 back to blog

Expanding the "R" in NDR: Account Lockdown

Jose Malacara
Senior Product Manager
February 13, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

We are happy to announce Vectra Account Lockdown, extending the efficiency of your security operations. Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your security operations center (SOC) analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.

Account Lockdown can be performed manually by an analyst or automatically on an analyst's behalf. Manual Account Lockdown allows the analyst to disable a network account during the course of a security investigation with a one-click button action. Automatic Account Lockdown provides automated enforcement, giving you a temporary remediation action whenever your SOC personnel are not available to take immediate action.

Account Lockdown utilizes a configurable set of thresholds, namely Observed Privilege, account Threat and Certainty scores. These high-fidelity signals take advantage of Vectra's Privilege Access Analytics detection suite, which assist in identifying misused or stolen account credentials based on observed privilege, rather than granted privilege. Account Lockdown's identity-based level of enforcement provides the most granular, surgical remediation action you can take against an attacker.

This builds on a platform that is optimized for your response workflows:

  • Enforce through existing security investments. Enable actions through orchestration, endpoint detection and response (EDR) and network access control (NAC) solutions.
  • Response begins with knowing what to take enforcement on. Skip the noise from anomaly-based systems. Anchor your response to an approach that covers an industry-leading number of the network behaviors in the MITRE ATT&CK framework.
  • Focus response on assets that attackers will target. Prioritize those with elevated levels of privilege, risk and likelihood of a threat.
  • Too many alerts? Let automation help. Roll up isolated alerts into a single incident to investigate.

Uplevel your SOC's efficiency while buying them precious time to investigate and protect your network with Account Lockdown from Vectra. Contact us to learn more.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch