To stay one step ahead of attackers, the GCC’s leading producer of premium aluminum deployed Vectra’s technology to detect real attacks and their progression through the entire cyber kill chain, so they can quickly investigate and prevent attacks from becoming breaches. This proactive approach, combined with a dramatic reduction in the rate of false positives, means that a single security analyst can now manage a company’s entire SOC operation.
“The main challenge we face when it comes to protecting against attacks is visibility – there are silos and siled networks in the environment and it’s very difficult to fully control it,” commented a spokesperson for the aluminum producer. “We also struggled with alert fatigue – we used to have SIEM and antivirus solutions and we would get a lot of alerts, which meant our SOC analysts had to manually analyze and prioritize alerts. Finally, Our security solutions, whether they are SOAR and EDR solutions, firewalls or IPS, are reactive, which means that by the time we receive the trigger, it is too late and the attacker has already entered our network.”
The Vectra platform, based on the company’s breakthrough attack signature intelligence technology, enables the aluminum producer’s security team to move from a reactive to a more proactive approach to cybersecurity and spot malicious threats before they have a chance to materialize of. Compared to methods that leverage AI for anomaly detection and require manual tuning and maintenance, Vectra Attack Signal Intelligence continuously and automatically monitors attacker methods using a set of secure AI models programmed with an understanding of attacker TTPs. The results run through another layer of AI that combines an understanding of an organization’s environment with threat models and human threat intelligence to automatically discover and prioritize threats based on severity and impact.
“The biggest advantage of Vectra’s solution is anomaly detection, as it is not signature-based. It captures very well the initial parts of any attack, such as reconnaissance and those aspects of the kill chain,” added a spokesman for the aluminum producer .
The result was that the aluminum producer was able to identify up to 90% of the threats at an early stage, while reducing the number of false positives to just 1%. As a result, now only one security analyst can manage the entire SOC operation.
“Today, security teams are overstretched and burnt out. They are caught in a vicious cycle of having to manually maintain detection rules, triage alerts, and determine which alerts to prioritize. Compounding these challenges, today, organizations in the region face The biggest threat is unknown compromises. These are exactly the challenges this aluminum producer faces and why they chose Vectra to support their SOC”, commented Taj El-Khayat, Managing Director, EMEA South, Vectra AI. “I believe that with Vectra, a company’s security professionals will no longer need to worry about detecting and prioritizing threats, but can spend their time doing what they do best – investigating and responding to real attacks”.