Vectra today announced that the higher education sector exhibited a startling increase in potentially damaging cryptocurrency mining behaviors as part of the company’s key findings in the new 2018 RSA Conference Edition of its Attacker Behavior Industry Report.
The report reveals cyberattack detections and trends from a sample of 246 opt-in enterprise customers using the Vectra Cognito platform, across 14 different industries. From August 2017 through January 2018, Cognito monitored traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. By analyzing this metadata, the Vectra Cognito platform detected hidden attacker behaviors and identified business risks that enabled its customers to avoid catastrophic data breaches.
As sophisticated cyberattackers automate and increase the efficiencies of their own technology, there is an urgent need to augment information security with AI-based detection and response tools to stop threats faster. The Vectra Attacker Behavior Industry Report takes a multidisciplinary approach that spans all strategic phases of the attack lifecycle, presenting data by specific industries that highlight relevant differences between them.
Key findings from the report include:
“Security operations and analytics platform architecture (SOAPA) is helping to accelerate technology innovation, ease integration and enhance the value of existing security technologies,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “According to recent ESG research, 12 percent of enterprise organizations have already deployed Artificial Intelligence (AI)-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. This latest report from Vectra provides important visibility into attacker behaviors within organizations, that have bypassed perimeter security controls and observations of attack progression after an initial compromise.”
The Cognito platform automates the hunt for hidden cyberthreats by continuously analyzing network traffic logs and cloud events to detect attacker behaviors inside the network. In addition to automatically correlating detected threats with host devices that are under attack, Cognito provides unique context about what attackers are doing and prioritizes threats that pose the highest risk. Using AI, Cognito combines data science, machine learning and behavioral analytics to reveal attacker behaviors without signatures or reputation lists.
“Combining security analytics with human understanding gives us compelling new insights into attacker behaviors on a global scale across cloud, data center and enterprise environments,” said Chris Morales, head of security analytics at Vectra. “Ultimately, this insight enables Vectra customers to make better-informed decisions that strengthen security posture and reduce business risk.”
The data in this report is based on anonymized metadata from Vectra customers who have opted to share detection metrics. The Cognito platform identifies behaviors that indicate in-progress attacks by directly monitoring all traffic and relevant logs, including traffic to and from the internet, internal traffic between network devices, and virtualized workloads in private data centers and public clouds. This analysis provides important visibility into advanced phases of attacks.