AI Helps Detect Evasive Cyberattackers

By
Willem Hendrickx
|
November 29, 2022

Cybercrime has been rampant across the IT landscape for many years. Cyberattacks used to be relatively easy to detect, given some awareness and solid ICT knowledge. But modern threats are increasingly evasive and difficult to detect. Fortunately, there is a solution for this in the form of AI-driven threat detection and response.

The Constant Battle Against Cyberattacks

In recent years, it has become a sheer necessity for companies to protect themselves from external cyberthreats, which can sometimes have disastrous consequences on their business continuity and reputation. Cyberattacks have become more frequent and urgent, especially with the growing complexity in the IT world, making the search for useful long-term solutions laborious.

AI-driven Solutions as Valuable Partner

AI has proved to be an extremely valuable partner in detecting and stopping these modern cyberattacks. "For the past 10 years, cybersecurity defense has focused mainly on what was known," sums up Willem Hendrickx, Chief Revenue Officer (CRO) at Vectra AI. This US-based company is a market leader in AI-driven threat detection and response. "Threat detection and response methods for people, processes, and technology used to rely heavily on signatures, anomalies, and rules to spot and stop cybercriminals. But the problem is that this approach no longer works today."

The difficulty in defending against modern cyberattacks lies in the fact that network environments are becoming increasingly complex, thus creating more and more varied attack surfaces. "Many enterprises have moved to hybrid and multicloud environments, while also setting up digital identities, supply chains, and ecosystems. This creates not only more risk but also an increased need for security and more changing regulations," Hendrickx says.

According to the CRO, sound cybersecurity boils down to arming defenders with three things: coverage, clarity, and control. "More complex IT environments create exponentially more attack surfaces, which you need to protect, or provide coverage, as a company. Working in the cloud means more vulnerabilities and exploits; it attracts more evasive and vicious attacks, which also happen faster; and, ultimately, it means maintaining more accounts that can be compromised."

That means you need more effective threat detection and response in the cloud, in terms of SaaS, identities, and networks. "That is the way to enable your security team to detect, investigate, respond, and stop cyberattacks before they become effective breaches."

Erase Unknown Threats With Vectra’s Attack Signal Intelligence

Hendrickx sees the solution in the AI-driven solution of Vectra AI, which aims to eliminate unknown threats. "Unknown threats are currently the biggest risk to organizations, leading to overly complex security, undue noise, and even analyst burnout." Vectra AI has been researching and analyzing the behavior of cyberattackers for a decade now. Based on this experience, the company created a platform rooted in Attack Signal Intelligence, to automatically detect, triage, and prioritize attacks carried out by modern, evasive, and advanced attackers. It enables defenders to think like cyberattackers, to learn their tactics, techniques, and procedures – or TTPs. Moreover, it figures out what is effectively malicious and relevant, reduces noise, and prevents burnout among analysts, who are otherwise overwhelmed by irrelevant alerts. "It is important to focus on urgent and essential threats, to reduce business risk. Our platform continuously monitors attackers' TTPs and uses defined models in real-time to detect them, and automatically triage and surface the threats that have the most impact on the business."

When Hendrickx talks about control, the last pillar of defense in cybersecurity, he is referring to the ability of analysts to do what they do best – hunt, investigate, and respond at speed and scale – with the flexibility to implement controls manually or automated through integration. "Then you don't have to jump from tool to tool to investigate, validate, or hunt for threats. You establish the automation of manual tasks while reducing the cost and complexity of IT tools."

Unfortunately, cybercrime does not seem to be going away any time soon. But it is certainly possible for businesses to not only protect themselves during an attack but also detect such attacks quickly and stop them from becoming breaches, thus reducing financial and reputational risk to the business.

The following statements work as grap handle, while managing modern cybersecurity:

  • "Unknown threats pose the biggest risk to organizations, leading to overly complex security, noise, and even analyst burnout."
  • "It is important to focus on which threats are urgent and critical to reducing business risk."
  • "Threat detection and response methods used to rely heavily on signatures, anomalies, and rules to spot and stop cybercriminals. But the problem is that this approach no longer works today."

Today's cyberthreats can often easily bypass traditional security tools. As an industry leader in AI-driven threat detection and response, Vectra helps organizations to quickly detect, prioritize, investigate, and respond to cyberthreats. Vectra stands by its customers over the entire threat landscape – regardless of industry or diversity of business environment.