Vectra issued five U.S. patents for artificial intelligence that automates the hunt for cyber attacker behaviors

August 15, 2017

Vectra, the leader in automating the hunt for in-progress cyber attacks, today announced it has been issued five U.S. patents, numbers 9237164, 9407647, 9565208, 9602533 and 9628512, for advanced cyber security analytics capabilities automated by artificial intelligence (AI). These patents demonstrate the effectiveness of security research and data science collaborating to enhance visibility into attacker behavior.

The Vectra patented technology helps address critical issues in today’s fight against cyber attackers. Between the severe shortage of knowledgeable talent and the immense increase in cyber threats, shorthanded security teams are bombarded with endless, disparate alerts that take hours to investigate and prevent a rapid determination of severity or root cause. Vectra combines a number of patented machine learning (ML) and AI techniques to identify individual attacker behavior and to judge the severity of combinations of such behaviors.

One of the most difficult attacker behaviors to detect is malware that “phones home” to the attacker and enables him to take manual control over a compromised host. Security analysts have coined the term RAT (Remote Access Trojan) to describe malware that enables this functionality. However, any number of benign software packages used for remotely controlling a machine can also be used to accomplish the same goal. Vectra has been granted a patent for using innovative machine learning techniques to detect such behavior regardless of the malicious or benign software used to establish manual remote control of an internal host.

Another of the granted patents takes an innovative approach to correlating all attacker behaviors observed on a particular asset in an organization’s network and assigning threat and certainty scores to the observed timeline of attacker behaviors. With such insights, attacks can be stopped at the earliest signs of detection and before data is stolen.

“Timely detection of advanced attacks is key to neutralizing them before they do an organization substantial harm. Using ML and AI to find the individual steps of advanced attacks, correlating them on a machine across time and prioritizing the resulting narratives is key to making events actionable for security analysts,” said Oliver Tavakoli, chief technology officer of Vectra. “Finding the sometimes-tenuous connections across multiple machines which are part of a single attack campaign is the next AI frontier for reducing analysts’ alert fatigue and turning the tables on the attackers.”

Additional Patents Issued Advancing Visibility into Attacker Behavior

Fingerprinting Individual Behavior – Correlation efforts begin by fingerprinting each machine or workload in an organization’s network. These fingerprints allow identification of a host to which individual behaviors can be attributed. The collection of observed behaviors over time can then be scored based on the certainty of compromise and the extent of threat the set of behaviors signal.

Host Scoring & Correlation – Utilizing AI to identify individual attacker behaviors, such as External Remote Access, presents a major advancement, in terms of coverage and accuracy, over current techniques. Even as better coverage for detecting individual attacker behaviors become available, there is also an opportunity to apply machine learning to correlate these behaviors, creating from them a smaller number of individual host narratives and potential attack campaigns.

Vectra has 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence.

About Vectra

Vectra Networks is the leader in automating the hunt for in-progress cyber attacks. Using artificial intelligence, Vectra correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. In 2016, Vectra was named “Most Innovative Emerging Company” in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit

Vectra, the Vectra Networks logo and ‘Security that thinks’ are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.

Media Contacts:

LEWIS Global Communications, PR for Vectra  (781) 418-2400 

Most recent news releases

Vectra AI and SANS Institute to Host “Think Like a Hybrid Attacker” Solutions Forum 2023

September 19, 2023
Read news release

Vectra AI Platform Now Available for Purchase on the CrowdStrike Marketplace

September 18, 2023
Read news release

Curtiss-Wright Collaborates with Vectra AI to Bring AI/ML Threat Detection to NatSec Cyber Tactical Edge Communications

September 12, 2023
Read news release

Learn more about the Vectra platform

Understand more about the Vectra platform and its approach to threat detection and response.