惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cloudbric
Cloudbric
Schneier on Security
Schneier on Security
V2EX - 技术
V2EX - 技术
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
O
OpenAI News
S
Security @ Cisco Blogs
Scott Helme
Scott Helme
Security Archives - TechRepublic
Security Archives - TechRepublic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
T
Threatpost
Hacker News: Ask HN
Hacker News: Ask HN
Microsoft Azure Blog
Microsoft Azure Blog
Know Your Adversary
Know Your Adversary
博客园 - 三生石上(FineUI控件)
A
About on SuperTechFans
Forbes - Security
Forbes - Security
NISL@THU
NISL@THU
Security Latest
Security Latest
G
Google Developers Blog
D
Docker
T
Threat Research - Cisco Blogs
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
H
Help Net Security
B
Blog
Martin Fowler
Martin Fowler
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
Lohrmann on Cybersecurity
Y
Y Combinator Blog
PCI Perspectives
PCI Perspectives
F
Fortinet All Blogs
MyScale Blog
MyScale Blog
Project Zero
Project Zero
爱范儿
爱范儿
Cisco Talos Blog
Cisco Talos Blog
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
人人都是产品经理
人人都是产品经理
V
Vulnerabilities – Threatpost
P
Proofpoint News Feed
Cyberwarzone
Cyberwarzone
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
N
News | PayPal Newsroom
Recorded Future
Recorded Future

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered? AI Agents: What Do They Mean in Cybersecurity?
Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs
Zoey Chu · 2025-11-05 · via Vectra AI Blog

A few weeks ago, my colleague and I discussed how Cognitive Load Theory applies to cybersecurity in a recent blog. The key takeaway from that discussion is that Vectra AI aims to design our user interface and workflow to minimize cognitive load and optimize information processing. Examples of how we have been doing that on the Vectra AI Platform can be seen in our Hunt page or Respond module.  

Now, we’ve recently launched a new feature on the Vectra AI Platform that not only speaks to the Cognitive Load Theory, but also optimizes, streamlines, and accelerates attack and threat investigations for the modern security analyst. Vectra’s Attack Graphs is an integral part of protecting the modern network and is Vectra AI’s answer to the complexity of modern attacks.  

Introducing Attack Graphs

Vectra AI’s Attack Graphs is a feature in the Vectra AI Platform that visualizes detections associated with a prioritized entity or entities spanning across the entire modern network, mapped to a timeline.  

Vectra’s Attack Graphs take suspicious behaviors that represent malicious activity across multiple attack surfaces (I.e. multiple entities) and focuses it into a visualization that tells this full picture of a modern attack. It allows analysts to answer fundamental questions for investigating threats:

  1. Where did this attack come from?
  1. What's the impact of this?
  1. What was the order of events?

Vectra’s Attack Graphs answers these three questions by taking the detections and information gathered by the Vectra AI network, cloud, and identity technologies and consolidating them into a tree or hub view. The lines that connect each node, which represents a domain, account, server, host, or item, paint the picture of how a modern attacker utilizes each part of the modern network to conduct suspicious activities elusively and deep within modern networks.  

The Vectra AI Platform offers three forms of visualizations: a tree view, a timeline view, and network-like view we call “attack graph.” These views ensure that analyzing the visualization will fit seamlessly into any analysts’ workflow.  

With Attack Graphs, modern security teams can:  

  • Assess breadth of attack and its impact on AI prioritization.  
  • Visualize attack progression across networks, identities, and clouds.  
  • Trace threats back to the original actor for quicker response.
  • Gather all the critical information about the prioritized threat in a single and simple pane of glass.  

Gathering the above information in a timely manner that optimizes cognitive load is essential to rapidly and effectively investigate and respond to modern threats.  

Accelerating investigations with Vectra’s Attack Graphs – a Multi-Domain Attack

Picture 1195318661, Picture

Tree View of Vectra’s Attack Graphs

In this example, we have our “marketing-collab” server with each prioritized alert visualized on a tree view of the attack graph. We automatically focus on the item that is prioritized in Red which ranks as High following Vectra’s Urgency Scoring.

The first question we’ll ask is, “where do they come from?” In this case, the prioritized entity has been targeted with a hidden HPS tunnel out an external domain called “minutemen.vault-tech.org.” With this, we immediately know that this could be patient zero or the initial source of the attack.  

Picture 951874808, Picture

An external domain is identified as the origin of the attack.

The next question we want to ask is “what else happened?” To investigate that, we follow the branches of the tree view to dive deeper into the attack. We can see the attacker conducted RPC Recon, Kerberoasting Targeted Weak Cipher, suspicious LDAP querying up to a domain controller “10.232.100.32,” and a suspicious remote execution. This remote execution was attempting a lateral movement to another account “jump-station5,” which has been prioritized as Medium on the Vectra Urgency Score.

Picture 912921233, Picture

RPC Recon activity

Picture 1231382161, Picture

Kerberoasting: Targeted Weak Cipher activity

Picture 1022428936, Picture

Suspicious LDAP Query to a domain controller

Picture 124098561, Picture

Suspicious Remote Execution to account ”jump-station5”

The next step in our investigation is to look at the detections from a different angle. We can select the “attack graph view” where we can get more a modern network view of the attack.

Picture 189194360, Picture

Toggling to the Attack Graph view

This view gives us more clarity, specifically with the ability to move items around and see multiple items targeting one another.

Picture 663976917, Picture

Attack Graph view of marketing-collab-server0

Here, we can see that there are multiple detections targeting that domain controller or that  “jump-station5” account, including RPC Recon or LDAP Query. The next part of the investigation is to understand the progression of the attack over time. We want to answer the question of “what was the order of events that happened? “ or “how did this attack develop?” This can be swiftly answered by pressing the play button on the Attack Graph, and the diagram will clearly show you where and when each detection occurred and how quickly the attack progressed through our environment.

Picture 474904408, Picture

Attacker behavior at time 22:15

Vectra’s Attack Graphs showcases critical information for thorough investigations in one simple view, streamlining the process for security analysts by depicting exactly what happens in an environment, reducing time spent investigating alerts by 50% (Source: 2025 IDC Business Value of Vectra AI Report). In this example, we were able to fully understand the breadth of the attack within minutes and understand the impact on threat prioritization immediately. Vectra’s Attack Graphs provides clarity into what kind of response an analyst might need to perform.  

For more information Vectra’s Attack Graphs, please view our podcast.  

To see Vectra’s Attack Graphs in action, please schedule a demo with us.