惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

www.infosecurity-magazine.com
www.infosecurity-magazine.com
D
DataBreaches.Net
T
Tailwind CSS Blog
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
F
Full Disclosure
V2EX - 技术
V2EX - 技术
N
News and Events Feed by Topic
Help Net Security
Help Net Security
L
LangChain Blog
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
Google Online Security Blog
Google Online Security Blog
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Blog of Author Tim Ferriss
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
B
Blog RSS Feed
N
Netflix TechBlog - Medium
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
V
Vulnerabilities – Threatpost
B
Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园_首页
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
AI
AI
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cyberwarzone
Cyberwarzone
P
Proofpoint News Feed
Google DeepMind News
Google DeepMind News
G
GRAHAM CLULEY
Vercel News
Vercel News
罗磊的独立博客
MyScale Blog
MyScale Blog
Last Week in AI
Last Week in AI
博客园 - 司徒正美
C
CERT Recently Published Vulnerability Notes
GbyAI
GbyAI
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
A
About on SuperTechFans
P
Privacy International News Feed

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered? AI Agents: What Do They Mean in Cybersecurity?
Vectra AI
Zoey Chu · 2026-06-06 · via Vectra AI Blog

I’m a simple thinker, so let me start simple.

As security leaders, we all share the same three truths:

  • We want to keep our people and our brand safe.
  • Our biggest pain is uncertainty.
  • We need to stop breaches.

That’s it. Three human truths that cut through the noise of vendor slides, analyst reports, and product pitches.

But here’s the problem: our modern networks have outgrown our old ways of thinking, while attacks happen at AI speed.

The Modern Network = One Giant Attack Surface

Once upon a time, the “network” was a data center and some offices. You had a perimeter. You built a moat. You threw EDR at endpoints to keep attackers out.

That world is gone.

Today’s modern AI enterprise is hybrid, borderless, and sprawling:

  • Data centers and cloud workloads.
  • SaaS platforms and collaboration tools.
  • Identities – human, machines, AI agents.
  • Remote workers and SASE.
  • IoT and OT that were never built with security in mind.

Attackers don’t look at this chaos and see silos of endpoints, cloud, or identity. They see one giant, connected attack surface. And they have one simple objective: get on your network. Now, they can do it at AI speed.

The Attackers’ Pitchfork

Here’s the kicker: attackers don’t need a sophisticated arsenal to make it happen. They’ve mastered three prongs of what I call the Attackers’ Pitchfork:

  • Disable your controls.
  • Avoid your defenses.
  • Fool your tools.

That’s it. With this pitchfork, they can bypass endpoint prevention, slide past EDR, and operate inside your hybrid environment undetected.

If you think that sounds dramatic, let’s look at the data:

  • 50% of major breaches in 2025 involved attackers bypassing endpoint controls.
  • 40% of breaches spanned multiple domains — endpoint, network, cloud, and identity combined.
  • Aaccording to CrowdStrike, the average time from infiltration to lateral movement is 48 minutes.
  • And now, attackers are automating large parts of the attack path.

So, I’ll ask the obvious: if attackers can disable, avoid, or fool your EDR in under an hour, are you really safe?

Why the Signal is Bad

If you’re a SOC analyst, you already know the answer. We’ve invested in strong stacks:

  • Firewalls, IDS/IPS on the network.
  • IAM, PAM, MFA on identity.
  • CASB, CSPM in the cloud.
  • EPP, EDR on endpoints.

All solid. All necessary. But also… all siloed. Each tool generates alerts. Each adds noise. Analysts drown in false positives. And the “signal” we need to catch real attacks gets buried. The result? Uncertainty.

We’re told to think in terms of multiple attack surfaces. Attackers don’t. They think in terms of one. And if their objective is to get on your network and their path is to get an identity, then shouldn’t our attack signal be rooted in network + identity?

Safety Has Two Sides

Remember the human truth? We want safety. But safety has two sides:

  1. Pre-compromise resilience: stopping attackers from getting in. (That’s EDR.)
  2. Post-compromise resilience: stopping attackers already in. (That’s NDR and identity.)

EDR is essential. No question. But it’s not infallible. The pitchfork proves that. NDR and identity detections cover what EDR misses:

  • Lateral movement across east-west traffic.
  • Credential abuse in cloud services.
  • Ransomware precursors in IoT and unmanaged devices.
  • Abnormal behaviors that don’t trip a signature but scream “attacker.”

It’s not theory. Healthcare CISOs have done it to protect patient safety. Retailers have done it to secure POS and IoT. Manufacturers have done it to defend supply chains. The outcomes? Visibility they didn’t have. Noise reduction they couldn’t imagine. And speed they desperately needed.

Post-compromise Signal at Speed is Everything

Because here’s the other ugly truth: defenders are slow. Research shows it takes defenders, on average, 292 days to identify and contain an attack. Meanwhile, attackers need less than an hour to move laterally. Why? Because speed is hard.

  • Research.
  • Monitor.
  • Correlate.
  • Triage.
  • Alert.
  • Escalate.
  • Investigate.
  • Respond.

Rules-based systems can’t keep up. Analysts can’t scale. The workload is crushing. Only AI makes speed achievable — by automating correlation, triage, and prioritization. By turning noise into narrative. By giving analysts attack signal at the speed attackers operate.

The Forward-Thinking CISO

So here we are. Modern networks, modern attacks, modern problems.

Forward-thinking CISOs aren’t buying more tools to throw at the wall. They’re shifting the foundation of their resilience strategy:

  • From siloed signals to unified network + identity signals.
  • From static prevention to assume compromise.
  • From rules and noise to behavioral AI that delivers clarity and speed.

Because stopping breaches isn’t about perfect prevention anymore. It’s about resilient detection and response once attackers are in.

My Simple Thinking

I said I’m a simple thinker, so let’s end simple. We are human. We want safety. We feel pain in uncertainty. We need to stop breaches. Our ability to be resilient comes down to 3 things: Observability + Signal + Control.

  • Observability: Network + Identity + Cloud + Endpoint together.
  • Signal: attack signal rooted in network and identity, not siloed tools.
  • Control: AI-driven speed that flips the script on attacker advantage.

That’s how forward-thinking CISOs are neutralizing the Attackers’ Pitchfork.

Final Thought: Why Network and Identity Security are the Future

The modern network is borderless. The attackers’ pitchfork is simple but deadly. EDR alone isn’t enough. So ask yourself: is your attack signal rooted where attackers actually operate — in the network and with an identity? Because that’s where safety, certainty, and resilience live.

Sources:

  • Gartner SRM London presentation: EDR Isn’t Enough – Building Modern Attack Resilience with Network + Identity
  • Verizon, CrowdStrike, IBM, Mandiant, Zscaler, Cisco, Palo Alto — breach and endpoint protection failure data
  • CrowdStrike 2025 Global Threat Report — average 48 minutes from infiltration to lateral movement
  • Vectra AI, State of Threat Detection and Response – The Defenders’ Dilemma (2024, 2023) — SOC analyst pain points, uncertainty, and signal clarity challenges