Vectra AI continues to expand XDR platform to monitor exposure to attackers
Vectra AI, the leader in AI-driven XDR (extended detection and response), today announced the expansion of its Vectra AI Platform, which now equips security operations centre (SOC) teams with active posture to proactively discover and pinpoint where their hybrid environment is exposed to attackers. With this expansion, Vectra AI Platform’s patented Attack Signal Intelligence now provides a holistic view with analytics to discover, deter, detect, and disrupt hybrid attackers.
To keep pace with attackers, it is critical for SOC teams to know where the organisation is exposed to hybrid attacker infiltration, progression, and lateral movement across the entire hybrid environment. Failure to stay on top of a dynamic, ever-changing hybrid attack surface enables attackers to progress their campaigns to remain unseen and unstopped.
“At Vectra AI we are constantly innovating to keep up with the evolving attack landscape and stay one step ahead of attackers,” said Hitesh Sheth, Founder and CEO of Vectra AI. “As the leader in AI-driven XDR, we believe that SOC teams must have a view of their active posture to understand their exposure to attackers. With that foundation, they must be armed with the right information to actively seek out and identify active attacks across their networks, identities, clouds and GenAI tools. The Vectra AI Platform is rooted in a methodology that integrates security research, data science/machine learning engineering and user experience focused on one mission: use AI to deliver accurate attack signal at speed and scale.”
With the proactive defence of Vectra AI Attack Signal Intelligence, SOC teams receive a comprehensive view of their network, identity, cloud, and GenAI active posture. Active posture across the hybrid environment provides SOC teams with a real-time view of how the attack surface they are tasked to defend is changing, that other tools relying on static information cannot. Armed with the active posture component of Attack Signal Intelligence, SOC teams proactively discover security gaps related to what users and machines are actually doing. This is accomplished by monitoring 20+ different AI-enhanced data streams and hundreds of different attributes that enable teams to stop a future threat. It finds gaps that other tools miss like:
- Identity hygiene issues such as account logins without two-factor authentication, use of legacy sign-in protocols, weak location-based access controls and overly permissive access to tools like the backend Microsoft Graph API or PowerShell. In a given week, 99% of organisations have more than one user accessing Azure AD through Powershell or some scripting engine, any of which can be hijacked by an attacker and abused.
- Network posture with visibility into network risks like external RDP access, IPMI usage, weak or non-encrypted data transfers, and SMB1 usage. More than one-third of organisations still have SMBv1 enabled, opening them to ransomware and other attacker vulnerabilities.
- Clarity on Copilot for M365 usage across the organisation allows teams to understand adoption and use, enabling improved governance around data access controls and permissions, including potential attacker abuse. Vectra AI sees that over 40% of organisations have started adopting Copilot for M365 in their environment.
“Vectra AI’s XDR platform with Attack Signal Intelligence equips the SOC with a complete view of their hybrid environment – not just to determine if their network, identity, or cloud has already been compromised – but if something is operating in a way that may lead to a future compromise,” said Jeff Reed, Chief Product Officer of Vectra AI. “Customers who are already using the Vectra AI Platform can now effectively discover, deter, detect, and disrupt hybrid attackers, proactively addressing the full cycle of a potential breach, and utilise these capabilities free of charge.”
Sharat Nautiyal (pictured), Director of Security Engineering, Vectra AI, APJ, added, “AI in cybersecurity is the future and businesses that don’t look at AI as a critically important component of their defence against automated attacks will be vulnerable. Particularly, as adoption rates of Gen AI productivity tools like Copilot for M365 continue to accelerate. Advanced AI delivered in an integrated attack signal could stop today’s most challenging hybrid cyberattacks. It also helps take the ambiguity out of security analysts’ day and enable them to focus on what matters.”