Is cyberattack defence broken? As a Product Marketing Manager at Vectra AI, I attended the Gartner Security and Risk Summit in London recently for the first time and this was my first question. Right after the first keynote session, I confirmed that the spiral of more is real in cybersecurity. More attacks, more tools, more alerts, and more burnout.
Throughout the conference, I repeatedly encountered the same three themes:
- How can we achieve effective and efficient security outcomes without overwhelming our resources and capabilities?
- How can we leverage AI to defend against evolving attackers who are embracing AI?
- How can our Security Operations Center (SOC) protect identities from being used by attackers?
In this blog post, I will share some of the key takeaways from the summit and Vectra AI’s unique approach to address these questions.
Minimum Effective Mindset
The first takeaway is the concept of “minimum effective mindset,” which is the idea of finding the optimal balance between security and simplicity.
Minimum Effective Toolset
More tools do not ensure better protection. Although 75% of organizations are pursuing vendor consolidation1, they ultimately utilize more tools and technologies as security leaders still feel they are not properly protected2. Security teams should aim for the fewest technologies required to observe, defend, and respond to exploitation attempts. When evaluating tool effectiveness, security teams are encouraged to consider the interoperability between the tools and the time and effort required to manage, maintain, and use them.
Minimum Effective Expertise
More cybersecurity professionals do not necessarily deliver better protection. With a 65% growth in demand for cybersecurity talent in a market that already has a 3.4 million talent shortage34, hiring more experts is not the answer to the problem of rising sophisticated attacks. Therefore, security teams should shift their focus to developing minimum effective expertise. One example is to leverage AI to reduce the amount of repetitive and tedious tasks.
Vectra AI’s Integrated Hybrid Attack Threat Detection And Response
With Vectra AI’s platform, attackers’ behaviors are visible across networks, identities, public cloud, and SaaS. Signals are integrated across domains to remove latency in detection, investigation, and response processes. Our solution boosts SOC analyst productivity by more than 2x as we reduce alert noise by 80%. We also reduce detection engineering time from months to days as we leverage 150+ pre-built detection models. Our tool has 40+ pre-built integrations across EDR, SIEM,SOAR, ITSM tools, ensuring that it is interoperable with your existing tools.
AI Defense Against AI Attacks
The second takeaway is the need to effectively use AI to defend against increasingly sophisticated attackers who are embracing AI to automate and optimize their malicious activities. While most security vendors claim that they use AI in their technology, it is more important for security teams to remain critical and ask the right questions to evaluate their tools. For example, does their AI/ML approach simply detect anomalies and require constant human tuning and maintenance? Does their research only focus on specific tools/attack groups that will be hard to apply to newer techniques? Does their algorithm run on periodic batches that could result in a delay of alerting and provide attackers with the opportunity to progress their attacks further? Even if vendors give you the perfect answers, validation is the key to preventing vendors from over-promising and underdelivering. Security teams are encouraged to use both internal and external methods, such as attack simulation tools and third-party validation services to do so.
Vectra AI’s Unique AI Approach to Find the Attacks That Others Can’t
To effectively defend against AI attacks, we need to take the attacker’s view in AI defense. Vectra AI has 35 patents in AI-driven threat detection and is the most referenced vendor by MITRE D3FEND. Our detections focus explicitly on finding attackers and identifying attacker methods in action, not just anomalies. Our security-led AI algorithms study how single events correlate with actionable security incidents. Our patented Attack Signal IntelligenceTM uses AI/ML to analyze attacker behaviors and traffic patterns unique to the customer’s environment to reduce alert noise and surface only relevant true positive events. Our R&D team not only constantly monitors and reviews attacker methods, but also studies the general methods they are using. This ensures Vectra AI can build coverage for both tools that execute attacks today and those to be developed in the future. As the speed of detection matters, our algorithms run on streaming data instead of running on periodic batches to ensure ample time to stop the progression of attackers.
Identity Fabric in the SOC
Given that AI is the way to go, where can it be deployed for the quickest time to value? This brings me to the third takeaway – SOC teams should leverage AI for identity attack detection and response. 84% of organizations suffer from identity-related breaches5. Attackers often target the credentials and privileges of users, especially super admins, to gain access and move laterally across networks. The latest MGM and Caesar’s Palace breaches are prime examples. To address this, we need to think beyond prevention. Prevention can fail, especially since humans are often the weakest link in cybersecurity. My colleague recently told me that her access to her ex-employer’s super admin account was only revoked six months after she left the company. Imagine what attackers can do. We need visibility into attackers’ behavior between initial identity access and attackers’ reaching the crown jewel. We need to detect when a privilege account is being targeted and when attackers move laterally across network and cloud environments.
Vectra AI’s IDR Stops Attacks Before They Reach the Crown Jewel
Vectra AI’s IDR solution allows you to detect threats in both network (ActiveDirectory) and cloud (Azure AD and M365) environments, offering integrated hybrid visibility. Our patented Privilege Account Analytics learn account privilege to help security analysts automatically discover and focus on accounts most useful to attackers.
As I reflect on the three-day conference, I realize that a fundamental shift is required to tackle the spiral of more. With a minimum effective mindset to embark on an effective AI defense journey, I hope we can continue to partner with more security teams to stop attackers from creating an impact on your organization.