In his speech Massimiliano Galvagna, Country Manager for Italy of Vectra AI, points out that with the addition of Vectra Match to the Vectra NDR functionalities it is possible to correlate multiple signals that indicate the presence of a threat.
How to indicate the presence of a threat
Since March, the Vectra Match component of Vectra NDR has been offering organizations greater protection against hybrid and multi-cloud attacks. A single solution that integrates the Suricata analysis tool, improving network detection and response times to provide greater visibility into known and unknown threats while optimizing overall performance.
Ever faster times
Vectra Match consolidates behavior-based and signature-based detection actions into a single environment. The solution fits into a context where an ever-increasing number of organizations embrace identities, supply chains and digital ecosystems, more and more quickly. GRC and SOC teams are challenged to keep pace with existing and ever-evolving cyber threats. How can I have the best possible visibility into all threats? This is the challenge that Vectra Network Detection and Response (NDR) has met by integrating Vectra Match.
Combination of two approaches: AI and Suricata analysis indicators of compromise
Vectra Match is the natural evolution of Vectra’s network detection and response (NDR) capabilities to provide organizations with a higher level of protection against hybrid and multi-cloud attacks. Whether deployed on-premises or in the cloud, the Vectra NDR console increases visibility into attacks and provides a unified source of detection.
Combine two worlds
The addition of Vectra Match to Vectra’s NDR capabilities allows you to correlate multiple signals that indicate the presence of a threat. Vectra Match ensures compliance, giving organizations the ability to to monitor the signatures or indicators of compromise recommended by the authorities. Vectra Match features aim to combine two worlds: constant real-time tracking of AI-powered behaviors and verification of Suricata-specific metrics. The detection of certain signatures is sometimes necessary for sensitive companies or administrations. The detection of Indicators of Compromise also allows you to provide some evidence in the resolution of cyber incidents and contributes to compliance.
The IDS (Intrusion Detection System), a model that has had its day
The Suricata module is a worthy successor to the signature-based intrusion detection systems (IDS) introduced in the 1990s. Articulating behavior analysis with the use of old mechanisms may seem surprising, not to mention counterintuitive. Detecting signatures in network traffic greatly developed in the 1990s and 2000s, when technicians had to observe the network to understand its inefficiencies through a sequence of events. Over time, this has also made it possible to support IT security, identifying the signals emitted by an attacker.
More signals to indicate the presence of a threat
In this context, Suricata has established itself as a benchmark in the latest generation tools of this type. Today, these cyber defense tools have become more powerful and articulated to respond to modern attacks. Powered by artificial intelligence (AI) and machine learning, they are effective as soon as they come activated a based attack. In particular, on suspicious transverse movements.
The signature is no longer necessarily an indicator to watch, especially since cyber attackers have the ability to evolve their code with each attack. A cyber attack is always different and complex every time, making it difficult to detect just through a signature. Currently, network behavioral analysis, which began in 2015, is the best detection weapon.
The circle closes
Ironically, the Vectra Match component allows you to unify the two approaches: IDS and AI-powered behavioral analysis. Although it may seem illogical to centralize two cyber defense cultures in a single tool, one of which seems outdated, these are cultural reasons, also linked to a regulatory framework. Quite simply, Vectra realized that many organizations still made extensive use of signatures in their GRC processes.
What the law says
In 2023, in fact, the legislation has tax large organizations, such as banks or public administrations to rely on IDS. The security advantage does not play a decisive role in this choice, but the traditional trend continues: that it is necessary to adapt to it, to improve and optimize the customers’ existing coverage.
Vectra Match: Indicate the presence of a threat
With Vectra Match, Vectra NDR offers organizations a single appliance that shares resources to provide both worlds with the performance they need. Overall, the tool significantly improves the performance of the IDS: its detections are twenty times more efficient than a traditional system. It also allows for cross-processing, combining signature and behavior searches. Ultimately, the solution is significantly more effective than those used by organizations so far. It also validates the value of behavioral analytics employed over the past decade. Now, it also includes IDSs, so private and public organizations are better able to deal with cybercrime. In a sense, the Vectra has come full circle.