The Vectra AI Platform vs Hybrid Attacks [Demo 1]

Logo
Presented by

Kevin Kennedy

About this talk

FictoTech's hybrid Cloud environment leverages Vectra's AI to analyze billions of network events, tens of millions of AWS events, and millions of Azure AD M365 events daily, all in real time. On the day of the attack, Vectra raised three distinct alerts to FictoTech's SOC. Each of these alerts was directly linked to the ongoing attack. The initial alert pertained to the marketing server, where the attack originated. The second alert flagged an account that had been compromised and subsequently exploited across the data center, cloud, and SAS. The third alert identified an administrative server deep within the data center that was being used as a pivot point to advance the attack. This third alert served as a clear indicator that prompted FictoTech to respond swiftly, aiming to neutralize the adversary before any harm occurred. While there was an early indication that FictoTech could have thwarted the attack while it was contained to the marketing server, either through Vectra's automated response or their own predefined protocols, their approach paralleled that of numerous seasoned SOCs. FictoTech's decision was to closely monitor the attack's progression, driven by their desire to gather comprehensive insights into the adversary's actions. This strategic choice aimed to facilitate a deeper understanding of the adversary's motives and techniques, subsequently enhancing FictoTech's future security measures. The confidence in their ability to meticulously track every phase of the attack allowed FictoTech to offer an in-depth walkthrough, providing an end-to-end perspective of the incident.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (17)
Subscribers (1215)
Vectra® is the leader in Security AI-driven cyber threat detection and response for hybrid cloud. Vectra’s patented Attack Signal Intelligence™ detects and prioritizes threats across public cloud, SaaS, identity, and networks in a single platform. Vectra’s Attack Signal Intelligence goes beyond simple anomaly detection to analyze and understand attacker behavior. The resulting high-fidelity signal and deep context enables security operations teams to prioritize, investigate and respond to cyber-attacks in progress sooner and faster. Organizations worldwide rely on the Vectra platform and MDR services to stay ahead of modern cyber-attacks. Visit www.vectra.ai.