Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Expanding the "R" in NDR: Account Lockdown

By:
Jose Malacara
February 13, 2020

We are happy to announce Vectra’s Account Lockdown, extending the efficiency of your security operations. Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your SOC analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.

Account Lockdown can be performed manually by an analyst or automatically on an analyst's behalf. Manual Account Lockdown allows the analyst to disable a network account during the course of a security investigation with a one-click button action. Automatic Account Lockdown provides automated enforcement, giving you a temporary remediation action whenever your SOC personnel are not available to take immediate action.

Account Lockdown utilizes a configurable set of thresholds, namely Observed Privilege, account Threat and Certainty scores. These high-fidelity signals take advantage of Vectra's Privilege Access Analytics detection suite, which assist in identifying misused or stolen account credentials based on observed privilege, rather than granted privilege. Account Lockdown's identity-based level of enforcement provides the most granular, surgical remediation action you can take against an attacker.

This builds on a platform that is optimized for your response workflows:

  • Enforce through existing security investments. Enable actions through orchestration, EDR and NAC solutions.
  • Response begins with knowing what to take enforcement on. Skip the noise from anomaly-based systems. Anchor your response to an approach that covers an industry-leading number of the network behaviors in the MITRE ATT&CK framework.
  • Focus response on assets that attackers will target. Prioritize those with elevated levels of privilege, risk and likelihood of a threat.
  • Too many alerts? Let automation help. Roll up isolated alerts into a single incident to investigate.

Uplevel your SOC's efficiency while buying them precious time to investigate and protect your network with Account Lockdown from Vectra. Contact us to learn more.

About the author

Jose Malacara

Jose Malacara is a senior product manager at Vectra. He is an AWS Certified Solutions Architect and has over 18 years of broad technology experience, drawing on his many years working in various product management, sales and network engineering roles building and supporting cloud applications for companies like FATHOM, Rackspace and ANX.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Expanding the "R" in NDR: Account Lockdown

February 13, 2020
Read blog post