Customer story
Retail and Wholesale

Fortune 500 Consumer Goods Company

One of the world’s leading consumer packaged goods (CPG) companies thrives on being a cloud-first enterprise while running a huge amount of activity through Amazon Web Services (AWS).


Needed a tool that could protect the amount of activity in their critical AWS infrastructure


  • Detect for AWS gained coverage within a few minutes and flagged the suspicious use of credentials early on
  • With just one click, this security team was able to open Instant Investigations with Vectra and immediately see what other activity the malicious user had performed around the time of the suspicious activity.

Fortune 500 Company Uses AI to Slam the Door on Cyberattack


Despite having preventive and compliance measures in place for cloud-security, the leading consumer packaged goods (CPG) company struggled with post-exploitation coverage and was unable to build effective rules in-house to combat threats in its massive AWS infrastructure. Without a comprehensive threat detection system, the company was vulnerable, particularly after an attacker managed to gain access to user credentials.


The company started using the Vectra Detect platform for AWS, which was designed to quickly detect and remediate any threats in the environment. The platform was put to the test early on, successfully detecting suspicious use of stolen credentials in its extensively large cloud infrastructure, featuring nearly half a billion actions each day.

Customer benefits

Vectra Detect for AWS flagged the suspicious use of credentials early on in the ocean of daily activity. The SecOps team was able to understand the suspicious activity, connect the dots with Vectra's Kingpin identity attribution technology, and use the Instant Investigations feature to view other activities associated with the credentials. With the help of Vectra, the SecOps team efficiently rotated the accessed secrets and reset ecommerce credentials, shutting down the intrusion before it could inflict serious damage to the organization.

Detect for AWS quickly proved its value—gaining coverage in a matter of minutes—and then soon after when the company was infiltrated by a malicious actor in early 2022.

Detect for AWS flagged the suspicious use of credentials early on—from the ocean of daily activity—nearly half a billion actions each day.