MDR on Vectra AI Platform: NDR + ITDR with entity-based prioritisation.
The Fortgale European SOC 24·7·365 on the Vectra console. AI prioritisation per entity (host · account · identity), <30 min median containment, response via native integrations.
Vectra AI sensor activeEndpoint · cloud · identity telemetry
Vectra AI
◎
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
◇
Multi-domain AI tier-zeroNoise reduced >90% by day 30
Fortgale
⚡
Native Vectra AI responseHost isolation in seconds
Live
◈
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live, Vectra AI + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Vectra AI Platform
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Vectra AI
Network + identity AI detection, governed by senior analysts.
Vectra AI is Gartner Leader for NDR + ITDR. Particularly strong on lateral movement and identity-based attacks. Fortgale operates it with European analysts who know the European actor TTPs leveraging these vectors.
01 ·
Vectra AI · NDR + ITDR + cloud
AI-driven detection on network, identity (AD/AAD), cloud (AWS, Azure, M365). Per-entity prioritisation reduces alert volume by 80%. Strong on lateral movement, Pass-the-Hash, Golden Ticket, AAD compromise. Fortgale delivers detection and response on the platform modules Vectra NDR · Vectra ITDR · Vectra CDR.
02 ·
European SOC 24·7·365
L2/L3 analysts specialised on identity attacks. Triage <15 min on Vectra alerts. Custom rules for European environments. 34,000+ IoCs per week applied as Watchlists.
03 ·
Cross-tool response + IR
Containment via Vectra integrations: EDR isolation, AD lockout, firewall block, AAD revocation. Direct escalation to Fortgale IR. Full NIS2 national CSIRT notification support.
How it works · architecture
Four blocks, one MDR cycle on Vectra.
From Vectra sensor ingestion to cross-tool response, all governed by Fortgale with European analysts and proprietary CTI on European markets.
01 ·
01 · Ingestion
Vectra sensors active
Network sensors (NDR), AD/AAD integrations (ITDR), cloud (AWS, Azure, M365). Telemetry on Vectra Cloud + Fortgale data fabric for cross-customer correlation.
02 ·
02 · Tier-zero
AI prioritisation per entity
Vectra AI scores risk per host, account, identity, not per alert. Fortgale tunes scoring on European context. False positives reduced by 80%.
03 ·
03 · Analysts
Our L2/L3 on the console
European SOC specialised on identity-based attacks. Triage on entities, attribution to actor (Scattered Spider, APT29, FIN12). Decisions in your business language.
04 ·
04 · Response
Cross-tool + IR
Containment via Vectra integrations: EDR isolation, AD lockout, firewall block, AAD revocation. Direct escalation to Fortgale IR for critical incidents.
Proof · service metrics
Four numbers that hold MDR on Vectra AI up.
Metrics measured on real customer telemetry, Q1 2026, updated quarterly.
<30 min
Median containment from confirmed Vectra alert
80 %
Volume reduction via entity prioritisation
NDR+ITDR
Network + identity + cloud unified
10 days
Full onboarding Vectra AI Platform
The problems MDR must solve
Five reasons Vectra AI alone is not enough.
The platform produces telemetry. What is missing is the people who read it around the clock, prioritise it and turn it into decisions.
01 ·
Alert fatigue
Tier-zero AI filters, analysts decide: noise reduced >90% by day 30. Every alert that reaches you is already a qualified case.
02 ·
Vectra AI expertise
L2/L3 analysts who operate the Vectra AI console every day: detection tuning, MITRE-mapped runbooks, native response on your platform.
03 ·
Operational experience
European SOC, headquartered in Milan since 2017, 24·7·365: median TTD <15 minutes, median TTC <30 minutes.
Proprietary CTI on 287 tracked adversary groups and attack tools: advisories, IOCs and actor profiles feed directly into detection on your platform.
Threat intelligence · attacks detected on Vectra AI
C2 lateral movement contained on Vectra by the European SOC.
Selection of C2 tools and lateral movement detected on Fortgale customers with Vectra AI Platform. The Attack Signal Intelligence approach catches TTPs that signature-based IDSs miss.
Detection · Vectra AI Vectra Recall full-packet capture + AI behavioral models on <em>beaconing periodicity</em> + Attack Signal cross-host correlation.
Detection · Vectra AI Vectra Identity Detect cross-correlated with Network Detect + Recall for traffic replay · nominative Fortgale runbook.
What the service includes
MDR on Vectra AI, in detail.
Every component designed to leverage Vectra entity prioritisation with European SOC governance and proprietary CTI.
01
Managed Vectra AI Platform
Vectra licensing (or existing instance). Network sensors, AD/AAD integrations, cloud connectors managed by Fortgale. Continuous tuning per environment.
02
Identity threat detection
Vectra ITDR governed by Fortgale on AD on-prem + Entra ID + AAD. Detection of Kerberoasting, Pass-the-Hash, Golden Ticket, AAD impossible travel, OAuth abuse.
03
Network detection (NDR)
Vectra Detect on network: lateral movement, C2 beaconing, data staging, exfil. Native integration with proprietary CTI for IoC enrichment.
04
Cross-tool response
Containment orchestrated via Vectra integrations: EDR isolation (CrowdStrike, SentinelOne, Defender), AD lockout, firewall block, AAD session revocation.
Monthly hunting on Vectra Recall using proprietary CTI + Sigma rules. Focus on identity-based attacks, lateral movement and silent C2 not caught by automatic detections.
For whom · two angles
Same MDR on Vectra AI, two angles.
The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.
For the CISO
A named runbook per actor, on the Vectra AI stack.
Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Vectra AI Platform telemetry.
Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
Vectra AI runbookLive MITRE-mapped playbooks, executable on the Vectra AI Platform console.
Board-ready reportingRisk · impact · decision. No slideware technology.
Zero translator handover. European analysts on your Vectra AI console.
When the Vectra AI alert is real, decision time is containment time. Our L2/L3 analysts know the Vectra AI Platform console and have a mandate to decide.
Median containment ~11 minFrom confirmed alert to remediation in production.
Native Vectra AI responseProcess kill, host isolation, network containment via Vectra AI Platform API.
End-to-end integrationVectra AI telemetry ingested into our multi-domain data fabric.
Everything to know before talking to our analysts.
What is the Fortgale MDR service on Vectra AI?
Combines Vectra AI Platform (NDR + ITDR + cloud detection) with the Fortgale European SOC 24·7·365. L2/L3 analysts monitor the Vectra Recall/Detect console, leverage AI entity prioritisation and trigger response via native integrations (firewall, EDR, IAM).
What does it mean that Vectra prioritises by entity?
Vectra applies AI to score risk not per single alert but per entity (host, account, identity). It reduces alert volume to manage by grouping them around 'what matters', accelerating triage and reducing noise.
Do I need to already have Vectra?
No. Fortgale handles the full cycle: licensing, network sensor deployment, integrations configuration (cloud, identity, EDR), tuning. Available both on existing instance or as part of the service.
Is the service NIS2-compliant?
Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications.
Is Vectra only NDR or does it cover identity and cloud too?
Vectra AI Platform covers NDR (network detection), ITDR (identity threat detection for AAD/AD), cloud (AWS, Azure, M365). Particularly strong on detecting lateral movement and identity-based attacks (Pass-the-Hash, Golden Ticket, AAD compromise).
Talk to the outpost
One meeting. One NDA. One real runbook on Vectra AI.
We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Vectra AI Platform console.
Outlook Bookings · Fortgale
Book a meeting
Loading calendar…
Response · 1 business day
Speak with our analysts.
No nurturing sequences, no auto-replies. One of our analysts calls you back within one business day.
Document · Fortgale
PDF preview
Loading PDF…
Request · Fortgale Threat Intelligence Report
Request the Report
The full Report (executive summary · operational IoCs · technical runbook) is restricted. Share two details and one of our analysts contacts you with access and a short technical briefing.
See a real attack
IR · 24·7·365
Are you under attack?
Response in 30 minutes, containment in 1–4 hours. Even if you are not a Fortgale customer.
We use essential cookies required for site functionality and, with your consent, analytics and marketing cookies to measure traffic and personalise content. You can accept all cookies, reject them, or customise your preferences. For more details see the Cookie Policy and Privacy Policy.
Cookie preferences · Fortgale
Manage your preferences
Choose which cookies to allow. Essential cookies are required for the site to work and cannot be disabled. For the others, consent is always free, specific and revocable at any time.
EssentialAlways on
Required for the site to function (session, security, cookie preferences). The legal basis is the controller's legitimate interest (Art. 6(1)(f) GDPR). Without these cookies the site does not work correctly.
AnalyticsWe measure what works
Aggregated statistical cookies to understand how users browse the site (page views, session duration, traffic source). EU-friendly or anonymised providers. Legal basis: consent (Art. 6(1)(a) GDPR).
MarketingPersonalisation and remarketing
Third-party cookies (LinkedIn Insight Tag, possible campaign pixels) to measure ad campaign effectiveness and show relevant content. Legal basis: consent (Art. 6(1)(a) GDPR). Disabled by default.
You can change these choices at any time from the Cookie Policy page or by clicking the Cookie preferences link in the footer.