News
Vectra AI Unveils Hybrid Attack Detection and Response Platform Driven by Artificial Intelligence

Vectra AI has announced the Vectra AI Platform with patented Attack Signal Intelligence to deliver the integrated signal enterprises need to make extended detection and response (XDR) a reality. With the Vectra AI Platform, enterprises can integrate Vectra AI’s public cloud, identity, SaaS, and network signal with existing endpoint detection and response (EDR) signal to arm SOC teams to keep pace with the ever-growing sophistication, speed, and scale of hybrid attacks
As enterprises shift more applications, workloads, and data to hybrid and multi-cloud environments, threat detection and response has become increasingly siloed and complex. Without an effective solution for advanced hybrid attackers, security teams face a vicious spiral of more attack surfaces, more evasive attacker methods, more alerts, and thus, more SOC analyst workload and burnout.
Recent research found that 63% of SOC analysts report that the size of their attack surface has increased in the last three years and 67% are unable to manage the number of daily alerts received. The Vectra AI Platform enables security teams to move at the speed of modern hybrid attackers to identify behaviour that other tools cannot. Harnessing the power of AI to analyze attacker behaviour and automatically triage, correlate, and prioritize security incidents, the Vectra AI Platform provides the integrated signal powering XDR.
“To us, it’s always about outcomes, not acronyms. It’s about the end goal, not some prescribed definition of how to get there,” said Jay DePaul, Chief Cybersecurity & Technology Risk Officer at Dun & Bradstreet. “Vectra AI is helping us achieve our end goals, stop advanced adversaries, modernize our security operations, and ultimately, improve our cyber resilience.”
According to Jon Oltsik, distinguished analyst and Enterprise Strategy Group (ESG) fellow, “Regardless of how XDR is defined, security professionals are interested in using XDR to help them address several threat detection and response challenges. XDR seems like an attractive option since current tools struggle to detect and investigate advanced threats, require specialized skills, and aren’t effective at correlating alerts. In summary, CISOs want XDR tools that can improve security efficacy, especially regarding advanced threat detection. Additionally, they want XDR to streamline security operations and bolster staff productivity.”
The Vectra AI Platform integrates native and third-party attack signals across hybrid cloud domains including AWS, Microsoft Azure, Google Cloud Platform, Microsoft 365, Microsoft Azure AD, networks of all types, and endpoints leveraging the customer’s Endpoint Detection and Response (EDR) tool of choice. The Vectra AI Platform integrated signal enables security teams to:
- Cover more than 90% of MITRE ATT&CK techniques with patented and proven MITRE D3FEND countermeasures.
- Combine AI-driven behaviour-based detection, signatures and threat intelligence for the most accurate representation of active attacks in progress.
- Map attacker progression and lateral movement from the data centre to the cloud, cloud to the data centre and cloud to cloud.
- Build and mature threat-hunting programs and conduct deep forensic investigations.
Vectra AI Attack Signal Intelligence harnesses patented AI to automate threat detection, triage, and prioritization across hybrid cloud domains, by:
- Zeroing in on attacker behaviour, analyzing in many dimensions to see real attacks in a sea of different while patented Privileged Access Analytics (PAA) focuses on accounts most useful to attackers.
- Learning customers’ unique environments to distinguish between malicious and benign events to eliminate 80% of alert noise.
- Prioritizing entities (hosts and accounts) across domains based on urgency and importance, saving individual SOC analysts over three hours per day of alert triage.
With Vectra AI, security teams accelerate investigation and response workflows with integrated investigations sophisticated enough for experienced analysts, and simple enough for junior analysts. New capabilities include:
- Instant Investigations arm analysts of every skill level with quick-start guides to investigate prioritized entities under attack.
- Advanced Investigation enables forensic analysis of Azure AD, Microsoft 365, or AWS Control Plane logs directly in the platform user interface (UI).
- AI-Assisted Investigation leverages large language models (LLMs) to provide analysts with a simple way to gather 360 degrees of context on entities under attack.
The Vectra AI Platform puts humans in control of response by offering flexible response actions both native and orchestrated leveraging over 40 ecosystem integrations to:
- Manually or automatically lock down an account, or isolate an endpoint.
- Trigger security orchestration and automation (SOAR) playbooks and workflows.
- Streamline ticketing, communication, and escalation for incident response processes.
SOC teams continue to be stretched thin as the volume and variety of high-speed hybrid and multi-cloud attacks grow. With the Vectra AI Platform, enterprises can take advantage of analyst reinforcements in the form of MDR services, including:
- Shared roles and responsibilities for monitoring, detection, investigation, hunting and response.
- Shared analytics on attacker behaviour and emerging attacker tradecraft, tactics, techniques, and procedures.
- Shared transparency around SLAs, metrics, and reporting.
“The current approach to threat detection and response is fundamentally broken, as more organizations shift to hybrid environments and security teams continue to face increasing cloud complexity, alert fatigue, and analyst burnout,” said Hitesh Sheth, president and CEO of Vectra AI. “As the pioneer of AI-driven threat detection and response, our best-in-class platform delivers the most accurate integrated signal across the hybrid Enterprise to make XDR a reality at speed and scale.”
Cyber Security
ManageEngine Intros Enhanced SIEM with Dual-Layered System for Better Precision in Threat Detection

ManageEngine, the enterprise IT management division of Zoho Corporation, today unveiled the industry’s first dual-layered threat detection system in its security information and event management (SIEM) solution, Log360. The new feature, available in Log360’s threat detection, investigation and response (TDIR) component, Vigil IQ, empowers security operations centre (SOC) teams in organizations with improved accuracy and enhanced precision in threat detection.
A quality SOC ensures people, processes, and cutting-edge technology function well. However, enterprise security is made difficult by staffing shortages and solution orchestration complexities. Following recent upgrades to the security analytics module of Log360 designed to facilitate SOC optimization through key performance metric monitoring, the company has focused on addressing pressing challenges in security operations.
“In a recent ManageEngine study, a majority of respondents revealed that their SOCs are understaffed. These resource-constrained SOCs grapple with significant obstacles, such as process silos and manual investigation of alerts, which are often non-threats, low-priority issues or false positives. These lead to extended detection and response times for actual threats. To overcome these challenges, we recognize the imperative adoption of AI & ML for contextual event enrichment and rewiring threat detection logic,” said Manikandan Thangaraj, vice president at ManageEngine.
“We pioneered a dual-layered, ML approach to heighten the precision and consistency of threat detection. First, Vigil IQ ensures genuine threats are discerned from false positives. Second, the system facilitates targeted threat identification and response. This advanced system significantly improves the accuracy of identifying threats, streamlining the detection process and allowing SOC analysts to focus their valuable time on investigating real threats.”
Key Features of the Dual-Layered Threat Detection System of Vigil IQ in Log360:
Smart Alerts: Vigil IQ, the TDIR module of Log360, now combines the power of both accuracy and precision in threat detection. With its dynamic learning capability, Vigil IQ adapts to the changing nature of network behaviour to cover more threat instances accurately. It will spot threats that get overlooked due to manual threshold settings, thereby improving the detection system’s reliability.
Proactive Predictive Analytics: Leveraging predictive analytics based on historical data patterns, Vigil IQ predicts potential security threats, facilitating the implementation of proactive measures before incidents occur. This predictive intelligence drastically reduces the mean time to detect (MTTD) threats.
Contextual Intelligence: Vigil IQ enriches alerts with deep contextual information, providing security analysts with comprehensive threat insights. This enrichment of alerts with non-event context accelerates the mean time to respond (MTTR) by delivering pertinent, precise information.
News
Proofpoint Appoints Sumit Dhawan as Chief Executive Officer

Proofpoint has announced that Sumit Dhawan has been appointed chief executive officer, effective immediately. Rémi Thomas, Proofpoint’s chief financial officer, who has been acting as Proofpoint’s interim CEO since October 25th, will continue to serve as the company’s CFO. “The Proofpoint board of directors could not be more excited to partner with Sumit as he joins Proofpoint to usher in a new stage of growth,” said Seth Boro, managing partner at Thoma Bravo. “Sumit brings a wealth of valuable experience and expertise in building category-leading, scaled companies and businesses. We are confident his customer-centric passion and strong legacy of leadership will continue to carry Proofpoint’s mission forward in providing people-centric cybersecurity solutions that address some of the most challenging risks facing organizations today.”
Dhawan is a highly respected and seasoned technology leader with a proven track record of building market-leading security, cloud, and end-user computing businesses. In his most recent role as president of VMware, Dhawan was responsible for driving over $13B of revenue and led the company’s go-to-market functions including worldwide sales, customer success and experience, strategic ecosystem, industry solutions, marketing, and communications. Before that, he was chief executive officer of Instart, a cybersecurity business delivering innovations in web application security services. He has held senior executive and general management roles at both VMware and Citrix and has successfully established category-leading businesses at scale.
“Over the years, Proofpoint has built an exceptional brand and is trusted by some of the world’s leading organizations as their cybersecurity partner of choice,” said Sumit Dhawan. “I’m honoured to join a leader at the forefront of cybersecurity innovation and to shepherd its continuing and unwavering commitment to helping organizations across the globe protect people and defend data.”
Proofpoint recently announced it has entered into a definitive agreement to acquire Tessian, a leader in the use of advanced AI to automatically detect and guard against both accidental data loss and evolving email threats. Tessian’s cloud-native, API-enabled inbound and outbound email protection solution will extend Proofpoint’s award-winning offering to address the most frequent form of data loss including, misdirected email and data exfiltration.
Cloud
Google Clarifies the Cause of Missing Google Drive Files

Many Google Drive users recently experienced the unsettling disappearance of their files, prompting concerns. Google has now identified the root cause, attributing the issue specifically to the Google Drive for Desktop app. While assuring that only a limited subset of users is affected, the tech giant is actively investigating the matter and promises timely updates.
To prevent inadvertent file deletion, Google provides the following recommendations:
- Avoid clicking “Disconnect account” within Drive for desktop.
- Refrain from deleting or moving the app data folder, located at:
- Windows: %USERPROFILE%\AppData\Local\Google\DriveFS
- macOS: ~/Library/Application Support/Google/DriveFS
- Optionally, create a copy of the app data folder if there is sufficient space on your hard drive.
Before Google officially addressed the issue, distressed users took to the company’s support forum to report deleted files. One user from South Korea highlighted a particularly severe case where their account reverted to May 2023, resulting in the loss of anything uploaded or created after that date. Additionally, the user emphasised that they had not synced or shared their files or drive with anyone else.
As Google delves deeper into resolving this matter, affected users are advised to heed the provided precautions. The company’s commitment to ongoing updates reflects its dedication to swiftly addressing and rectifying the situation. The incident serves as a reminder of the importance of proactive measures to safeguard digital data, especially as users navigate cloud-based platforms such as Google Drive.
-
Cyber Security4 days ago
Databases Are the Black Boxes for Most Organisations
-
News5 days ago
Proofpoint Appoints Sumit Dhawan as Chief Executive Officer
-
News1 week ago
SonicWall Acquires Solutions Granted Inc.
-
Cyber Security6 days ago
Cybersecurity on a Budget: Affordable Cybersecurity Strategies for Small Businesses
-
Cyber Security5 days ago
ManageEngine Intros Enhanced SIEM with Dual-Layered System for Better Precision in Threat Detection
-
Cloud5 days ago
Google Clarifies the Cause of Missing Google Drive Files