Expanding the "R" in NDR: Account Lockdown
We are happy to announce Vectra Account Lockdown, extending the efficiency of your security operations. Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your security operations center (SOC) analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.
Account Lockdown can be performed manually by an analyst or automatically on an analyst's behalf. Manual Account Lockdown allows the analyst to disable a network account during the course of a security investigation with a one-click button action. Automatic Account Lockdown provides automated enforcement, giving you a temporary remediation action whenever your SOC personnel are not available to take immediate action.
Account Lockdown utilizes a configurable set of thresholds, namely Observed Privilege, account Threat and Certainty scores. These high-fidelity signals take advantage of Vectra's Privilege Access Analytics detection suite, which assist in identifying misused or stolen account credentials based on observed privilege, rather than granted privilege. Account Lockdown's identity-based level of enforcement provides the most granular, surgical remediation action you can take against an attacker.
This builds on a platform that is optimized for your response workflows:
Uplevel your SOC's efficiency while buying them precious time to investigate and protect your network with Account Lockdown from Vectra. Contact us to learn more.