360 Response: Enforced control across identity, devices, and network traffic

360 Response is Vectra AI’s unified containment capability that enables security teams to stop active attacks across identity, host, and network layers. It is a core component of the Vectra AI Platform’s continuous control approach, transforming high-confidence AI detections into enforced response actions. 360 Response uses existing identity providers, endpoint detection and response tools, and firewalls to contain threats without introducing new agents or manual workflows. By coordinating containment across multiple layers, 360 Response helps organizations regain control during active compromise and reduce the risk of escalation in complex hybrid environments.

360 Response supports continuous control by enabling fast, coordinated containment while a hybrid attack is in progress. It applies response actions across the most abused layers of the hybrid environment, including identity, endpoints, and network traffic. When high-confidence threats are detected, 360 Response can trigger identity, device, and traffic lockdowns either manually or automatically. This coordinated response cuts off attacker access, lateral movement, and communication paths at the same time, helping security teams act decisively and maintain control as attacks unfold rather than reacting after damage has occurred.

Identity Lockdown helps stop identity-based attacks by disabling or restricting compromised user accounts in Active Directory and Entra ID. When triggered, it can revoke active sessions and support password reset workflows to invalidate stolen credentials. This prevents attackers from reusing valid identities to access cloud services, SaaS applications, or on-premises resources. Identity abuse is one of the most common escalation techniques in modern attacks, and Identity Lockdown removes that advantage quickly. By enforcing identity containment early through identity threat detection and containment, security teams reduce the likelihood of privilege escalation and cross-environment pivoting.

Device Lockdown isolates compromised devices using native integrations with endpoint detection and response tools already deployed in the environment. When a device is locked down, it is removed from the network, preventing lateral movement and stopping attacker activity from that device. 360 Response does not require an additional endpoint agent, which helps teams avoid added complexity or deployment friction. Device Lockdown can be initiated manually by analysts or automatically for high-confidence threats, enabling fast containment while remaining consistent with existing security integrations with leading EDR platforms.

Traffic Lockdown enforces network-level containment by blocking attacker communication through firewall-based controls. When a threat enters lockdown, its IP address is added to a Vectra-managed blocklist that firewalls consume as an external threat feed. Firewall policies then deny traffic from those IPs, preventing command-and-control, data exfiltration, and internal pivoting. Unlike connection resets, this approach enforces persistent, policy-driven blocking that attackers cannot bypass. Traffic Lockdown extends the value of Network Detection and Response (NDR) capabilities by turning detection into enforced action.

360 Response is one of five foundational components of Vectra AI’s continuous control framework, alongside proactive threat exposure management, value reporting, analyst experience, and managed services. Together, these capabilities help organizations reduce exposure before compromise, contain threats during active attacks, and prove resilience after incidents are resolved. 360 Response focuses on the response phase by delivering enforced containment across identity, host, and network layers. When combined with Vectra AI’s detection, investigation, and reporting capabilities, it enables security teams to demonstrate measurable improvements in control, resilience, and operational maturity.