Nation-State Cyberattack Example

Vectra AI vs.
hybrid cloud attack

WAF, MFA, EDR, VPN, SAML — nation-state actors are skilled at evading them all. Vectra AI finds attacks that other tools miss before any damage.

Hybrid-Cloud Attack

In the following event, Vectra AI found the threat in the first moments of the attack. The defenders allowed the attacker to progress to understand the threat better. Vectra AI tracked every action of the attack from network, identity, SaaS to cloud, enabling the threat to be stopped before damage could be done.

The attacker:

Advanced Threat Actor

Advanced payloads
Living off the land techniques
Ransomware tactics

Defenders know:

FictoTech

Advanced Manufacturing Firm
High-value intellectual property in the cloud
80,000 assets and 30,000 employees

Response time

First Vectra Alert

5:02 A.M

Attack Stopped

5:22 A.M

Gain an unfair advantage over hybrid cloud attackers

The secret to stopping hybrid cloud attacks fast? Attack Signal Intelligence™. It's the world's most advanced cybersecurity intelligence — and it powers the only AI-driven threat detection and response platform purpose-built to move at the speed of hybrid cloud attacks.

References in MITRE D3FEND

90%

MITRE ATT&CK coverage

AI threat detection patents

Sharpen your investigation and threat hunting skills

Join our ensemble of security researchers, data scientists and analysts as we share over 11+ years of security-AI research and expertise with the global cybersecurity community. Through our webinars and hands-on labs, you’ll learn how to effectively leverage AI for threat detection and response and expose sophisticated attacks hiding in your environment.

Explore Upcoming Sessions

With Vectra AI, attackers don't stand a chance

Intellectual property. High-value data. Hybrid cloud infrastructure. It all adds up to a lot of vulnerabilities — and makes FictoTech a prime target for nation-state cyberattacks. But with Attack Signal Intelligence from Vectra AI, the company’s analysts easily keep data breaches at bay.

Hidden HTTPS Tunnel

Suspicious Port Scan

Suspicious Port Sweep

Suspicious LDAP Query

RPC Recon

Suspicious Remote Execution

Privilege Anomaly: Unusual Account on Host

Azure AD Suspicious Sign-on

M365 Suspicious Mailbox Rule Creation

Azure AD Suspicious OAuth Application

AWS Organization Discovery

AWS User Permissions Enumeration

Prioritizing Tactics

Attackers progressed toward the cloud, conducting recon along the way.
They located admin accounts, evaded MFA, gained access to Azure AD and AWS and claimed possession of privileged credentials.
With an accurate timestamp and clear threat detections, the analyst caught up to the attacker in real-time.
The infected account was instantly disabled and the host locked down.

Keep cloud attacks from becoming breaches

In this pentest, the initial exploit posed a critical detection challenge. Why? Because IT wasn’t in control of the server. This kept EDR out of play — drivers installed in the proprietary software would’ve interfered with the agent. There were no EDR alerts when attackers bypassed MFA or compromised accounts. Only Attack Signal Intelligence from Vectra AI provided the detections needed.

Download the overview