惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
Engineering at Meta
Engineering at Meta
The Register - Security
The Register - Security
N
Netflix TechBlog - Medium
D
Docker
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
月光博客
月光博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
DataBreaches.Net
IT之家
IT之家
V
V2EX
人人都是产品经理
人人都是产品经理
F
Fortinet All Blogs
J
Java Code Geeks
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
雷峰网
雷峰网
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
MongoDB | Blog
MongoDB | Blog
P
Privacy International News Feed
F
Full Disclosure
P
Proofpoint News Feed
B
Blog RSS Feed
T
Tor Project blog
T
The Blog of Author Tim Ferriss
B
Blog
Webroot Blog
Webroot Blog
腾讯CDC
T
Troy Hunt's Blog
T
Tailwind CSS Blog
H
Heimdal Security Blog
AWS News Blog
AWS News Blog
G
Google Developers Blog
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
A
About on SuperTechFans
SecWiki News
SecWiki News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
I
InfoQ
M
MIT News - Artificial intelligence
大猫的无限游戏
大猫的无限游戏
美团技术团队
L
LangChain Blog

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered? AI Agents: What Do They Mean in Cybersecurity?
Vectra AI
Zoey Chu · 2026-05-28 · via Vectra AI Blog

If you ask security analysts to describe the biggest pain points in their role, you will no doubt get a diverse set of answers.  One thing that they will almost certainly have in common is the challenge of dealing with alert fatigue.  We’ve observed that challenges in this area come down to three analyst pain points:

  • “There aren’t enough hours in the day to deal with the alert volume on my plate.”
  • “I am unable to efficiently use my time because I cannot distinguish between the false and true positives.”
  • “I’m worried that I will miss a real attack because the signal is buried in the noise of my legacy solution.”

There are many reasons for the pain points described in legacy security solutions, but they largely boil down to:

  • Simplistic, condition-and-anomaly matching creates false positives.
  • An inability to leverage the context clues on the network to improve efficacy.
  • A focus solely on detections, and not how to efficiently organize them so that an analyst can focus on the things that actually require their attention.

A better way for security analysts:

From day one, Vectra AI has built detections to eliminate the likelihood of false positives by empowering algorithms with context from the modern network.  Where traditional network security products might look simply for a pattern, or statistical anomaly without context, Vectra AI designs our detections to leverage context from the network and identify anomalies just like a security analyst would.  

For instance, our Smash and Grab Exfil detection will learn what data movement is normal on a subnet-by-subnet basis, factor in sites that are popular in your environment, and look for anomalous outbound flows of data, even in encrypted channels. Vectra AI further correlates the detections across host and account entities, learning the archetype and identifying each object, and then prioritizes detections for analysts in an actionable, stack ranked fashion.  This dramatically simplifies the effort it takes to operate Vectra AI compared to competitors who are simply generating detections and leaving it to the analyst to discern the meaning.  

But there was still one area we weren’t entirely satisfied with, dealing with true positives.  That's because not all true positives are malicious. You might also reliably detect activity where the behavior is as the system says it is; in the context in which an event is happening, it may be a benign true positive rather than a malicious true positive.   For instance, some anti-virus products embed file hash lookups within DNS lookups to the AV Vendor.  This behavior may look very much like a Command-and-Control channel encoding data within the DNS payload, and that’s because it is.  But the fact remains that while this is a true DNS Tunnel, it is not malicious, but rather benign.  Our philosophy has been that we will provide visibility into these high-quality detections of attacker behaviors and methods, but balance this by only prioritizing high confidence, correlated, detections at a host or account level to the user for attention.

This got us thinking, is there a way that we could apply some of the same techniques that we use to power our world-class ML/AI algorithms to help differentiate between malicious and benign true positives?  The goal was to largely eliminate the need for our customers to analyze benign true positives while prioritizing malicious true positives for their immediate attention.  Thus AI-triage was born.

Similar to our process for creating our detections, we added AI-triage capabilities by first analyzing the methodology that real-world analysts apply to resolve these issues.  We then trained our ML/AI system to help automate the resolution of the highest confidence scenarios.

How AI-Triage works:

Inherent to the Vectra AI Platform, AI-triage works by automatically analyzing all of the active detections in the system, leveraging the context from individual detections, as well as commonalities between detections to look for instances of benign true positives that we can automatically triage on behalf of the customer.   For instance, if we see dozens of endpoints all generating the same hidden HTTPS Tunnel detection to the same destination, over at least 14 days without other indicators of compromise, we can confidently identify this as a benign true positive.  AI-triage will then automatically create a triage rule on the customers' behalf, without requiring any valuable time from the analyst.  Should an analyst want to review it, the activity is still available within the platform, but does not require any analyst action, and does not impact the host or account score.

We’ve observed that AI-triage reduces overall detections that an analyst would otherwise need to investigate by over 80%, meaning that more time can be spent focusing on events requiring analyst attention.

One-Click Deployment

Now that you know all the benefits AI-triage offers, you will be pleased to know that you can activate the capabilities with just a single click.  AI-triage requires no tuning or administration whatsoever from the customer.  You can enable it, by simply going to Settings -> AI-triage, and enabling the feature at which point AI-triage will begin running in the background to identify high confidence benign true positive detections and triaging them for you.  

In 30 days since its release, over half of our customers have already turned on AI-triage. We’re seeing a substantial reduction in benign true positives for the vast majority of customers.  But, this is just the beginning of our journey to make security analysts more efficient.  We will be extending AI-triage capabilities to cover new scenarios and other products in our portfolio in upcoming releases.

If you’d like more information on AI-Triage, check out our "AI-Triage in Detail” KB article:  https://support.vectra.ai/s/article/KB-VS-1582

For more information about Vectra’s world class ML/AI detection check out: https://support.vectra.ai/s/article/KB-VS-1285