KI – NDR
Overview of lateral movements within the corporate environment with AI-based NDR solution from Vectra
The benefits of the cloud are seemingly endless, but from a security professional’s perspective, the speed, scale, and connectivity gained can also open the door for cyber attackers. Nowadays, securing the cloud requires a new way of thinking, which Mirza Baig, IT Security Manager at the Municipal Property Assessment Corporation (MPAC) no surprise is. MPAC provides real estate expertise to provide real estate values, insights and services to taxpayers, municipalities, government agencies and businesses.
Baig and his small but powerful team work as an Amazon Web Services (AWS) shop, which is responsible for securing the information, data and domains of the companies from an operational point of view as well as with regard to compliance and risk management. The team attaches great importance to visibility in your environment by using various security controls to keep an eye on anomalies. That’s why the team opted for the AI-based NDR solution from Vectra AI (Network Detection & Response).
Prevent sideways movement
As an IT security veteran who has only recently started working at MPAC, Baig had to get an overview of the security solutions that the company uses. He was pleased to note that the team had already given priority to eliminating blind spots, which is the key to detecting attackers. One of the solutions the team has already deployed is Vectra Cognito Detect, an AI-driven network detection and response solution. Among other things, this helps MPAC to stop all lateral movements via cloud or enterprise workloads.
“The blind spot that MPAC had before Vectra was the lateral movements within the environment, as there was no good visibility,” explains Baig. Cognito Detect is able to identify attackers who have bypassed preventive tools such as multi-factor authentication (MFA) or endpoint solutions and detect their activities before an attack occurs. Baig adds: “Today we are aware of this and have a really good visibility.“
In addition to detecting sideways movements, Cognito Detect from Vectra AI allows MPAC’s SOC (Security Operations Center) to expand its capabilities with artificial intelligence (AI). This makes it possible to automate the prioritization of threats based on risks and permissions, to prioritize the most risky threats and to investigate behavioral threat signals.
Baig says that in addition to Vectra AI, there are other security controls that make it very difficult for threats to penetrate, but the team appreciates the investigative features that Cognito offers compared to other solutions. “Vectra makes the investigation easy and has an edge over the competition in this area,” he adds.
Small business, large-scale cloud use
MPAC has – for a small business – made AWS an important part of the overall infrastructure strategy. The team is not willing to sacrifice visibility across the entire environment – in AWS or otherwise – if MPAC continues to provide cloud workloads. “We are an AWS shop,” says Baig. “With AWS VPC Traffic Mirroring, Vectra offers us full transparency for our Nitro-based instances.“
“Sometimes we have anomalous activities within AWS or our infrastructure, and Vectra raises the alarm about these activities,” says the IT security manager. He explains that not all detections mean that something malicious has happened, but his SOC team still needs to be informed about it. “This is the case, for example, when a developer updates or changes something that could have an impact on security. If this is the case, my team needs to know in case security controls need to be adjusted.“
Not only is the team kept up to date, but these are also incidents that would otherwise go undetected and could even involve the behavior of attackers. With Vectra, Baig and his team can see more of what’s important, extend their reach as a team with the help of AI, and respond to any emerging threats.
Whether cloud or on-premises – with visibility, every place can be a better place
Of course, new technology environments can bring challenges, especially for security professionals who are busy sifting through alarms and constantly adapting to new or existing threats. The SOC team at MPAC is no different. By using the right security solutions and controls, the team obviously feels safe – and satisfied. “Our entire team is thrilled,” confirms Mirza Baig.