An account has been accessed successfully from an AWS public cloud IP which is unusual for this account.
Vectra AI Platform�s AI continuously learns whether a cloud provider and region are typical for a given user based on their history.
Possible Root Causes
An attacker has successfully logged into an account using an AWS public cloud IP. The attacker uses a public IP to mask their true location, making the access appear to originate from a normal geolocation and IP space.
A user or user-connected software has logged into an account from an AWS public cloud IP provider and region for the first time. This may reflect legitimate usage or the initiation of a cloud-based service associated with the account.
Business Impact
An attacker who gains access to an internal account can leverage connected applications to further their attack.
Steps to Verify
Review if the account owner has a legitimate reason to access their account from the AWS public cloud.
Examine available logs to determine if there has been any progression of the attack.
Contact the account owner to confirm whether the observed activity was initiated by them.
Azure Suspicious Access from AWS Cloud
Possible root causes
Malicious Detection
Benign Detection
Azure Suspicious Access from AWS Cloud
Example scenarios
Azure Suspicious Access from AWS Cloud
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.