The leading company in hybrid attack detection, investigation, and response, Vectra AI, recently announced a significant enhancement to its platform. This update includes the introduction of advanced Cloud Detection and Response (CDR) capabilities, specifically tailored for AWS (Amazon Web Services) environments.

Vectra Cloud Detection and Response (CDR) for AWS, armed with Vectra AI’s patented Attack Signal Intelligence technology, provides SOC security teams with an integrated, real-time attack signal for hybrid attacks spanning network, cloud, and identity domains. This is critically important in today’s threat landscape, where attacks often cross traditional boundaries.

Challenges of hybrid environments and the need for a new approach

As enterprises continue to rapidly migrate applications, workloads, and sensitive data to cloud environments, detecting, investigating, and effectively responding to hybrid attacks is becoming an increasingly complex task. This transition creates new challenges for Security Operations Centers (SOCs), which traditionally focused on on-premises infrastructure.

According to the Vectra AI State of Threat Detection 2023 report, a staggering 90% of SOC analysts express a lack of confidence in their ability to keep pace with the increasing volume and diversity of threats. Even more alarming, 71% of analysts express concern that their organizations have already been targeted by threats they are not yet aware of. Furthermore, 75% of SOC analysts say they do not have sufficient visibility needed to properly protect their organizations. These statistics highlight a deep crisis of confidence and capability within modern SOCs.

The growth of hybrid deployments (a combination of on-premises and cloud infrastructure) has added significant challenges for SOC teams. While adversary goals remain unchanged (e.g., data theft, financial fraud, infrastructure disruption), cloud attacks manifest differently than in traditional data center environments. Cloud threats primarily focus on credentials and Identity and Access Management (IAM), use shallow kill chains, and move faster compared to those observed on-premises. The dynamic nature of the cloud enables faster innovation for businesses; however, adversaries also leverage this advantage to penetrate and compromise environments in equally innovative ways. These fundamental differences in attack manifestation mean that defenders must think like hybrid adversaries to effectively protect the expanded hybrid attack surfaces.

Vectra CDR for AWS: latest advancements in cloud security

Vectra CDR for AWS offers the latest advancements in cloud threat detection and response on the Vectra AI platform, providing an unprecedented level of security:

1. Advances in detecting complex hybrid attacks:

  • AI-driven event detection: Specially built detection models using artificial intelligence eliminate the need to write custom detection rules or rely on static signatures that are easily bypassed. The CDR for AWS portfolio combines the best security research and data science from Vectra AI to detect multi-stage, complex adversary actions across the entire AWS footprint. This allows for the detection of even zero-day attacks that do not yet have known signatures.
  • Real-time cloud threat context: Real-time detection reduces the latency of cloud threat detection, providing SOC analysts with the ability to see live threat activity in the AWS environment. This is critically important for rapid response, as delays can cost millions of dollars and damage reputation.
  • Full visibility across the entire hybrid cloud: AI-driven detection is based on analysis of AWS logs (e.g., CloudTrail, VPC Flow Logs), network traffic, and any other related AWS resources. This allows for accurate differentiation between malicious behavior and routine AWS activity across various forms of cloud metadata, minimizing false positives.
  • Extended AWS coverage in minutes: Provides coverage across the entire AWS infrastructure (IaaS, PaaS, SaaS) across regions and between accounts, detecting previously unknown adversary activity and providing a complete view of AWS security risks in minutes, significantly accelerating the onboarding and protection of new resources.

2. Enhancements in the AI-driven attack signal intelligence system for hybrid attacks:

  • Machine learning understands what each AWS account does: Vectra AI learns the normal behavior of AWS credentials and permissions to know which accounts are most useful for adversaries. This enables more accurate detection of identity-based attacks, such as account compromises or privilege escalations.
  • AI-driven prioritization: The system prioritizes the most critical threats and shifts focus from individual AWS threat events to the AWS entities (hosts and accounts) under attack. This significantly reduces the time and resources needed to correlate, assess, and rank multiple and simultaneous threat detections as they unfold, allowing SOC analysts to focus on what matters most.
  • Complements existing native cloud investments: Vectra CDR for AWS complements investments in native tools such as Amazon GuardDuty (which relies primarily on anomalies and signatures) and preventative posture tools, to focus on the true source and provide the most accurate signal clarity, working synergistically with existing solutions.

3. Enhancements in hybrid attack investigations and response:

  • Integrated investigations: Powerful features to support simple and advanced query-based investigations of all prioritized entities, allowing analysts to quickly obtain necessary information.
  • End-to-end hybrid deployment visibility: An integrated attack signal that detects threat progression across cloud, identity, and network environments on a single pane of glass. This provides a complete understanding of the situation and allows for rapid response to threats, regardless of where they originated.
  • Native response capabilities: AWS blocking capabilities provide SOC analysts and incident response teams with the means to isolate and remediate compromised segments, such as temporarily blocking compromised EC2 instances or AWS IAM roles.

4. Advances in hybrid attack tools, training, and support:

  • Advanced open-source tools: Learn to think like a hybrid adversary with open-source toolkits. DeRF, MAAD-AF, and ./HAVOC are open-source tools developed by Vectra Security Researchers to help SOC teams think like adversaries and become experts in complex adversary methods. This is not just software, but a methodology for improving skills.
  • Advanced AWS training: Vectra CDR for AWS Blue Team workshops provide personalized hands-on training for SOC teams to hone skills in preventing advanced cloud threats and effectively utilizing the platform.
  • SOC management expertise (Managed Detection and Response – MDR): Vectra MDR for AWS augments client SOCs with global analysts working 24/7, trained to defend against attacks spanning hybrid environments, ensuring continuous monitoring and expert support.

“The current approach to threat detection and response is fundamentally flawed as more organizations shift to hybrid environments, and security teams continue to face increasing cloud complexity, alert fatigue, and analyst burnout. Our best-in-class platform, as a pioneer in AI-driven threat detection and response, delivers the most accurate integrated signal in the hybrid environment to make **XDR** a reality with speed and scale,” said Hitesh Sheth, President and CEO of Vectra AI.

Vectra AI – a valuable asset for cybersecurity in Ukraine via NWU

In the current context of constantly escalating cyber threats and the need to ensure a high level of cyber resilience, Vectra AI solutions are strategically important for Ukrainian organizations. The war in Ukraine has significantly increased the level of cyberattacks, making reliable protection a critical necessity for all sectors of the economy and public administration.

Thanks to NWU, the official distributor of Vectra AI in Ukraine, it is now possible for the domestic IT market to buy NDR (Network Detection and Response) from a global leader. NDR is an integral part of the SOC triad alongside SIEM and EDR, providing a full cycle of threat detection and response.

Vectra AI is a leader in detecting and responding to hybrid cloud threats based on security artificial intelligence. Only Vectra optimizes artificial intelligence to detect adversary methods — TTP (Tactics, Techniques, and Procedures), which are the foundation of all attacks — instead of simply alerting about “other” anomalies. The resulting highly accurate threat signal and clear context allow cybersecurity teams to quickly respond to threats and prevent attacks from escalating into full-blown breaches. The Vectra AI platform and services cover public cloud, SaaS applications, identity systems, and network infrastructure, both on-premises and in the cloud. Organizations worldwide rely on the platform and services of Vectra AI to achieve resilience against: ransomware, supply chain compromise, credential theft, and other cyberattacks.

Are you ready to ensure comprehensive protection of your cloud and hybrid environments from the latest threats? Contact NWU to buy NDR for SOC or to request a demo of the Vectra MXDR solution in Ukraine today.