Vectra AI's User-Centric Approach to Delivering Advanced Attack Signal Intelligence

May 3, 2023
Padraig Mannion
Director of UX
Vectra AI's User-Centric Approach to Delivering Advanced Attack Signal Intelligence

Vectra AI is dedicated to developing powerful AI-driven tools to identify advanced cyber attackers in hybrid and multi-cloud environments. By engaging in extensive conversations with our users and understanding their needs, we have updated our scoring model and introduced a streamlined workflow to help cybersecurity professionals prioritize threats more effectively and better manage their daily tasks.

The New Urgency Score: A User-Centric Approach to Threat Prioritization

“Give me transparency of your scoring, help me understand what it is doing and let me optimise it for my environment.” -Finance Sector

Based on valuable user feedback, we've replaced the high-level concepts of threat and certainty with the more granular and comprehensive Urgency Score. This user-centric metric is designed to be unambiguous, weighted correctly across attack surfaces, and can be broken down into individual components, allowing cybersecurity professionals to better understand the prioritization of threats and respond accordingly.

The Urgency Score combines Vectra AI's advanced Attack Rating with user-defined Entity Importance, providing more effective threat prioritization.

The Attack Rating considers a combination of detections observed on individual hosts or accounts, attack velocity and the breadth of detections across the kill chain stages.

The Entity Importance is primarily determined by the user, allowing them to create groups for hosts or accounts and assign importance values. Vectra AI also leverages its learning models to treat hosts and accounts with high privilege access as high-importance entities.

“if something is caught in my financial network, I want to know first, even if it’s in the lower quadrant, that has a bigger impact then something that is in critical from my user network… being able to have a weight on a network assignment within Vectra would be phenomenal” -Healthcare Sector

Streamlined Workflow with Respond andHunt Pages: A Response to User Needs

The redesigned workflow, featuring the Respond and Hunt pages, significantly improves the way users interact with Vectra AI's platform, thanks to insights gathered from user feedback.

The Respond page serves as a to-do list for SOC analysts, displaying only entities with significant Urgency Scores that warrant an alert or notification. This prioritized list helps analysts understand what issues need to be addressed and in what order, ensuring they stay focused on the most important tasks.

The Hunt page, on the other hand, is an AI-powered gateway for proactive threat hunting. It provides a view of all entities in the environment, even those with behaviours not significant enough to warrant an alert from Vectra. This comprehensive list allows users to identify subtle patterns that may be significant to their investigations.

By placing user needs at the forefront, Vectra AI's new Urgency Score and enhanced workflow provide cybersecurity professionals with a more effective and user-friendly platform for threat prioritization and management. This user-centric approach empowers users to better address their security needs, ultimately strengthening their overall cybersecurity posture. Learn more about Vectra's AI-driven Threat Detection and Response platform, today.