the same, attacks in the cloud manifest differently from those in traditional data centre environments. Threats in the cloud focus primarily on credentials, leverage shallow kill chains and move faster compared to those observed on-premises. The same dynamic nature of the cloud enables faster innovation; however, attackers also leverage this advantage to infiltrate and compromise environments in similarly innovative ways. These fundamental differences in how attacks manifest mean defenders need to think like hybrid attackers to effectively defend the growing hybrid attack surfaces they are called on to protect.
Vectra CDR for AWS brings the latest advancements in cloud threat detection and response to the Vectra AI Platform including:
Advancements in detecting sophisticated hybrid attacks
- AI-driven event detections: Purpose-built AI detection models eliminate the need to write custom detection rules. The CDR for AWS portfolio brings together the best of Vectra AI’s security research and data science to surface multi-step sophisticated attacker behavior across an AWS footprint.
- Real-time context on cloud-based threats: Real-time detections that reduce cloud threat detection latency, providing SOC analysts with real-time visibility to threatening activity in their AWS environment.
- Complete visibility into entire hybrid cloud: AI-driven detection based on both AWS logs and network traffic and any other related AWS resource to accurately distinguish between malicious behaviors and routine AWS activity across different forms of cloud metadata.
- Expansive AWS coverage in minutes: Provides coverage for the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions, and across accounts, identifying previously unknown attacker activity while delivering a complete view of AWS security risk in mere minutes.
Advancements in AI-driven Attack Signal Intelligence for hybrid attacks
- Machine Learning understands which AWS account does what: Learns AWS credentials and permissions to know which accounts are most useful to attackers to pinpoint identity-based attacks.
- AI-driven prioritisation: Prioritizes the most critical threats and shifts the focus from individual AWS threat events to AWS entities (hosts and accounts) under attack, reducing the time and resources needed to correlate, score and rank multiple and concurrent threat detections as they unfold.
- Complements existing native cloud investments: Vectra CDR for AWS complements investments in native tooling such as Amazon Guard Duty (which relies primarily on anomalies and signatures) and preventative posture tools to zero in on the true source and provide the most precise signal clarity.
Advancements in investigations and response for hybrid attacks
- Integrated investigations: Powerful features to support simple and advanced query-based investigations of all prioritised entities.
- End-to-end hybrid deployment visibility: Integrated attack signal that surfaces progression of threats across cloud, identity, and network environments in a single pane of glass.
- Native response capabilities: AWS lockdown capabilities provide SOC analysts and incident responders the means to isolate and remediate compromised principals.
Advancements in hybrid attack tools, training and support
- Advanced open-source toolkits: Learn to think like a hybrid attacker with open-source toolsets. DeRF, MAAD-AF and ./HAVOC are open-source tools developed by Vectra Security Researchers to help SOC teams think like an attacker and become experts in sophisticated attacker methods.
- Extensive AWS training: Vectra CDR for AWS BlueTeam workshops provide personalised hands-on training for SOC teams to hone in on skills around thwarting advanced cloud threats.
- Managed SOC experience: Vectra managed detection and response (MDR) for AWS reinforces customers’ SOC with global, 24×7 analysts trained to defend against attacks spanning hybrid footprints.
“The current approach to threat detection and response is fundamentally broken, as more organisations shift to hybrid environments and security teams continue to face increasing cloud complexity, alert fatigue, and analyst burnout,” said Hitesh Sheth, president and CEO of Vectra AI. “As the pioneer of AI-driven threat detection and response, our best-in-class platform delivers the most accurate integrated signal across the hybrid Enterprise to make XDR a reality at speed and scale.”