www.vectra.ai Open in urlscan Pro
52.17.119.105  Public Scan

Submitted URL: https://email.vectra.ai/e3t/Ctc/I8+113/d2zHvP04/MX9gzGvDtl6W5Q1Ynw4xpwlzW76My9755fmBGN8JCsFl3dh8MW8wLKSR6lZ3lZW8ZrbjK60J...
Effective URL: https://www.vectra.ai/blog/the-defenders-dilemma-the-need-for-time-tools-that-build-skills-and-expertise?utm_medium=em...
Submission: On November 03 via api from ES — Scanned from ES

Form analysis 1 forms found in the DOM

/search

<form action="/search" class="l-menu__search w-form" style="display: none; width: 0px;" __bizdiag="107944136" __biza="WJ__" data-hs-cf-bound="true"><input type="search" maxlength="256" name="query" placeholder="Search" required=""
    class="search-input w-input"><input type="submit" value="Search" class="search-button w-button">
  <div data-w-id="7a64a142-e9d6-8fa1-e1e0-918d763dcc31" class="search-exit"></div>
</form>

Text Content

SOC analysts get 4,484 (average) alerts daily and can’t deal with 2/3 of them.
Read the 2023 State of Threat Detection Report

Platform

Platform

The integrated signal for extended detection and response (XDR). Detect –
Prioritize – Investigate – Respond
Public Cloud

SaaS

Identity

Network

Managed Detection & Response Services

See our integrations

Our AI

Arm your security analysts with intel to stop attacks fast. Attack Signal
Intelligence analyzes in real-time to show where you’re compromised right now.
Use Cases

SOC Modernization
SIEM / SOAR Optimization

IDS replacement

EDR extension

Cyber Resilience
Cloud Identity Protection

Cloud Control Plane Protection

Cloud Posture Improvement

Risk Management
Critical Infrastructure Risk

OT Environment Risk

Remote Workforce Risk

See all use cases

Hybrid Attack Types
Account Takeover

Advanced Persistant Threats

Data Breach

Ransomware

Supply Chain Attacks

Nation State Attacks

Hybrid Attacks Progressions
Zero-day exploit

Spear Phishing

MFA Bypass

Live off the Land

Credential Stuffing

Industries
Banking and Finance

Government/Federal

Telecom

Manufacturing

Pharmaceuticals

Energy & Utilities

Healthcare

Higher Education

Real Estate

Retail & Wholesale

Customers

Support Hub
Customer Stories

Knowledge Center

Product Releases

Professional Services
Managed Detection & Response Services

It’s back! Two exciting locations.
Charlotte, North Carolina 03/11-14/2024; Lisbon, Portugal 03/25-28/2024
Register now


--------------------------------------------------------------------------------

Customer login

Research  & Insights
Resources

Blog

Breaking news and expert insights
Events & Webinars

Blue Team Workshops, on-demand webinars and global events near you
Resource Center

Research reports, attack anatomies, white papers, guides, datasheets and
customer stories
Product in action
Vectra AI Platform Demo

CDR Product Tour (AWS)

NDR Product Tour (Ransomware)

CDR/IDR Product Tour (Azure AD, M365)

See the Vectra AI Platform in action.
See how integrated signal from Vectra AI lets you see and stop sophisticated
attacks other technologies miss.
Take the interactive tour

Partners

Find a Partner
Strategic Alliances

Technology partners

Become a Partner
Overview

Managed Services Provider (MSSP)

Value Added Reseller (VAR)

Company

About Us

See why we’re the world leader in AI security
Leadership

Board of Directors

Investors

Media Coverage

Contact Us

Request an intro with a Vectra AI security expert
Support

Deployment guides, knowledge base, release notes and security announcements
Careers

Join the team behind the world’s first AI-based cybersecurity platform
News releases

Breaking news from Vectra AI
Vectra AI Blog

Expert insight from security researchers, data scientists and engineers
Media Room

Challenges in Azure Log Monitoring: Insights for Your SOC
Vectra AI’s Security Research Team identified issues in Entra ID and Microsoft
365 logs that make your job harder — and may help attackers evade detection.
Read more

Free Demo

English

FrançaisDeutsch日本語EspañolItalianoTürkçe
Platform

Customers

Research & Insights
Resources

Partners

Company

English

FrançaisDeutsch日本語EspañolItalianoTürkçe
Log in
Free Demo
Back
Platform
The integrated signal for extended detection and response (XDR). Detect –
Prioritize – Investigate – Respond
Public Cloud
SaaS
Identity
Network
Managed Detection & Response Services
See our Integrations
Our AI
Arm your security analysts with intel to stop attacks fast. Attack Signal
Intelligence analyzes in real-time to show where you’re compromised right now.
Use Cases

Attack Types

Emerging Attack Methods

Industries

Back / Platform
Use Cases
SOC Modernization
SIEM / SOAR Optimization
IDS replacement
EDR Extension
Cyber Resilience
Cloud Identity Protection
Cloud Control Plane Protection
Cloud Posture Improvement
Risk Management
Critical Infrastructure Risk
OT Environment Risk
Remote Workforce Risk
See all use cases

Attack Types
Account Takeover
Advanced Persistant Threats
Data Breach
Ransomware
Supply Chain Attacks
Nation State Attacks
Emerging Attack Methods
Hybrid Cloud
Lazarus Group
Lapsus$
Volt Typhoon
Microsoft SaaS
Industries
Banking and Finance
Government/Federal
Telecom
Manufacturing
Pharmaceuticals
Energy & Utilities
Healthcare
Higher Education
Real Estate
Retail & Wholesale
Back
Customers
Support Hub
Customer Stories
Knowledge Center
Product Releases
Professional Services
Managed Detection & Response Services
Resources
Blog
Events & Webinars
Resource Center
Product in action
Vectra AI Platform Demo
CDR Product Tour (AWS)
NDR Product Tour (Ransomware)
CDR/IDR Product Tour (Azure AD, M365)
Find a Partner
Strategic Alliances

Technology partners

Become a Partner
Overview
Managed Services Provider (MSSP)
Value Added Reseller (VAR)
About Us
See why we’re the world leader in AI security
Leadership
Board of Directors
Investors
Media Coverage
Contact Us

Support

Careers

News releases

Vectra AI Blog

Media Room

Cybersecurity


THE DEFENDERS’ DILEMMA - THE NEED FOR TIME & TOOLS THAT BUILD SKILLS AND
EXPERTISE

October 17, 2023
Mark Wojtasiak
Vice President of Product Marketing


At Vectra AI we believe in the importance of security testing – it is one of the
best ways to improve defenders’ skills and expertise and build confidence that
ongoing security investments continue to provide ROI.

Core to this endeavor is empowering defenders by making effective security
testing easier, more effective, and more accessible when it comes to exposing
risk, prioritizing mitigations, and increasing safety. That’s why we invest so
heavily in our own teams to not only build and share their expertise but also
develop and contribute tooling into the broader defender community.

“Everyone has security testing going on around the clock; you just aren’t always
notified ahead of time, nor will you always receive the report.”

This tongue-in-cheek sentiment in the security community typically underscores
that there is always someone probing the attack surface of the enterprise – the
obvious preference is that it is the defenders who in turn use that knowledge to
harden and mitigate risk. The unfortunate reality is that defenders face
barriers to performing internal security testing, ranging from time, to skills,
to tooling, to the underlying costs of the activity.

This is a problem that requires a community solution – and we are proud to be
part of a community that continues to invest in our defenders. To that end, we
are highlighting three projects driven by our Vectra AI team members that we are
proud to offer our defender community:  

 * MAAD-AF
 * ./HAVOC
 * The DeRF


MAAD-AF

The Microsoft 365 & AzureAD - Attack Framework (MAAD-AF), is an open-source
cloud attack tool developed for testing security of Microsoft 365 & Azure AD
environments through adversary emulation. MAAD-AF enables security practitioners
with easy-to-execute attack modules that exploit M365/AzureAD tools & services
to emulate attacker TTPs in the cloud. MAAD-AF is designed to make cloud
security testing simple, fast and effective. Through its virtually no-setup
requirement and easy interactive modules, security teams can test their security
controls and detection & response capabilities easily and swiftly.

https://github.com/vectra-ai-research/MAAD-AF/tree/main


./HAVOC

· ./HAVOC is an open-source Adversary Emulation as Code platform and framework.
The platform provides capabilities that purple-teamers will love such as
containerized infrastructure, supporting services that include load-balancers
with CA-signed certificates to neatly obscure your C2 traffic behind, and
cloud-native features like triggers for executing commands in response to an
action, and pre-signed URLs for securely downloading and uploading files. A
playbook operator allows for autonomous execution of playbooks that carry out
full kill-chain adversary operations like recon, lateral movement, and
exfiltration.

https://havoc.sh


THE DERF

The DeRF (Detection Replay Framework) is an "Attacks-as-a-Service" framework,
allowing the emulation of offensive techniques and generation of repeatable
detection samples in the cloud. Use the DeRF to simulate attacker behavior,
exercise detection portfolios and validate restrictive controls in the cloud.

https://thederf.cloud

Whether you’re an incident handler, a threat-hunter, a red teamer, or somewhere
in-between – we value your partnership, we’re open to your feedback, and we’re
eternally grateful to be members of the larger defender community solving this
problem together. After all, defense is a team sport.

Happy hunting!

‍


WANT TO LEARN MORE?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and
response. The Vectra platform and services cover public cloud, SaaS
applications, identity systems and network infrastructure – both on-premises and
cloud-based. Organizations worldwide rely on the Vectra platform and services
for resilience to ransomware, supply chain compromise, identity takeovers, and
other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this
and what you can do to protect your data. We can also put you in contact with
one of our customers to hear directly from them about their experiences with our
solution.

Contact us



RELATED BLOGS

October 26, 2023

Cybersecurity
The Defenders’ Dilemma – the need to be heard

In my last post, we talked about the importance of security testing as one of
the best ways to improve defenders’ skills and expertise and build confidence
that ongoing security investments continue to provide ROI.

Read more

October 17, 2023

Cybersecurity
The Defenders’ Dilemma - The need for time & tools that build skills and
expertise

The best ways to improve defenders’ skills and expertise and build confidence
that ongoing security investments continue to provide ROI.

Read more

October 3, 2023

Cybersecurity
Who’s on the hook when Cybersecurity Awareness fails? The Defenders’ Dilemma

Hooray! It’s Cybersecurity Awareness Month – a security marketer's dream. An
entire month dedicated to building awareness and educating the public on
adopting safe cyber practices.

Read more

Platform
Public CloudSaaSIdentityNetworkEndpoint
Managed Detection & Response Services
See our Integrations

Our AI
Vectra AI Detections

Use Cases
SOC Modernization
EDR ExtensionIDS ReplacementPCAP ReplacementSIEM / SOAR Optimization
Signature + AI-driven Detection
Cyber Resilience
Cloud Identity ProtectionCloud Control Plane Protection
Cloud Posture Improvement
Risk Management
Cloud Identity ProtectionCloud Control Plane Protection
Cloud Posture Improvement
See all Use Cases

Hybrid Attack Types
Account TakeoverAdvanced Persistent ThreatsData BreachNation State
AttacksRansomware
Supply Chain Attacks
Hybrid Attacks Progressions
Zero-day ExploitSpear PhishingMFA BypassCredential StuffingSunburst
Live off the Land
Industries
Critical National InfrastructureEnergy &
UtilitiesFinanceGovernment/FederalHealthcareHigher
EducationManufacturingPharmaceutical & medicalReal EstateRetail &
WholesaleSoftware & Technology
Telecom
Vectra AI Topics

Customers
Customer Stories
Support Hub
Knowledge Center
Product Releases
Professional Services
Managed Detection & Response Services
Research & Insights
Resources
BlogResource CenterEvents and Webinars
Partners
Become a PartnerPartner OverviewMSSPsTechnology Partners
VARs & Distributors
Partner Portal Login

Company
About UsLeadershipBoard of DirectorsInvestorsBlog
Careers
Contact Us
support@vectra.ai
Headquarters
550 S. Winchester Blvd.
Suite 200
San Jose, CA, USA 95128

Data Processing AgreementTerms of ServiceTerms of UseTrademarksTrust
CenterPrivacy PolicyVectra Ethics Hotline
© 2023 Vectra AI, Inc. All rights reserved.
English
Français
Deutsch
日本語
Español
Italiano
Türkçe




×
This website uses cookies
This website uses cookies to improve user experience. By using our website you
consent to all cookies in accordance with our Cookie Policy. Read more

Strictly necessary

Performance

Targeting

Functionality

Unclassified
Save & Close
Accept all
Decline all
Show details Hide details