about - MEDIA COVERAGE

Vectra CEO Hitesh Sheth talks with Bloomberg Markets about the crucial role that artificial intelligence will play in detecting and responding to cyberattackers in 2018. It will be an AI war, with nation-state hackers and organized cybercriminals using their AI threat arsenal to attack organizations who use AI as a defensive weapon.

AI is the inevitable next phase in cybersecurity. What is avoidable, however, is security burnout. By implementing key business and professional-growth programs – and augmenting the work of security analysts with AI – organizations can greatly reduce the security burnout rate while nurturing and developing future security analysts.

When WannaCry was first detected, we saw similarities in the code used for that ransomware attack with previous attacks attributed to North Korea, like the Sony hack. North Korea has been targeting banks directly with banking malware while using ransomware against other organizations to acquire a large volume of Bitcoin.

Vectra is hunting for channel partners in the UK after trebling its revenue in Q3, says Matt Walmsley, head of EMEA marketing. Vectra revenue jumped 294 percent in the third quarter this year, which Walmsley said was driven by a need for enterprises to address the detection gap that allows cybercriminals to easily breach networks.

In his latest installment in the CSO “Thinking Security” column, Vectra CTO Oliver Tavakoli explores the benefits of running red team exercises. Red team exercises enable organizations to understand how to respond when dealing with real-world advanced attacks and adapt to respond quickly to these threats.

The security operations center at Texas A&M serves 11 universities and seven state agencies. But with just seven full-time analysts and a risk-rich environment of 174,000 students and faculty, triaging security events was overwhelming, but with the help of Vectra Cognito, and it now takes 10-20 minutes to resolve an incident, on average.

AI propose désormais de plus en plus de fonctionnalités de sécurité, en commençant par la possibilité d'automatiser le traitement de ces volumes de données, alertes, gérables et intégrant des algorithmes d'apprentissage automatique détectant le comportement agresseur, explique Christophe Jolly, directeur France chez Vectra.

"To gain access to the industrial control systems, the threat actor infected an SIS engineering workstation on what is supposed to be an isolated network," says Chris Morales, Vectra head of security analytics. "An infected laptop can be brought in by a contractor, connect to the network and spread to the controlled ICS environment."

"The IoT and IT/OT convergence is accelerated by the speed of business and the implementation of AI to drive decisions in ICS environments," says Chris Morales, Vectra head of security analytics. "In addition, more ICS devices are running commercial operating systems, exposing ICS systems to a wider swath of known vulnerabilities."

People who use Google, Apple, Facebook and Microsoft trust that their communication is secure because of the use of HTTPS, says Chris Morales, Vectra head of security analytics. But entities can manipulate the border gateway protocol to perform man-in-the-middle attacks and manipulate TLS/SSL encryption to eavesdrop on users.

“The motivation of the attacker is always financial or competitive gain or theft of intellectual property,” says Chris Morales, Vectra head of security analytics. “The constantly changing landscape makes it nearly impossible to track cyberespionage organizations without a team of researchers focused on attribution.”

Keyloggers are an important weapon in the arsenal of cyberattackers, says Chris Morales, Vectra head of security analytics. "They're often used in the recon phase of targeted attacks to steal user credentials and other sensitive information that are used to compromise user accounts. Keyboard loggers are hard to spot with consumer anti-virus."

"Data exfiltration from cloud-based storage will accelerate," says Vectra CTO Oliver Tavakoli. "This will occur at the cross-section of IaaS and PaaS. And organizations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat."

"Why would a hardware vendor install this kind of software on their computers?" asks Chris Morales, head of security analytics at Vectra. "The key logger was a software development or test tool that should have been removed before the code was released. Any attacker could easily monitor everything a user does on their system.”

“If you are risk averse, transfer deposits made to your bitcoin wallet to a hard currency account with a bank,” says Matt Walmsley, Vectra EMEA director. However, he added, "Many exchanges may limit the amount you can transfer in one instance and you may not be able to empty your account, so buyers beware.”

"This NiceHash attack is reminiscent of the Carbanak heist in which the sophisticated attackers used the bank's own tools to steal their money," said Chris Morales, head of security analytics at Vectra. Morales says the most important security controls monitor internal traffic for the misuse of administrative credentials and administrative protocols.

"Consumers have no security controls to monitor botnet activity on their personal networks," Chris Morales, head of security analytics at Vectra, tells CSO magazine. "Security teams prioritize attacks targeting their own resources rather than attacks emanating from their network to external targets.”

"Exfiltration of data from cloud-based storage will accelerate," says Matt Walmsley, Vectra EMEA director. "Infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) attacks will see massive tranches of data from organizations being taken from the cloud, without IT/security team even knowing."

Die Coop-Gruppe nutzt die auf KI basierende Cognito-Plattform von Vectra zur Erkennung von Cyberbedrohungen. Mit 2.476 Filialen und mehr als 85.000 Mitarbeitern ist Coop einer der größten Einzel- und Großhändler in der Schweiz.

Cognito de Vectra utilise AI pour analyser le comportement des hôtes, puis s'appuie sur des algorithmes d'apprentissage automatique pour détecter les cyberattaques cachées dans les réseaux, notamment pendant les phases de reconnaissance interne, de mouvement latéral et d'extraction de données.

"We're now at a time where artificial intelligence needs to be introduced to identify and respond to threats automatically and in real-time, a task that humans alone are simply incapable of performing at adequate scale and speed," says Matt Walmsley, Vectra EMEA director.

“On ne consulte pas le contenu d'une boîte mail, mais le comportement du trafic sur un appareil et s'il s'agit ou non d'une tentative d'attaque," précise Chris Morales, responsable security analytics de Vectra. “On peut même constater des attaques sur un réseau crypté."

Vectra intègre l'intelligence des menaces et les flux d'indicateurs de compromis (IoC) dans sa plateforme Cognito. La plateforme détecte également les activités de découverte d'attaquants ciblant les services Active Directory via LDAP et Kerberos.

Chris Morales, head of security analytics at Vectra, notes that the challenge is that traditional security and methods for internal data centers don't have the same visibility in cloud environments. "Companies like Uber who rely on cloud infrastructure need a security strategy with processes and tools that provide visibility into cloud attacks."

"Normal security tools and methods built for internal data centers do not have the same visibility in cloud environments where your systems and data are sharing a neighborhood (the internet and cloud apps) with millions and millions of other people, both good and bad," says Chris Morales, Vectra head of security analytics.

"Op universiteiten en hogescholen detecteren we vaak botnets op apparaten die bij binnenkomende studenten horen", zegt Chris Morales, hoofd beveiligingsanalyse bij Vectra. "Maar de meeste onderwijsinstellingen weten dit en zetten ze op een ander netwerk dat gescheiden is van hun kritieke netwerkinfrastructuur."

“This breach happened at the same time Uber was under investigation by U.S regulators for the 2014 breach,” says Chris Morales, head of security analytics at Vectra. “There are many breach notification laws, especially in California, that require immediate notification to consumers. We are the ones put at risk here, not Uber.”

"The lesson here is don’t assume the same security tools used in a private cloud will protect you in the public cloud," says Chris Morales, head of security analytics at Vectra. "To detect malicious behavior in the public cloud, you have to know what can be attacked and understand how it would be done.”

“Organizations recognize that there is a need to prioritize the protection of citizen’s personal data through disclosure, but can be reluctant due to the impact a confession will have on their reputation and market value," says Matt Walmsley, EMEA director at Vectra. "This Uber breach of trust has rattled the regulators."

"Die einzige Möglichkeit, Zwischenfälle wie die bei Uber zu stoppen, besteht darin, zu akzeptieren, dass sich Angreifer bereits im Netzwerk befinden und sie schnell finden, bevor sie Schaden anrichten und Daten stehlen", sagt Gerard Bauer, Vice President EMEA bei Vectra.

"Anyone who performs an online transaction has personal data on the internet," says Chris Morales, head of security analytics at Vectra. "Even worse, personal information exists in places people are not even aware of or have any control over. The Equifax breach impacted more than 145 million consumers, and that's just one recent breach."

Automation and the use of artificial intelligence-based methods to detect, triage and correlate cyber security attacks in enterprise networks can be a powerful means for rapid risk reduction. We recently connected with Vectra CEO Hitesh Sheth to better understand how all this can be accomplished on a modern platform.

"AI automates repetitive tasks at massive scale and makes human security analysts better in the same way financial analysis tools enable bankers to be better," says Chris Morales, Vectra head of security analytics. "Similarly, AI can benefit from human intelligence by learning from the conclusions humans make based on AI’s automated analysis."

Texas A&M found a way to train the next-generation SOC analysts using Vectra. Dark Reading reports that the university added AI-based Vectra to the SOC to cut the time to vet alerts, a process that often took hours to reach the action phase. AI now provides context to alerts and now it only takes 15-20 minutes to triage them.

Bei der automatisierten Erkennung von Cyberbedrohungen und für eine schnellere Reaktion auf solche Angriffe wollen Vectra und Phantom künftig zusammenarbeiten. Beide Unternehmen wollen ihre jeweiligen Kompetenzen in die Partnerschaft einbringen. Zudem steht nun die »Vectra-App for Phantom« zur Verfügung.

"Once the attackers get inside, how do they sustain control, how do they move, how do they ultimately accomplish their goal?" asks Vectra CTO Oliver Tavakoli. "It can look more like a heist movie, a bank robbery of a vault where you have to go through a myriad of steps. That's where AI can help pore through the data."

La détection des menaces est bonne; les traiter c'est mieux. Vectra se concentre sur le premier: son moteur Cognito analyse les flux du réseau, étudie le comportement des hôtes, puis s'appuie sur des algorithmes d'apprentissage automatiques pour le mouvement latéral, l'acquisition et l'extraction des données.

"We will see an uptake in the exfiltration of sensitive data at the cross-section of IaaS and PaaS," says Vectra CTO Oliver Tavakoli. "On top of this, organizations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat."

When it comes to AI and machine learning, Vectra is one to watch, according to Dark Reading. Vectra was cited by Dark Reading for its playbooks that speed-up the response to in-progress cyber attacks, integration with other security products, and several patents for AI-based threat hunting.

Vectra a annoncé la signature d'un accord pluriannuel avec Coop Group, l'une des principales entreprises suisses de vente en gros et au détail, pour installer Cognito, une plateforme de détection des menaces basée sur l'intelligence artificielle.

Um den Zeitaufwand für Sicherheitsoperationen von Tagen auf Minuten zu reduzieren, haben Vectra und Phantom ihre Zusammenarbeit angekündigt und die Vectra App für Phantom-Lösungen entwickelt.

The positive view is that the community constantly reviews Linux source code and can respond before attackers do, Chris Morales, head of security analytics tells LinuxInsider. "The negative view is that open source code is not maintained regularly and depends on an army of volunteers to keep safe. The truth is somewhere in between."

The Coop Group decided that network perimeter defenses were insufficient to safeguard customer information, internal systems and point of sale systems. As a result, Coop selected Vectra artificial technology to detect and respond to cyber-attacks in real time and prevent or significantly mitigate the impact of a data breach.

Coop chose Vectra after identifying significant economic and security gains resulting from the introduction of AI security automation. After evaluating multiple solutions, it turned to Vectra and its Cognito AI platform to help protect them detect cyber attacks in real time and speed response by augmenting their security operations team.

“Vectra and Phantom share a mission to automate threat detection and response,” said Mike Banic, Vectra vice president of marketing. “Our Cognito platform automates the threat detection, triage, correlation and prioritization, and our partnership with Phantom enables automated security orchestration with a broad ecosystem of partners.”

“The risk with third-party services is exposure through unknown system and application vulnerabilities," says Chris Morales, head of security analytics at Vectra. "Organizations should do their own security assessments of third-party services and externally monitor the activities on these services, independent of the service provider."

Vectra, makes the Tech Tribune's Top 10 list of best startups in San Jose. In conducting its research, the Tech Tribune editorial staff considered several critical factors for its Top 10 list, including revenue potential, leadership team, brand and product traction, and competitive landscape.

Wenn Cybersicherheit auf den Netzwerkperimeter beschränkt ist, kann man nur eine oder zwei Phasen eines Angriffs sehen, schreibt Gerard Bauer, Vice President EMEA bei Vectra. Die Überwachung des Netzwerks von innen bietet jedoch viele weitere Möglichkeiten, um viele weitere Phasen eines aktiven Angriffs zu erkennen.

Das Security-Unternehmen Vectra hat einen Vertrag mit der Coop-Gruppe für den mehrjährigen Einsatz von Cognito geschlossen. Mit Cognito bietet Vectra eine KI-basierte Plattform (künstliche Intelligenz) für das Entdecken und Erkennen von Cyberbedrohungen.

Oliver Tavakoli, the CTO of cyber security vendor Vectra, explains that nation-states, hackers and organized cybercrime groups will develop new vectors to defeat predictive capabilities. “After several years spent trying to perfect predictive analytics, attackers will counter with feints and pattern randomization,” Tavakoli says.