惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
AI
AI
博客园 - 三生石上(FineUI控件)
腾讯CDC
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Y
Y Combinator Blog
大猫的无限游戏
大猫的无限游戏
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网
NISL@THU
NISL@THU
S
Schneier on Security
T
Threatpost
T
Tenable Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
宝玉的分享
宝玉的分享
T
Tailwind CSS Blog
C
Cybersecurity and Infrastructure Security Agency CISA
P
Privacy & Cybersecurity Law Blog
I
Intezer
Microsoft Azure Blog
Microsoft Azure Blog
月光博客
月光博客
T
Threat Research - Cisco Blogs
SecWiki News
SecWiki News
AWS News Blog
AWS News Blog
博客园 - Franky
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Proofpoint News Feed
V
V2EX
Recorded Future
Recorded Future
Microsoft Security Blog
Microsoft Security Blog
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
MongoDB | Blog
MongoDB | Blog
Apple Machine Learning Research
Apple Machine Learning Research
Project Zero
Project Zero
PCI Perspectives
PCI Perspectives
G
GRAHAM CLULEY
Help Net Security
Help Net Security
Cloudbric
Cloudbric
Recent Announcements
Recent Announcements
V
Visual Studio Blog
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
C
CERT Recently Published Vulnerability Notes
The Cloudflare Blog
Forbes - Security
Forbes - Security
C
Cisco Blogs
O
OpenAI News
www.infosecurity-magazine.com
www.infosecurity-magazine.com

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered? AI Agents: What Do They Mean in Cybersecurity?
Vectra AI
Zoey Chu · 2026-05-28 · via Vectra AI Blog

Vectra AI recently released its 2026 State of Threat Detection and Response report, which follows the theme “Resilience in the AI Era.” The initial question I had when we decided to run with that theme for the report was, what specific findings in this year’s report reveal insights about resilience in 2026?

To answer that, first I think we need to determine what we mean by “resilience” or in this case, cyber resilience. It’s a term that gets thrown around a lot and I think the way it gets talked about is generally within similar context and meaning, however, it always seems like “resilience” this thing we strive for or hope to achieve some day. And in cybersecurity, I don’t think we’re ever done trying to achieve cyber resilience. We can certainly take steps to help our networks become more resilient, like gaining an understanding of our risk exposure or speeding up processes so we can react faster to threats — but then a new threat or vulnerability comes along and we’re no longer resilient until we’ve addressed it.

It’s the same in life. You can take all the rights steps to make sure you are healthy or your house is protected, and then you adopt a new pet. All of a sudden your curtains are shredded and your baseboards are missing and you had no idea that your home wouldn’t be resilient to such an innocent creature.

To me, resilience is our ability to recover, rebound, or just get back on our feet and stay running or functional when incidents happen. Our networks are no different. And today’s networks just happen to include risks that move at AI speed, in fact cyberattacks are 65% faster because of AI according to a report from CrowdStrike.

What is the State of Threat Detection and Response in the AI era?

Free download: 2026 State of Threat Detection and Response: Cyber Resilience in the AI Era

Since we’re in the AI era, shouldn’t we just ask ChatGPT?  

It would come back with something like, “the state of threat detection and response in the AI era is a race between AI-powered attackers and AI-augmented defenders, where success depends on detecting behavioral attack signals across identity, cloud, and network before attackers can move laterally.”

However, we should ask the defenders who live it every day for the real details about what’s actually going on inside their networks. Which is exactly why we continue to publish the State of Threat Detection and Response report. This year, 1,450 practitioners provided responses on everything from how often important security tasks get put aside, whether tools are effective, AI usage and its impact, visibility into hybrid and multi-cloud environments as well as other areas. Let’s take a look at what defenders are saying about some of the areas that directly impact their ability to be resilient.  

Risk exposure: who and what is on the network?

One of the questions we’ve asked defenders in each of the three years that Vectra AI has published this report, is: how would you rate your visibility into various hybrid environments?

It’s not just that defenders lack full visibility into their environments, when you also look at the number of tools they use for threat detection and response to cover these environments, 39% of them are juggling over 20 tools. Cyber resilience requires visibility into networks and we’re not seeing much improvement, if any, from year to year, which signals that not all defenders know who and what is on their network. In fact, 37% believe an attacker may have already compromised their organization without them knowing. Is this in part because of how many tools are being used, that noise remains an issue, or that visibility appears fragmented across too many telemetry streams?

Do defenders know what behaviors indicate risk?

Across the surveyed audience of defenders, 44% admit they are losing the battle when it comes to prioritizing real threats.  

When looking across the data, you start to see some reasons why, and perhaps the biggest reason has to do with detection latency?

In addition to the 2.5 hours defenders spend on alert triage each day, 71% said they put aside important security tasks at least two days per week, and they can only deal with just over a third of the alerts they receive each day. It’s hard to imagine that the latency in this scenario is helpful in knowing what risky behaviors exist on a network.  

Where to improve network security posture?

We asked defenders what matters when evaluating solutions. 72% named risk reduction, compliance alignment, and measurable operational effectiveness. Compliance is the obvious one being that cybersecurity teams often play a central role in how controls meet regulatory requirements, and although the report doesn’t go too deep into any of these areas, there are some related takeaways.  

We’re continuing to see defender sentiment toward security vendors show little improvement.

Can we tie “measurable operational effectiveness” to vendor sentiment? Maybe not directly, but defenders are showing that they want to be able to prove effectiveness of their solutions, while they don’t necessarily believe vendors are holding up their side of the bargain.  

However, 67% agree that the implementation of AI-powered tools are making a positive impact on the ability to identify and deal with threats. The same thing here; this doesn’t necessarily tie to “risk reduction,” but defenders are expressing where they believe positive improvements are happening.  

Is cyber resilience lagging?

Defenders report an increase in confidence. For example, 37% believe an attacker may have already compromised their organization without them knowing — a percentage that is down from 51% just last year. And defenders are reporting an overall positive experience using AI in the SOC, in fact 87% expect to use more AI tools next year to replace legacy threat detection and response tools. Defenders also want AI to handle tasks such as alert triage and investigation duties, which could lead to improvements in detection latency challenges, but AI alone won’t magically make organizations more resilient, defenders will.  

Based on what the report is telling us, yes, cyber resilience is “lagging” in certain areas, especially considering risk exposure exists and threat prioritization remains a challenge. Too many alerts still go unaddressed, too many visibility gaps, too many tools and vendors that aren’t up to the task, but we aren’t telling defenders anything they don’t know — they’re the ones already working to address the never-ending exposure, risks, and posture challenges.  

Download the 2026 State of Threat Detection and Response report, today.