Vectra AI, today announced the introduction of Vectra Match. Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures.
Kevin Kennedy, SVP Products at Vectra. says as enterprises transform embracing digital identities, supply chains and ecosystems — GRC and SOC teams are forced to keep pace.
“Keeping pace with existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats. The challenge for many security organisations is doing so without adding complexity and cost.”
According to Gartner®, “recent trends in the NDR market indicate many NDR offerings have expanded to capture new categories of events and to analyse additional traffic patterns.
This includes new detection techniques: by adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines.
The move towards a more multifunction network detection aligns well with the use case of network/security operations convergence, but also with midsize enterprises.
With the addition of Vectra Match, Vectra NDR addresses core GRC and SOC use cases enabling more efficient and effective:
- Correlation and validation of threat signals for accuracy.
- Compliance for network-based CVE detection with compensating controls.
- Threat hunting, investigation and incident response processes.
David Sajoto, Vice President Vectra Asia Pacific Japan says CISOs and their SOC teams across Australia and New Zealand are working with a challenging lack of visibility across their hybrid cloud environments, as attacker behaviour continues to evolve.
“Vectra NDR now enables security teams to unify signatures for known threats and AI-driven behavior-based detection for unknown threats in a single solution,” he said
Vectra NDR with Vectra Match
Vectra NDR — a key component of the Vectra platform — provides end-to-end protection against hybrid and multicloud attacks.
Deployed on-premises or in the cloud, the Vectra NDR console is a single source of truth (visibility) and first line of defense (control) for attacks traversing cloud and data center networks.
By harnessing AI-driven Attack Signal Intelligence, Vectra NDR empowers GRC and SOC teams with:
- AI-driven Detections that think like an attacker by going beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the entire cyber kill chain post compromise, with 90% fewer blind spots and 3x more threats proactively identified.
- AI-driven Triage that knows what is malicious by utilising ML to analyse detection patterns unique to the customer’s environment to score how meaningful each detection is, thus reducing 85% of alert noise — surfacing only relevant true positive events that require analyst attention.
- AI-driven Prioritisation that focuses on what is urgent by automatically correlating attacker TTPs across attack surfaces, evaluating each entity against globally observed attack profiles to create an attack urgency rating enabling analysts to focus on the most critical threats to the organisation.
Ronald Heil, Global Risk Advisory Lead for Energy and Natural Resources and Partner at KPMG Netherlands says keeping pace with attackers exploiting known vulnerabilities and unknown threats is an immense challenge for every Security, Risk and Compliance officer.
“Today, cyber-resilience and compliance requires complete visibility and context for both known and unknown attacker methods. Without it, disrupting and containing their impact becomes an exercise in brand reputation and customer trust damage control,”
“Vectra Match capabilities allow us to combine both worlds, having the continued AI-based detection of real-time “movement”, while also having the ability to check against specific Suricata indicators — often required during incident response or proof of compliancy (e.g., Log4J).”
“Consolidating AI-based and signature-based detection enables optimisation, because in our case, less is more,” said Heil.
“When it comes to shadow IT, we know people with admin rights are ‘building boxes off the grid.’ Our SOC team cannot protect what we cannot see, thus making these unknown systems prime targets for attackers,” says Brett Fernicola, Sr. Director, Security Operations at Anywhere.re.
“No doubt, behavior-based AI-driven detections are great for catching attackers deploying new, evasive methods, but when it comes to attackers leveraging CVEs to compromise unknown, unpatched systems, we need signature-based detection,”
“Combining signature-based detection with behavior-based detection gives our SOC team visibility for both the known-unknown and unknown-unknown threats. It’s the best of both worlds,” he said
With its advanced intrusion detection capabilities, Vectra NDR provides security and risk experts with powerful tools to detect potential threats.
By providing extensive information about known and unknown threats, GRC and SOC teams can enhance the efficiency and effectiveness of their threat detection, investigation, and incident response programs and procedures.
As cyber threats continue to evolve and become increasingly sophisticated, the need for advanced network detection and response technology has never been greater.
Vectra AI is poised to lead the way in this critical field, providing organisations with the peace of mind they need to operate safely and securely
