In today’s dynamic cybersecurity landscape, where hybrid threats are becoming increasingly sophisticated and the attack surface expands with cloud environments, SaaS applications, and Generative AI (GenAI) tools, Security Operations Center (SOC) teams need a comprehensive and proactive approach to protection. Vectra AI, a recognized leader in AI-driven Extended Detection and Response (XDR), has announced a significant expansion of its Vectra AI Platform. This innovation now equips SOC teams with “active state” visibility to proactively identify and pinpoint where their hybrid environment is vulnerable to adversaries.

With this expansion, the Vectra AI Platform’s patented Attack Signal Intelligence™ now provides a comprehensive view with analytics to effectively detect, contain, expose, and disrupt hybrid adversaries. This allows SOC teams to not just react to attacks, but also to anticipate them by understanding the weak points in their infrastructure.

Why active state is key for combating adversaries

To keep pace with adversaries, it’s crucial for SOC teams to know where their organization is vulnerable to the ingress, progression, and lateral movement of hybrid adversaries across the entire hybrid environment. Failure to monitor a dynamic, ever-changing hybrid attack surface enables adversaries to advance their campaigns, remaining undetected and unstopped. According to IBM Security’s “Cost of a Data Breach Report 2023,” the average time to identify a data breach is 204 days, highlighting the necessity of proactive tools to reduce this metric.

“At Vectra AI, we are constantly innovating to keep pace with the evolving attack landscape and stay one step ahead of adversaries,” said Hitesh Sheth, Founder and CEO of Vectra AI. “As a leader in AI-driven XDR, we believe that SOC teams must have visibility into their active state to understand their vulnerability to adversaries. With this foundation, they must be armed with the right information to actively hunt and detect active attacks across their networks, identities, clouds, and GenAI tools. The Vectra AI Platform is built on a methodology that integrates security research, data science/machine learning engineering, and user-centric experience, focused on a single mission: using AI to deliver precise attack signals with speed and scale.”

Proactive Defense: Comprehensive Active State Visibility with Vectra AI

With Vectra AI Attack Signal Intelligence™ proactive defense, SOC teams gain a comprehensive understanding of their network, identity, cloud, and GenAI active state. The active state in a hybrid environment provides SOC teams with real-time insight into how the attack surface they need to protect is changing, which other tools that rely on static information cannot do. This means the system not only records events but also constantly analyzes the context and dynamics of changes.

Armed with the Attack Signal Intelligence™ active state component, SOC teams proactively identify security gaps related to what users and machines are actually doing. This is achieved by monitoring over 20 different data streams, enhanced by artificial intelligence, and hundreds of different attributes that allow teams to stop a future threat. The Vectra AI Platform finds gaps that other tools miss, such as:

  • Identity hygiene issues: This includes aspects like account logins without multi-factor authentication (MFA), the use of outdated login protocols (e.g., NTLMv1), weak location-based access controls, and overly broad access rights to tools like Microsoft Graph API backend or PowerShell. According to the Microsoft Digital Defense Report 2023, 99% of identity compromises start with credential attacks. Vectra AI detects anomalies in account behavior. For example, in a given week, 99% of organizations have more than one user accessing Azure AD via PowerShell or some scripting engine, either of which could be exploited by an adversary and compromised. Vectra AI analyzes these behaviors and highlights risky ones.
  • Network state: With visibility into network risks such as external RDP (Remote Desktop Protocol) access, IPMI (Intelligent Platform Management Interface) usage, weak or unencrypted data transfers, and SMB1 (Server Message Block version 1) usage. According to a SANS Institute study, the use of outdated protocols is one of the most common vulnerabilities. More than a third of organizations still have SMBv1 enabled, opening them up to ransomware and other adversary vulnerabilities. Vectra AI provides detailed monitoring of these aspects.
  • Clarity on Copilot for M365 usage within the organization: Allows teams to understand adoption and usage, which enables improved access control and data permissions, including potential adversary abuse. Vectra AI observes that over 40% of organizations have started using Copilot for M365 in their environment, creating new attack vectors related to the use of GenAI to access sensitive data or perform unauthorized actions. This functionality was introduced following Vectra AI’s announcement in May 2024, which detailed capabilities for detecting adversary abuse of GenAI tools like Microsoft Copilot for M365.

“The Vectra AI XDR platform with Attack Signal Intelligence™ equips the SOC with a complete view of their hybrid environment — not just to determine if their network, identity, or cloud has already been breached — but also if anything is operating in a way that could lead to a future compromise,” said Jeff Reed, Chief Product Officer at Vectra AI. “Customers already using the Vectra AI platform can now effectively detect, contain, expose, and disrupt hybrid adversaries, proactively addressing the full lifecycle of a potential breach and leveraging these capabilities at no additional cost.”

Vectra AI – A Valuable Asset for Cybersecurity in Ukraine via NWU

In the current context of constantly escalating cyber threats and the need to ensure a high level of cyber resilience, Vectra AI solutions are strategically important for Ukrainian organizations.

Vectra AI is a powerful solution that can help organizations defend against the most sophisticated attacks, including those leveraging GenAI capabilities. Thanks to its ability to accurately and quickly detect GenAI-driven attacks, as well as provide comprehensive visibility and ease of use, the Vectra AI platform is a valuable addition to any cybersecurity program.

Vectra AI is a leader in detecting and responding to hybrid cloud threats based on security artificial intelligence. Only Vectra optimizes artificial intelligence to detect adversary methods — TTP (Tactics, Techniques, and Procedures), which are the foundation of all attacks — instead of simply alerting about “anomalies” or “other” events. The resulting highly accurate threat signal and clear context allow cybersecurity teams to quickly respond to threats and prevent attacks from escalating into full-blown breaches.

The Vectra AI platform and services cover public cloud, SaaS applications, identity systems, and network infrastructure, both on-premises and in the cloud. Organizations worldwide rely on the Vectra AI platform and services to achieve resilience against: ransomware, supply chain compromise, credential theft, and other cyber attacks.

Thanks to NWU, the official distributor of Vectra AI in Ukraine, it is now possible for the domestic IT market to buy NDR (Network Detection and Response) from a global leader, which is an integral part of the SOC triad (SIEM, EDR, NDR). This allows Ukrainian enterprises to significantly enhance their level of cybersecurity and more effectively counter modern threats.

Equip your SOC with advanced threat detection capabilities. To buy NDR for SOC or request a demo of the Vectra AI solution in Ukraine, contact NWU today.