Cyber threats hide among millions of detections

How does your SOC know which threats are real? Reducing noise is essential, according to Vectra AI. New findings show how prioritizing threats can help.

Vectra AI is today sharing research based on its own platform. The primary goal of this AI solution is to detect threats among the millions of behavioral signals that are not always actually coming from attackers. The company concludes that it removes 99.98 percent of this noise, meaning that SOC teams see only a few cyber threats appear in their dashboards each day on average.

More than just hype

The research shows what modern cyber threats look like for different Vectra AI users. For example, 48 percent of malicious entities at Vectra’s MDR/MXDR customers originate from Azure Active Directory. The most common threat consists of non-privileged users, i.e., an external attacker attempting to access data or a compromised identity using more privileges and access than previously measured.

It is striking that specific custom detection rules are extremely helpful. Roughly 5 percent of additional detections or escalations originate from targeted rules that are unique to an organization. Think of a utility company that only exfiltrates data from a specific system after downtime, something that should immediately raise alarm bells if no outage or maintenance has taken place. There are plenty of examples, but the point is that your own organization is just that little bit better protected if you carefully check which actions are normal and which are indicative of malicious activity.

Deep visibility

Naturally, Vectra AI recommends removing the noise. But the company also argues that organizations need to pay attention to what it calls Pervasive Threat Detection. Azure AD compromises are not easy to detect, and endpoint security alone is not enough. Deep visibility is needed to detect an identity threat before it is too late.

Prioritization must be automatic in any case, as is clear from the millions of detections generated by security tools. Even if it’s all about Indicators of Compromise (which is never really the case with so many reports), a person within a SOC cannot investigate this on their own. Funneling is needed, that much is clear.

Cyber threats hide among millions of detections

More than just hype

Deep visibility

Stay tuned, subscribe!

Slack is evolving into a work operating system

Intel to fire 24,000 employees, no new factories in Europe

Microsoft commits to European AI language models

HPE Aruba Networking's new agentic AI approach to networking (and security)

Better servers and storage have direct impact on wine sales and marketing

"AI puts process modeling on steroids", SAP's Dee Houchen on business process management

ServiceNow goes after the mid-market with its AI-based Core Business Suite

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

How organisations can remain compliant while building resiliency during the AI era

GITEX DIGI_HEALTH 5.0 - Thailand

IT Arena

Innovation Week 2025

Luxembourg Venture Days

Appdevcon

Webdevcon

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices