Identity Is the New Perimeter for Both Defenders and Attackers
In a recent conversation with a large international retailer customer, we learned that their entire workforce was targeted for a Smishing attack. In this attack, all employees received an SMS message prompting them to log in to a fake Service Now portal. Over 90 people fell prey to the attack by giving their login credentials to the site. Vectra AI was the only security tool that alerted on this activity, thus preventing any damage to the company.
Identity is the center of the modern enterprise and the modern attack. Attackers abuse identities in the data center and the cloud to access sensitive data and spread ransomware. With the increase in identities and the advancement of attackers’ techniques leveraging generative AI, social engineering, Phishing-As-A-Service tools, defenders will only face more challenges. Companies have spent millions of dollars investing in security tools, but according to the IDSA, 90% of organizations have experienced an identity attack1. This brings up the real problem: preventative security controls will fail, and companies need threat detection and response to cover the gap.
Vectra ITDR - Comprehensive AI-Powered Defense Against Identity Attacks
Introducing Vectra Identity Threat Detection and Response (ITDR), a capability within the Vectra AI Platform to find identity attacks other tools can’t and protect all accounts with less effort. Vectra ITDR defends against attackers who abuse identities, including admin and service accounts, and target identity infrastructure. It effectively stops identity attacks spanning across Network Active Directory, Microsoft Entra ID (formerly Azure AD) and cloud identities in real time. Our identity coverage correlates with the broader network and cloud activity and the integrated visibility simplifies investigations and enables automated, and customized response.
Vectra ITDR on the Vectra AI platform helps customers:
- Stop identity compromise and account takeover by discovering and stopping attackers accessing Microsoft Entra ID (Azure AD) and connected cloud applications.
- Stop abuse of privileged accounts/ service accounts by using patented AI to learn user privilege and understand what is malicious. It continuously monitors for all identities – both human and machine – automatically.
- Stop lateral movement and ransomware by detecting attackers before they have a chance to do damage. Behavior-based alerting covers various attack vectors, including Active Directory (AD), Microsoft Entra ID (Azure AD), RDP, and NTLM.
- Protect identity infrastructure by providing comprehensive coverage for attackers targeting credentials and identity stores using techniques like Kerberoasting, DCSYC and rouge LDAP queries.
Why Choose Vectra ITDR to defend against Identity Attacks?
Find identity attacks others can’t
According to Vectra AI research, 71% of SOC analysts think they are already compromised, and they just don’t know about it yet. When security teams evaluate an ITDR solution, they should consider whether it can find attacks that have evaded prevention mechanisms and are already present in their hybrid environments. Vectra AI’s comprehensive approach covers the entire attack kill chain and addresses over 90% of MITRE ATT&CK techniques. Vectra ITDR finds attackers abusing identities across your entire hybrid attack surface and you can stop the attack using either automated or customized response actions.
Reduce exposure by protecting all accounts
According to industry research, 62% of defenders don’t have visibility into humans or machines accessing sensitive data and assets. This creates challenges for security teams in identifying potential abuse. Vectra ITDR addresses this issue by protecting all accounts, including admin and service accounts, even if security teams don't know what and where they are. Our AI monitoring mitigates the risk of identity sprawl and actively monitors all service accounts to detect any signs of abuse.
Improve SOC efficiency by minimizing noise
Our AI minimizes noise to provide clarity on real attacker behaviors. Unlike simple user and entity behavior analytics (UEBA) and anomaly-based solutions, which fail to detect attacks and overload analysts with alerts, Vectra AI has spent the last decade pioneering the use of AI to find attack signals inside data. Our security research team invested time in understanding how attackers think and studied the data that reveals these attacks. As a result, we have developed over 150 AI models addressing various attack types. These AI models power real-time analytics and achieve high recall and precision scores. Additionally, our solution offers the flexibility to create customized prioritization rules, ultimately helping customers reduce alert volume by over 50% and improve SOC efficiency.
Maximising existing technology and talent
Vectra ITDR works in tandem with your EDR and prevention tools. Vectra AI strengthens security teams’ existing protection tools (such as CrowdStrike, Microsoft, PAM, IAM, etc.) and provides a second layer of defense against identity attacks when prevention measures fall short. Our solution is an out-of-the-box offering that requires minimal tuning and zero-agent deployment. This enables security teams to detect and stop attacks without the need to switch between multiple tools.
But don’t just take our word for it! Below, you’ll find testimonials from customers who have experienced the benefits of our identity solution:
Greenhill
“As a long-time Vectra AI customer, I have confidence in identifying and stopping privilege escalation and account takeovers.”
John Shaffer - CIO
AS Watson
“Vectra AI has given us just the right tools with minimal effort to battle against ransomware and other cyberthreats.”
Arjan Hurkmans - IT Security Operations Manager
Blackstone
“Our alert volume has been reduced by 90% since Vectra AI’s ML assesses more features and context in the models, which leads to more accurate detections.”
Kevin Kennedy
Senior Vice President, Cybersecurity
GMMH NHS Foundation Trust
“We now have a greater degree of confidence that we can detect and stop credential abuse.”
Kevin Orritt - ICT Security Manager
Vectra ITDR is available today. Want to learn more? Check out our Vectra ITDR website or schedule a demo now.