Expanding the "R" in NDR: Account Lockdown

February 13, 2020
Jose Malacara
Senior Product Manager
Expanding the "R" in NDR: Account Lockdown

We are happy to announce Vectra Account Lockdown, extending the efficiency of your security operations. Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your security operations center (SOC) analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.

Account Lockdown can be performed manually by an analyst or automatically on an analyst's behalf. Manual Account Lockdown allows the analyst to disable a network account during the course of a security investigation with a one-click button action. Automatic Account Lockdown provides automated enforcement, giving you a temporary remediation action whenever your SOC personnel are not available to take immediate action.

Account Lockdown utilizes a configurable set of thresholds, namely Observed Privilege, account Threat and Certainty scores. These high-fidelity signals take advantage of Vectra's Privilege Access Analytics detection suite, which assist in identifying misused or stolen account credentials based on observed privilege, rather than granted privilege. Account Lockdown's identity-based level of enforcement provides the most granular, surgical remediation action you can take against an attacker.

This builds on a platform that is optimized for your response workflows:

  • Enforce through existing security investments. Enable actions through orchestration, endpoint detection and response (EDR) and network access control (NAC) solutions.
  • Response begins with knowing what to take enforcement on. Skip the noise from anomaly-based systems. Anchor your response to an approach that covers an industry-leading number of the network behaviors in the MITRE ATT&CK framework.
  • Focus response on assets that attackers will target. Prioritize those with elevated levels of privilege, risk and likelihood of a threat.
  • Too many alerts? Let automation help. Roll up isolated alerts into a single incident to investigate.

Uplevel your SOC's efficiency while buying them precious time to investigate and protect your network with Account Lockdown from Vectra. Contact us to learn more.