In all my years working in the security space, I’ve never heard a customer tell me they would prefer to have more sensors in their environment. Being able to suffice multiple requirements in a single consolidated sensor relieves complexity and lowers cost. With the release of Vectra Match, a solution is now within easy reach.
Security teams require:
- AI-driven behavioral detection to find attacks that bypass prevention and traditional signature-based systems.
- High quality metadata to power compliance, threat surface investigation, deep dive incident response and manual threat hunting.
- Traditional signature-based solutions to:
o Meet compliance and regulatory standards.
o Make use of previous investments in signature development or acquisition.
o Provide additional context and validation of signals as malicious.
Teams also need efficient, consolidated sensor footprints that help reduce operational costs associated with rack space, power, HVAC, patching/updating, salaries and other soft costs, etc. Traditional signature-based solutions typically leave blind spots for monitoring because they are often deployed only at egress/ingress and some high value choke points in an environment. Even when fully deployed, prevention mode is typically rarely used for fear of breaking legitimate business processes due to high false positive rates and limited response options.
Vectra offers a full suite of response options from native automated or manual Lockdown to SIEM or SOAR driven integrations. These options allow for a more measured response that doesn’t impact business operations. Additionally, Vectra is typically deployed with full visibility to both north/south and east/west flows which eliminates blind spots.
Adding Vectra Match to your deployment of the Vectra Threat Detection and Response platform allows an embedded Suricata engine to run your existing rulesets without having to deploy new hardware. The same sensors that already supply the data required for behavioral detection and metadata output, storage and analysis — can now also be used to meet signature matching requirements.
Now, you can remove legacy sensors that may have only done signature-based detection or produced metadata, and instead — cover your entire environment with a single consolidated sensor that provides the only Attack Signal Intelligence™ on the planet. Vectra supports cloud, hybrid and traditional network environments — deploying in minutes with support for feeding logs to your existing alert management system. Software updates are fully automatic, removing the burden of managing updates and patching across a stack of technologies from different vendors. Vectra truly provides the one sensor to rule them all.