Vectra Threat Intelligence: The Icing on the Cake

August 6, 2020
John Mancini
Product Management at Vectra AI
Vectra Threat Intelligence: The Icing on the Cake

AI-based detections are great at identifying unknown and known attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give security teams the most durable coverage and the earliest understanding across unknown and known threats.

However, just like AI models, all threat intel is not created equal. Most threat intelligence available in network detection and response (NDR) products is poorly validated and out of date, which leads to false positives and late coverage.

This is why we’re excited to introduce Vectra Threat Intelligence—a highly curated, up-to-date threat intelligence feed that gives customers high-fidelity coverage of known threats and threat actors across cloud, data center, IoT and infrastructure.

Leveraging this multi technique approach allows Vectra to confidently and instantly find, stop and identify known attackers the moment they establish an initial foothold, and reliably detect unknown threat actors and stop them before they move closer to their malicious objectives.

Our agnostic approach applies more techniques and technologies to threat hunting to ensure the fastest, broadest and most accurate attacker coverage possible, leaving them with nowhere to hide.

Augmenting AI

When it comes to detecting threats, AI is Vectra’s north star. AI can detect patterns of behavior, separate the signal from noise, and provide a fidelity that other detection techniques cannot match.

Take the example of remote access trojans (RAT) which include software like the nation state sponsored Taidoor that was recently analyzed by CISA. We discussed a behavioral approach to detecting RATs in our previous blog. This underlying behavior has remained stable over the years, enabling Vectra to detect the next big RAT without any changes or knowledge of the specific tool or command and control (C2) infrastructure.

This durable AI approach is complemented by Vectra threat intelligence, which tracks IPs and Domains associated with specific attacker infrastructure. A host with a threat intel match for Taidoor RAT and an AI-based RAT detection provides a crystal-clear view of the threat and criticality. Vectra Threat intelligence immediately triggers on the first communication with the known bad infrastructure, while Vectra AI provides the context of the behaviors and attacker progression.

context of the behaviors and attacker progression

High-quality indicators

The value of threat intelligence is only as good as its source and requires regular curated indicators to be effective.

Vectra Threat Intelligence does not rely on open-source threat feeds and we only consider the highest-quality indicators to ensure that no threat goes undetected. It is curated and continuously updated to keep pace with the evolving threat landscape.

Vectra Threat Intelligence is immediately available in version 5.9 for all Detect customers at no additional cost. To learn more, contact us or schedule a demo.