 back to blog

Vectra Threat Intelligence: The Icing on the Cake

John Mancini
Product Management
August 6, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

AI-based detections are great at identifying unknown and known attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give security teams the most durable coverage and the earliest understanding across unknown and known threats.

However, just like AI models, all threat intel is not created equal. Most threat intelligence available in network detection and response (NDR) products is poorly validated and out of date, which leads to false positives and late coverage.

This is why we’re excited to introduce Vectra Threat Intelligence—a highly curated, up-to-date threat intelligence feed that gives customers high-fidelity coverage of known threats and threat actors across cloud, data center, IoT and infrastructure.

Leveraging this multi technique approach allows Vectra to confidently and instantly find, stop and identify known attackers the moment they establish an initial foothold, and reliably detect unknown threat actors and stop them before they move closer to their malicious objectives.

Our agnostic approach applies more techniques and technologies to threat hunting to ensure the fastest, broadest and most accurate attacker coverage possible, leaving them with nowhere to hide.

Augmenting AI

When it comes to detecting threats, AI is Vectra’s north star. AI can detect patterns of behavior, separate the signal from noise, and provide a fidelity that other detection techniques cannot match.

Take the example of remote access trojans (RAT) which include software like the nation state sponsored Taidoor that was recently analyzed by CISA. We discussed a behavioral approach to detecting RATs in our previous blog. This underlying behavior has remained stable over the years, enabling Vectra to detect the next big RAT without any changes or knowledge of the specific tool or command and control (C2) infrastructure.

This durable AI approach is complemented by Vectra threat intelligence, which tracks IPs and Domains associated with specific attacker infrastructure. A host with a threat intel match for Taidoor RAT and an AI-based RAT detection provides a crystal-clear view of the threat and criticality. Vectra Threat intelligence immediately triggers on the first communication with the known bad infrastructure, while Vectra AI provides the context of the behaviors and attacker progression.

context of the behaviors and attacker progression

High-quality indicators

The value of threat intelligence is only as good as its source and requires regular curated indicators to be effective.

Vectra Threat Intelligence does not rely on open-source threat feeds and we only consider the highest-quality indicators to ensure that no threat goes undetected. It is curated and continuously updated to keep pace with the evolving threat landscape.

Vectra Threat Intelligence is immediately available in version 5.9 for all Detect customers at no additional cost. To learn more, contact us or schedule a demo.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch