Vectra Threat Intelligence: the Icing on the Cake

Vectra Threat Intelligence: the Icing on the Cake

Vectra Threat Intelligence: the Icing on the Cake

By:
投稿者:
John Mancini
August 6, 2020

AI-based detections are great at identifying unknown and known attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give security teams the most durable coverage and the earliest understanding across unknown and known threats.

However, just like AI models, all threat intel is not created equal. Most threat intelligence available in network detection and response (NDR) products is poorly validated and out of date, which leads to false positives and late coverage.

This is why we’re excited to introduce Vectra Threat Intelligence – a highly curated, up-to-date threat intelligence feed that gives customers high-fidelity coverage of known threats and threat actors across cloud, data center, IoT and infrastructure.

Leveraging this multi technique approach allows Vectra to confidently and instantly find, stop and identify known attackers the moment they establish an initial foothold, and reliably detect unknown threat actors and stop them before they move closer to their malicious objectives.

Our agnostic approach applies more techniques and technologies to threat hunting to ensure the fastest, broadest and most accurate attacker coverage possible, leaving them with nowhere to hide.

Augmenting AI

When it comes to detecting threats, AI is Vectra’s north star. AI can detect patterns of behavior, separate the signal from noise, and provide a fidelity that other detection techniques cannot match.

Take the example of remote access trojans (RAT) which include software like the nation state sponsored Taidoor that was recently analyzed by CISA. We discussed a behavioral approach to detecting RATs in our previous blog. This underlying behavior has remained stable over the years, enabling Vectra to detect the next big RAT without any changes or knowledge of the specific tool or C2 infrastructure..

This durable AI approach is complemented by Vectra threat intelligence, which tracks IPs and Domains associated with specific attacker infrastructure. A host with a threat intel match for Taidoor RAT and an AI-based RAT detection provides a crystal-clear view of the threat and criticality. Vectra Threat intelligence immediately triggers on the first communication with the known bad infrastructure, while Vectra AI provides the context of the behaviors and attacker progression.

High-quality indicators

The value of threat intelligence is only as good as its source and requires regular curated indicators to be effective.

Vectra Threat Intelligence does not rely on open-source threat feeds and we only consider the highest-quality indicators to ensure that no threat goes undetected. It is curated and continuously updated to keep pace with the evolving threat landscape.

Vectra Threat Intelligence is immediately available in version 5.9 for all Cognito Detect customers at no additional cost. To learn more, contact us or schedule a demo.

About the author

John Mancini

John Mancini leads the product management of machine learning-based threat detection algorithms at Vectra. He is a product-driven technologist with extensive experience research, development and design of software backed by machine learning and AI. Previously, John held the position of lead data scientist and received a patent for an improved method, system, and computer program product for identifying malicious payload exchanges which may be associated with payload injection or root-kit magic key usage.

Author profile and blog posts

Most recent blog posts from the same author

Artificial intelligence

Vectra Threat Intelligence:脅威インテリジェンスでさらなる高みへ

August 6, 2020
Read blog post
Artificial intelligence

Vectra Threat Intelligence: the Icing on the Cake

August 6, 2020
Read blog post