AI-based detections are great at identifying unknown and known attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give security teams the most durable coverage and the earliest understanding across unknown and known threats.
However, just like AI models, all threat intel is not created equal. Most threat intelligence available in network detection and response (NDR) products is poorly validated and out of date, which leads to false positives and late coverage.
This is why we’re excited to introduce Vectra Threat Intelligence—a highly curated, up-to-date threat intelligence feed that gives customers high-fidelity coverage of known threats and threat actors across cloud, data center, IoT and infrastructure.
Leveraging this multi technique approach allows Vectra to confidently and instantly find, stop and identify known attackers the moment they establish an initial foothold, and reliably detect unknown threat actors and stop them before they move closer to their malicious objectives.
Our agnostic approach applies more techniques and technologies to threat hunting to ensure the fastest, broadest and most accurate attacker coverage possible, leaving them with nowhere to hide.
When it comes to detecting threats, AI is Vectra’s north star. AI can detect patterns of behavior, separate the signal from noise, and provide a fidelity that other detection techniques cannot match.
Take the example of remote access trojans (RAT) which include software like the nation state sponsored Taidoor that was recently analyzed by CISA. We discussed a behavioral approach to detecting RATs in our previous blog. This underlying behavior has remained stable over the years, enabling Vectra to detect the next big RAT without any changes or knowledge of the specific tool or C2 infrastructure..
This durable AI approach is complemented by Vectra threat intelligence, which tracks IPs and Domains associated with specific attacker infrastructure. A host with a threat intel match for Taidoor RAT and an AI-based RAT detection provides a crystal-clear view of the threat and criticality. Vectra Threat intelligence immediately triggers on the first communication with the known bad infrastructure, while Vectra AI provides the context of the behaviors and attacker progression.
The value of threat intelligence is only as good as its source and requires regular curated indicators to be effective.
Vectra Threat Intelligence does not rely on open-source threat feeds and we only consider the highest-quality indicators to ensure that no threat goes undetected. It is curated and continuously updated to keep pace with the evolving threat landscape.
John Mancini leads the product management of machine learning-based threat detection algorithms at Vectra. He is a product-driven technologist with extensive experience research, development and design of software backed by machine learning and AI. Previously, John held the position of lead data scientist and received a patent for an improved method, system, and computer program product for identifying malicious payload exchanges which may be associated with payload injection or root-kit magic key usage.