The Vectra AI Platform vs Hybrid Attacks [Demo 1]

FictoTech's hybrid Cloud environment leverages Vectra's AI to analyze billions of network events, tens of millions of AWS events, and millions of Azure AD M365 events daily, all in real time. On the day of the attack, Vectra raised three distinct alerts to FictoTech's SOC. Each of these alerts was directly linked to the ongoing attack. The initial alert pertained to the marketing server, where the attack originated. The second alert flagged an account that had been compromised and subsequently exploited across the data center, cloud, and SAS. The third alert identified an administrative server deep within the data center that was being used as a pivot point to advance the attack. This third alert served as a clear indicator that prompted FictoTech to respond swiftly, aiming to neutralize the adversary before any harm occurred. While there was an early indication that FictoTech could have thwarted the attack while it was contained to the marketing server, either through Vectra's automated response or their own predefined protocols, their approach paralleled that of numerous seasoned SOCs. FictoTech's decision was to closely monitor the attack's progression, driven by their desire to gather comprehensive insights into the adversary's actions. This strategic choice aimed to facilitate a deeper understanding of the adversary's motives and techniques, subsequently enhancing FictoTech's future security measures. The confidence in their ability to meticulously track every phase of the attack allowed FictoTech to offer an in-depth walkthrough, providing an end-to-end perspective of the incident.