Looking to stay one step ahead of attackers, the GCC’s premium aluminium producer has deployed technology from Vectra to detect real attacks and their progression throughout the cyber kill chain, so they can rapidly investigate and stop an attack from becoming a breach. This proactive approach, coupled with a significant reduction in false positives, means one security analyst can now manage the entire SOC operations for the company.
“When it comes to protecting against attacks, the key challenge we faced was visibility — silos and isolated networks exist across the environment, and it was difficult to control it completely,” commented a spokesperson from the aluminium producer. “We also struggled with alert fatigue — we used to have a SIEM, and antivirus solutions and we would get a lot of alerts, which meant our SOC analysts had to manually analyse and prioritise the alerts. And finally, our security solutions, be it the SOAR and EDR solutions, firewalls or IPSs, are all reactive which meant that by the time we received a trigger, it was already too late, and the attacker was in our network.”
The Vectra platform, underpinned by the company’s ground-breaking Attack Signal Intelligence technology, has allowed the aluminium producer’s security team to move from a reactive to a more proactive approach to cybersecurity and pick up on threats before they have had a chance to materialise into something malicious. Contrast to approaches that leverage AI for anomaly detection and require human tuning and maintenance, Vectra Attack Signal Intelligence continuously and automatically monitors for attacker methods with a set of Security AI models programmed with an understanding of attacker TTPs. The results run through another layer of AI which combines an understanding of the organisation’s environment with threat models and human threat intelligence, to automatically surface and prioritise threats based on severity and impact.
“The biggest advantage of the Vectra solution is the anomaly detection because it’s not signature based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well,” added the spokesperson at the aluminium producer.
The result is that the aluminium producer is able to identify up to 90% of threats in the very initial stages, while reducing the number of false positives to just 1%. As a consequence, just one security analyst is now able to manage the entire SOC operations.
“Today, security teams are over-stretched and suffer burnout. They are stuck in a vicious cycle of having to manually maintain detection rules, triage alerts, and figure out what alerts to prioritise. Compounding these challenges is the fact that today, the biggest threats facing organisations in the region is the unknown compromise. These are precisely the challenges that the aluminium producer was facing and why they selected Vectra to underpin their SOC,” commented Taj El-Khayat, Managing Director for EMEA South at Vectra AI. “I am confident that with Vectra, the company’s security professionals will no longer have to worry about detecting and prioritising threats and can instead devote their time to doing what they do best — investigating and responding to real attacks.”
Discussion about this post