Video: 10 Minute IT Jams - Who is Vectra AI?
Cyber threats are changing fast. Companies are racing to keep up.
Chris Fisher, Head of Security Engineering at Vectra AI, knows this better than most. His company specialises in detecting and stopping cyber attacks – especially those targeting modern cloud and enterprise systems.
Founded in 2010, Vectra AI set itself an ambitious task: to harness artificial intelligence and machine learning to catch attacks as they happen and help security teams act before real damage is done. "We're very heavily focused in the NDR category – that's network detection and response," Fisher explained during an interview. "It's an area we've been working in for quite a long time."
The company's journey began with a simple question: how could they reduce the time an attacker stays undetected inside a network, known as dwell time? "The challenge we were looking to solve was how do we reduce the attack dwell time inside of an organisation," he said. "We wanted to do it without introducing large amounts of noise into the modern environment."
Reducing noise for security teams is crucial. Today's security operations centres face a deluge of information, with analysts struggling to separate genuine attacks from routine network activity. "All the customers I speak to – just about everyone is saying they're getting so much information coming into that SOC, that they're struggling to keep up with what is noise and what is a genuine attack," Fisher said. Attackers exploit this, using the complexity of modern cloud and software-as-a-service environments to their advantage.
Vectra AI's answer is a distinctive mix of approaches. They combine supervised and unsupervised machine learning, with a four-layer neural network under the bonnet to spot threats across networks – whether on-premise or in the cloud. "We really want to be able to help an analyst pinpoint where the challenge is inside an organisation – find that really critical host or critical account and allow them to start their investigation from there," Fisher said.
AI and automation are key. But, as Fisher pointed out, "It's not about replacing head counts. It's about how do we help an analyst identify, pinpoint and really cut down that dwell time, and stop an attack in its early stages before it causes a real problem."
One seismic shift for the industry arrived with the COVID-19 pandemic. Suddenly, businesses had to accelerate digital transformation plans. "The trend was all around digital transformation," Fisher said. "People had three, four, five-year projects… the pandemic squished that down to six months." As companies rapidly migrated to the cloud, the challenge became clear: "How do we do this securely and how do we do it in a way that makes sense?"
Vectra's response has focused on understanding new forms of attacks and the unique vulnerabilities of cloud-based services – from business-critical apps to email platforms. Fisher referenced recent incidents involving high-profile government breaches enabled by malicious applications, underscoring the scale of the problem for both public and private sectors.
Modern cyber attacks no longer confine themselves to one environment. "We're seeing ransomware specifically starting to pivot around in some of these environments," Fisher observed. "We're seeing that hop from Office 365 to on-premise and vice versa. So having that single view to be able to identify what's happening in the environment is crucial."
For Vectra, the game-changer is behavioural analytics. Instead of chasing after every new variant of malware, their technology tracks attacker behaviour – which is much harder for criminals to modify. "From an attacker's standpoint, the tools, the infrastructure they use – it's really easy to change. But their behaviour is not easy to change," Fisher said. "That's why we focus on behaviour, because it really gives us the long tail in terms of detection capability and helps us move forward."
This "end-to-end story" helps answer the questions every board wants to know after an incident: how did it happen, what did the attackers do, where did they go, and are they still inside? As Fisher put it, "We really want to make sure that we can provide that end-to-end visibility and piece that all together for an organisation to do it incredibly quickly… in the attack life cycle, time is really the key element."
Locally, Vectra established a direct presence in Australia and New Zealand in 2019, responding to growing demand. "We actually have all functions currently sitting in ANZ," said Fisher. That includes sales, marketing, support engineers and customer success teams focused specifically on helping regional clients get the most out of their security investments.
He described Vectra's focus on customer outcomes as a driving force. "It's not just about the sale, it's about how do we operationalise this technology and how do you get the best out of it," he said. "We have a really robust customer success programme, which is designed for that continuous improvement."
Support is also local and always available. "If something were to occur, a customer can always pick up the phone and say hey, we need some help, an additional set of eyes on glass," Fisher explained. "We have all of our functions here, all available in time zone."
For would-be customers or partners interested in engaging, Vectra AI puts great emphasis on its channel and reseller ecosystem. "We spend a lot of time with our reseller community ensuring that they're skilled up – we put a lot of investment in our channel to make sure that we have local resources with the skillsets that are able to help out our customers," Fisher said.
Cyber threats will only get more complex. For Fisher and his team, the mission is simple but vital: make life easier for defenders, and much harder for attackers. As he concluded, "Any learnings that we receive around the globe, we're feeding that back into that partner community."