Vectra AI at CrowdStrike’s Fal.Con – Bringing a true XDR solution

October 6, 2023
Zoey Chu
Product Marketing Manager
Vectra AI at CrowdStrike’s Fal.Con – Bringing a true XDR solution

The commencement of Fal.Con leads with a real-life example

A week before traveling to Las Vegas for CrowdStrike’s annual security conference, Fal.Con, I get an ominous text from my eldest sister. She is warning me to take caution with using my credit card at any ATM or cash register in Las Vegas, supplementing the warning with links from numerous news articles. The articles tell me there have been security breaches at Caesar’s Palace and MGM Resorts properties.  

Messages from my Vectra AI colleagues who are already in Nevada depict black screens on MGM’s slot machines and ATMs. Another colleague describes how guests could not access their hotel rooms with keycards and how servers at restaurants must manually write down credit card numbers for patrons to pay for their meals. These security breaches will cost tens of millions of dollars to rectify — not even accounting for the business losses while in recovery for MGM Resorts and Caesar’s Palace.

MGM slot machines out of order because of the cyberattack in 2023
Picture taken at MGM Resorts property on September 17, 2023 by Vectra AI employee.

The breaches couldn’t have happened at a more ironic time — when thousands of folks from the cybersecurity industry are traveling to Las Vegas to talk about how to solve for the exact thing that happened to MGM Resorts and Caesar’s Palace.  

The breaches have since been mitigated; Caesar’s Palace had paid the ransom to protect their users’ data within the week of the breach, and MGM Resorts is now back online after a 10-day computer shut down. While everything now seems a-okay, both cybersecurity experts and normal day-to-day consumers wonder the same thing — what can be done to keep our data and data systems safe?

Cybercrime losses totaled over $4.1 billion in 20201; the numbers continue to grow each year

The attacks are a testament to how adaptive, widespread and dangerous cybersecurity breaches can be today, especially as more organizations adopt hybrid environments and digital ecosystems, thus creating more surface area for attackers to exploit. In the cases of MGM Resorts and Caesar’s Palace, the attacks were hybrid and compromised both identity as well as on-premises computer assets.  

We, security vendors, grow our technology each day, but the same can be said for attackers – they, too, grow stronger and more robust in their attacks with each technological advancement. Customers need not only a solution that can cover both cloud and on-premises environments, but also a solution that understands the correlation and nuances of different signals and what is relevant to reliably identify an attack.  

The search for a solution like this is concentrated in conferences like CrowdStrike’s Fal.Con, where security vendors from all over the world come together to discuss how our technology can help keep the world a safer space from attackers.

Vectra AI’s Takeaways from Fal.Con 2023

Crowdstrike adversary statue at Fal.con 2023

Vectra AI joined other security vendors at Fal.Con to add our voice into the conversation. With our booth set up next to CrowdStrike’s physical rendition of adversary, Ocean Buffalo, my colleagues and I engaged in numerous conversations with organizations that are partnered with CrowdStrike or are in the search for a security vendor to protect against major breaches like the one that happened with MGM Resorts and Caesar’s Palace.

We heard about:

  • The need for less noise among the many alerts and detections security analysts see each day.
  • The need for an integrated signal among existing and new technologies.  
  • The need for a more robust detection and response platform that covers all attack surfaces. In other words, organizations are looking for a true XDR strategy.

As conversations continue throughout the week, one thing becomes clear — security vendors are better together. That is why Vectra AI’s partnership with CrowdStrike’s Falcon Insight Platform may be a viable answer to that burning question we all have.

Cut the noise with a smart, integrated signal

Vectra AI’s patented Attack Signal IntelligenceTM delivers that smart and deeply rich context to detections that security analysts can use to cut the noise and do their job. Our Attack Signal Intelligence knows what is malicious and uses ML to automatically analyze detection patterns unique to our customers’ environments. Then, based on that analysis, we issue a score that demonstrates event relevance and distinguish malicious detections from benign, reducing >80% of alert noise.

An integrated signal on a powerful platform makes a true XDR solution

Having an EDR is critical to any organization’s security technology stack, but having just an EDR alone is not enough against the attackers we see today. An EDR does not run on identity, and it does not run on third-party servers like VMWare ESXi. Customers should look towards a combined solution that can provide complementary coverage, like the solution brought together by Vectra AI and CrowdStrike.  

Our seamless integration with CrowdStrike’s Falcon Insight Platform promises not only an integrated signal, but an integrated signal within an XDR solution. While the Vectra AI Platform provides signals for network, public cloud, SaaS, and identity, CrowdStrike’s EDR solution fills in the last piece of the puzzle – end point – and creates a full security solution that overcomes modern-day attacks.

The reality of the situation is that the potential of security breaches like the ones at Caesar’s Palace and MGM Resorts happen almost every day. Attackers will continue to exploit wherever and whenever they can. However, when security vendors come together such as CrowdStrike and Vectra AI, we all do a better job empowering defenders to detect, prioritize, investigate and stop hybrid attacks.

> Learn more about the Crowsdtrike integration with Vectra AI