Connect with us

News

Vectra AI Adds Advanced Hybrid Attack Detection, Investigation and Response Capabilities for AWS

Published

on

Vectra AI has announced advancements to the Vectra AI Platform with the introduction of enhanced Cloud Detection and Response (CDR) for AWS environments. Armed with Vectra AI’s patented Attack Signal Intelligence, Vectra CDR for AWS empowers security operations centre (SOC) teams with real-time, integrated attack signals for hybrid attacks spanning network, cloud and identity domains.

As enterprises continue to move applications, workloads, and data into cloud environments, hybrid attack detection, investigation and response have become increasingly siloed and complex. According to Vectra AI’s 2023 State of Threat Detection report, 90% of SOC analysts express a lack of confidence in their ability to keep pace with the increasing volume and variety of threats — 71% expressing concerns that their organizations have already been the target of a compromise that they are yet unaware of. Additionally, 75% of SOC analysts say they don’t have the visibility they need to adequately defend their organizations.

What’s more, the growth in hybrid deployments has added significant challenges for enterprise SOC teams. While attacker goals remain the same, attacks in the cloud manifest differently from those in traditional data centre environments. Threats in the cloud focus primarily on credentials, leverage shallow kill chains and move faster compared to those observed on-premises. The same dynamic nature of the cloud enables faster innovation; however, attackers also leverage this advantage to infiltrate and compromise environments in similarly innovative ways. These fundamental differences in how attacks manifest mean defenders need to think like hybrid attackers to effectively defend the growing hybrid attack surface they are called on to protect.

Vectra CDR for AWS brings the latest advancements in cloud threat detection and response to the Vectra AI Platform including:

Advancements in detecting sophisticated hybrid attacks

  • AI-driven event detections: Purpose-built AI detection models eliminate the need to write custom detection rules. The CDR for AWS portfolio brings together the best of Vectra AI’s security research and data science to surface multi-step sophisticated attacker behaviour across an AWS footprint.
  • Real-time context on cloud-based threats: Real-time detections that reduce cloud threat detection latency, providing SOC analysts with real-time visibility to threatening activity in their AWS environment.
  • Complete visibility into the entire hybrid cloud: AI-driven detection based on both AWS logs and network traffic and any other related AWS resource to accurately distinguish between malicious behaviours and routine AWS activity across different forms of cloud metadata.
  • Expansive AWS coverage in minutes: Provides coverage for the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions, and across accounts, identifying previously unknown attacker activity while delivering a complete view of AWS security risk in mere minutes.

Advancements in AI-driven Attack Signal Intelligence for hybrid attacks

  • Machine Learning understands which AWS account does what: Learns AWS credentials and permissions to know which accounts are most useful to attackers to pinpoint identity-based attacks.
  • AI-driven prioritization: Prioritizes the most critical threats and shifts the focus from individual AWS threat events to AWS entities (hosts and accounts) under attack, reducing the time and resources needed to correlate, score and rank multiple and concurrent threat detections as they unfold.
  • Complements existing native cloud investments: Vectra CDR for AWS complements investments in native tooling such as Amazon Guard Duty (which relies primarily on anomalies and signatures) and preventative posture tools to zero in on the true source and provide the most precise signal clarity.

Advancements in investigations and response to hybrid attacks

  • Integrated investigations: Powerful features to support simple and advanced query-based investigations of all prioritized entities.
  • End-to-end hybrid deployment visibility: Integrated attack signal that surfaces progression of threats across cloud, identity, and network environments in a single pane of glass.
  • Native response capabilities: AWS lockdown capabilities provide SOC analysts and incident responders the means to isolate and remediate compromised principals.

Advancements in hybrid attack tools, training and support

  • Advanced open-source toolkits: Learn to think like a hybrid attacker with open-source toolsets. DeRF, MAAD-AF and ./HAVOC are open-source tools developed by Vectra Security Researchers to help SOC teams think like an attacker and become experts in sophisticated attacker methods.
  • Extensive AWS training: Vectra CDR for AWS BlueTeam workshops provide personalized hands-on training for SOC teams to hone in on skills around thwarting advanced cloud threats.
  • Managed SOC experience: Vectra managed detection and response (MDR) for AWS reinforces customers’ SOC with global, 24×7 analysts trained to defend against attacks spanning hybrid footprints.

“The current approach to threat detection and response is fundamentally broken, as more organizations shift to hybrid environments and security teams continue to face increasing cloud complexity, alert fatigue, and analyst burnout,” said Hitesh Sheth, president and CEO of Vectra AI. “As the pioneer of AI-driven threat detection and response, our best-in-class platform delivers the most accurate integrated signal across the hybrid Enterprise to make XDR a reality at speed and scale.”

Expert Speak

Security Unseen: Unpacking the Present and Future Value of Radar and Thermal Imaging

Published

on

Written by Magnus Lundegård, Global Product Manager and Niklas Lindman, Global Product Manager at Axis Communications (more…)

Continue Reading

News

Tenable to Acquire Eureka Security

Published

on

Tenable Holdings has announced that it has signed a definitive agreement to acquire Eureka Security, a provider of data security posture management (DSPM) for cloud environments. Eureka Security helps security teams gain a holistic view into an organization’s cloud data security footprint, fight policy drift and misconfigurations that put data at risk, and continuously improve their security posture over time. The acquisition is expected to close this month.

By adding DSPM capabilities to its CNAPP solution, Tenable will help customers identify key evidence related to cloud data risk, including where sensitive data resides in the cloud, who has access to that data and the severity of the risk posed by potential data compromise. This type of visibility is central to an organization’s ability to accurately assess its cloud security compliance. In the 2024 Tenable Cloud Security Outlook study, 95% of organizations polled had experienced cloud-related breaches in the previous 18 months. Among those, 92% reported exposure to sensitive data, and a majority acknowledged being harmed by the data exposure.

“Eureka Security’s technology will enable Tenable to provide even better prioritization of cloud risks and identify toxic combinations beyond vulnerabilities, misconfigurations and over-privileged access to include data at risk as well,” said Shai Morag, senior vice president and general manager of Cloud Security, Tenable. “This is another example of how we’re pushing the envelope in cloud security innovation for customers and leading the market forward by developing best-in-class capabilities.”

“Eureka Security’s data-centric approach provides the visibility, control and automation needed to navigate the dynamic cloud landscape while ensuring the highest level of security and compliance,” said Liat Hayun, co-founder and CEO, Eureka Security. “We’re excited to join Tenable. Integrating our capabilities into Tenable’s CNAPP offering creates a compelling capability for customers. Tenable also brings an expansive customer base and strong go-to-market capabilities. We couldn’t have found a better match to help us expand our mission to reduce cloud data risk globally.”

The integration of DSPM will round out the current Tenable Cloud Security solution that already includes such key capabilities as unified CNAPP, iron-clad CSPM protection, cloud workload protection and industry-leading CIEM, among others, which will give security teams the context and prioritization guidance to make efficient and accurate remediation decisions. The Eureka Security DSPM capabilities are expected to be natively integrated into Tenable Cloud Security and its leading CNAPP solution later this year.

Continue Reading

Expert Speak

Hidden Champions: Behind These Popular Applications Are Hard Drives

Published

on

Written by Rainer W. Kaese, Senior Manager of Business Development Storage Products at Toshiba Electronics Europe
(more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.