Case Study: Global Healthcare Company achieves rapid detection and response to a sophisticated AWS cloud attack with Vectra AI Inc.'s Vectra CDR for AWS

Squashing a Sophisticated Cyberattack at a Global Healthcare Giant

A global healthcare organization running a massive multi-region AWS footprint—thousands of EC2 instances, hundreds of S3 buckets, millions of Lambdas and over 1 million identities—faced a sophisticated cloud attack in late 2021. Their SIEM provided log aggregation but struggled to detect post-exploitation behaviors and generated few usable alerts, leaving the SOC unable to quickly identify or respond to lateral reconnaissance, credential theft, and privilege escalation.

Within two weeks of deploying Vectra CDR for AWS, the platform detected stolen credentials, extensive reconnaissance across seven regions, attempts to disable logging, and privilege escalation efforts that the SIEM missed. Vectra elevated the malicious principal, gave the SOC a consolidated view of all suspicious behaviors (regions, services used, roles assumed), and enabled rapid containment—relegating permissions, quarantining the account and rotating credentials—effectively stopping the attack and exposing persistence attempts the incumbent tooling had overlooked.