Vectra AI has announced a significant expansion of its Vectra AI Platform. This enhancement is designed to equip security operations center (SOC) teams with a proactive approach to identifying and mitigating vulnerabilities across hybrid environments.
New Capabilities for Comprehensive Security
The expanded Vectra AI Platform now integrates advanced capabilities to provide SOC teams with an active posture, allowing them to proactively discover and pinpoint exposure points within their hybrid environment. This holistic view, powered by Vectra AI’s patented Attack Signal Intelligence™, enables the detection, deterrence, and disruption of potential attackers.
“To keep pace with attackers, it is critical for SOC teams to know where the organization is exposed to hybrid attacker infiltration, progression, and lateral movement across the entire hybrid environment,” said Hitesh Sheth, founder and CEO of Vectra AI. “At Vectra AI, we are constantly innovating to stay one step ahead of attackers. Our platform offers SOC teams the tools they need to actively seek out and identify attacks across networks, identities, clouds, and GenAI tools.”
Advanced Features of Attack Signal Intelligence
The platform’s proactive defense mechanisms provide SOC teams with a comprehensive view of their network, identity, cloud, and GenAI active posture. This real-time visibility enables SOC teams to understand how the attack surface is evolving and to discover security gaps that other static tools might miss. The platform monitors over 20 AI-enhanced data streams and hundreds of attributes to identify potential threats.
Key Enhancements Include:
Identity Hygiene Issues: Detection of account logins without two-factor authentication, use of legacy sign-in protocols, weak location-based access controls, and overly permissive access to backend tools like Microsoft Graph API or PowerShell. For instance, 99% of organizations have at least one user accessing Azure AD through PowerShell or a scripting engine, which can be exploited by attackers.
Network Posture Visibility: Identification of network risks such as external RDP access, IPMI usage, weak or non-encrypted data transfers, and SMB1 usage. Notably, over one-third of organizations still have SMBv1 enabled, which can open them to ransomware and other vulnerabilities.
M365 Copilot Clarity: Improved governance around data access controls and permissions, with insights into the adoption and usage of Copilot for M365. Vectra AI notes that over 40% of organizations have begun integrating Copilot for M365, which requires careful monitoring to prevent potential abuse.
Holistic Defense Against Hybrid Attackers
Jeff Reed, chief product officer of Vectra AI, emphasized the platform’s comprehensive approach: “Vectra AI’s XDR platform with Attack Signal Intelligence equips the SOC with a complete view of their hybrid environment - not just to determine if their network, identity, or cloud has already been compromised - but if something is operating in a way that may lead to a future compromise. Customers using the Vectra AI Platform can now effectively discover, deter, detect, and disrupt hybrid attackers, proactively addressing the full cycle of a potential breach.”
Continued Innovation
This latest expansion follows Vectra AI’s May 2024 announcement, which introduced capabilities to detect the abuse of GenAI tools like Microsoft Copilot for M365. The continuous evolution of the Vectra AI Platform underscores the company’s commitment to providing SOC teams with the most advanced tools to combat emerging cyber threats.