AI-driven priortization FAQ

What is AI-driven Prioritization?

AI-driven Prioritization is an enhanced scoring algorithm that highlights the most critical threat in a customer's environment in a clear list of actionable entities that have been prioritized with a single Urgency score.

Does this fully replace Vectra's Threat and Certainty based scoring?

For users of Vectra's Respond UX, AI-driven Prioritization replaces previous Threat and Certainly based scoring. API clients can retrieve scoring based on the older Threat and Certainty based model or use the newer AI-driven Prioritization that offers a single Urgency score.

How can I access AI-driven Prioritization?

• AI-driven Prioritization is available for users of Vectra's Respond UX.

• If you are using Vectra's Quadrant UX, AI-driven Prioritization is not available.

• If you are uncertain of which UX you are using, please see Vectra Analyst User Experiences (Respond vs Quadrant).

Why did Vectra change scoring models?

• In the previous model, Host and Account entity scoring was tracked in separate dashboards.

• Moving to AI-driven Prioritization is the groundwork for a unified view of all entities scored by Vectra.

  • Vectra's Respond UX supports both host and account entities today.

  • This new scoring model is extensible to incorporate additional attack signal sources in the future.

• AI-driven Prioritization provides a simpler mechanism for customers to understand which entities need attention at any given moment.

  • It provides laser like focus on what is important.

  • It removes ambiguity by providing a binary prioritized or not status that cannot be misinterpreted.

• The new scoring model takes into account additional factors based on Vectra's careful combination of Data Science and Security Research.

  • Some additional scoring factors are calculated automatically by Vectra based on the environment that it is observing.

  • It also allows customers to influence entity context that is weighted in the model.

• Customers can now choose to modify the default Urgency score that determines which entities are prioritized.

  • Customers may wish to do this based on how sensitive they wish the threshold to be in their environment.

Will AI-driven Prioritization impact API driven integrations that I've already completed using the prior scoring model?

No, the older Threat and Certainty based scoring model will still be available via Vectra's API so any existing integration will still function as designed today. Customer's may wish to update their integrations to benefit from the enhancements introduced with AI-driven Prioritization. At this time, there is no EOL scheduled for the Threat and Certainty based scoring model being available via API.

How does the new scoring model work?

While the precise details are proprietary we will speak in general terms about how the model works:

• Individual attack behaviors (Detections) are assigned to entities involved in the behaviors.

• Those behaviors will also have Breadth, Velocity, and Attack Profiles associated with them.

  • Breadth - How different the detections are on the entity (an account with only Recon detections will have a lower Breadth score than an account with Recon, Lateral, Exfil, etc detections).

  • Velocity - How quickly detections are happening on the entity.

  • Attack Profile - Different patterns of behavior can be associated with different profiles of attack. Some patterns may look like an external adversary, insider threat, etc.

• Different behaviors will also have differing Attack Signal Ratings within the model. This refers to how Vectra rates the quality of signal associated with different behaviors. Some behaviors are noisier than others for example.

• Combining all of the above will give an Attack Rating but that is not the end.

• Added context from Vectra learnings or customer input will also be considered. Some examples:

  • Privilege levels of accounts are automatically calculated by Vectra.

  • Customers can assign Low, Medium, or High importance to account groups.

• Taking all of the above into consideration, AI-based Prioritization will produce a single Urgency score for the Entity.

AI-driven Prioritization will continue to evolve over time, adding additional scoring factors, entity types, etc.

How do I turn on or off AI-driven Prioritization?

There is no ability to turn on or off AI-driven Prioritization.

Do I need a new license to use AI-driven Prioritization?

No, this is a standard feature of the Vectra's Respond UX that is available with any license to use the platform.