This is the post summary.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere. Justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet.

See the certificates in your network that are actively in use, those that are about to expire and ones that have already expired in the new dashboard in Cognito Recall.

Learn how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply attackers moving around inside your deployments due to reliance on signatures and being deployed at the network perimeter.

なぜIDPSがラテラルムーブの動きや東西のトラフィックなど、内部を動き回る攻撃者を検知する能力に欠けているかについて説明いたします。

Consider getting rid of IDPS and the noise it creates and check out detecting and stopping cyberattacks using NDR. Free-up your security analysts to focus on investigations and threat-hunting instead of tweaking signatures.

IDPSから、NDRへ置き換えるタイミングがきているのではないでしょうか。セキュリティアナリストが、シグネチャーの微調整作業に時間を費やす代わりに本当に必要な調査や脅威のハンティングに時間を使えるようにします。

AI-based detections are great at identifying attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give you the most durable coverage and early understanding of threats.

AIベースの検出は、未知の攻撃者や既知の攻撃者の振る舞いを識別するのに優れており、一方で、脅威インテリジェンスは既知の脅威を迅速にラベル付けしてカバーします。

Maze ransomware can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. Learn what a Maze attack progression looks like and how you can defend against these types of threats.

Learn why using AI models to look for the communication pattern of a RAT in network data, can help detect them in real-time with high-fidelity based on the behavior observed.

AIモデルを使用してネットワークデータからRATの通信パターンを探すことで、観察された振る舞いに基づいてリアルタイムにRATを検出する方法。

En première ligne de la pandémie de COVID-19, les professionnels de la santé chargés de nous protéger travaillent sans relâche pour prendre soin de nous. Mais comment le secteur de la santé a-t-il fait face aux cyberattaques ciblées en cette période critique ?

We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer’s security teams to further improve the agility, efficiency and efficacy of their security operations.

The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.

What the recent advanced threat actor 29 shows about the security limitations of indicator of compromise and how you can defend against privileged access attacks.

Battista Cagnoni examines how you can mature your Security Operations Center (SOC) using processes for reactive threat detection and proactive threat hunting.

「APT29」による攻撃は、セキュリティの限界と攻撃に対してどのように身を守ることができるか考える機会となりました。

Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. The recent Twitter Hack compromising several high-profile accounts becomes another stark example.

サイバー攻撃が侵入拡大を図る過程では、多くの重要情報を入手できる特権アクセスが大きな鍵となります。

Our integration with Microsoft Defender ATP lets you perform Host Lockdown on Microsoft Defender ATP hosts.

Microsoft DefenderATPとの連携でCognito Detect UIからMicrosoft Defender ATPホスト上でHost Lockdownを実行することができます。

At Vectra, our partners are integral to the way we go tomarket and we want to ensure you we are committed to the mutual success of our relationship.

Die Umstellung des Gesundheitswesens auf die Cloud ist nicht neu. COVID-19 hat jedoch die Roadmap für die Cloud-Einführung beschleunigt und die Sicherheitsteams somit in einen eher reaktiven als proaktiven Angreifersuchmodus versetzt.

Ze lopen altijd voorop tijdens de COVID-19-pandemie: gezondheidswerkers werken onvermoeibaar door voor ons. Maar hoe doet de zorg het in deze tijden van crisis als het gaat om gerichte cyberaanvallen?

Healthcare’s shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.

Power AutomateはOffice 365ユーザーにとって素晴らしいですが、セキュリティ担当者にとっては脅威でもあります。

Learn why Microsoft Power Automate is great for Office 365 users, but why it’s terrifying for security professionals.

MFA is a great step to take, but there are always ways around preventive controls. One of the well-known MFA bypass techniques is the installation of malicious Azure/O365 OAuth apps. Learn why you need to implement detection-based solutions.

多要素認証（MFA）はセキュリティ対策の一つですが、悪意のあるAzure/O365 OAuthアプリのインストールなどの迂回する方法があります。

The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category.

Vectra AI社は、パートナーシップを結び、Microsoft Defender ATP (EDR) および Microsoft Azure Sentinel (SIEM) と深いレベルでの製品連携を行うことを発表しました。

Vectra announces a partnership and deep product integration with Microsoft Defender for Endpoint (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.

あらゆる場所でデータが溢れかえっています。その中でどのデータを保存し、また利用したらよいのでしょうか？

Vectra is pleased to announce the launch of two new training certification tracks for our partners. The VPSE certification is geared toward sales engineers, while our VSP certification focuses on positioning and selling Vectra Cognito.

Attack tools and techniques can change over time, but attack behaviours remain a stable indicator of attackers within the network. Using attack behaviour as a high-fidelity signal allows you to take action quickly to stop attacks or prevent further damage.

攻撃用のツールやテクニックは、時間とともに変化しますが、攻撃に関わる振る舞いは、ネットワーク内での攻撃者の存在を示す普遍的な指標となります。

COVID-19 has caused a sudden and immediate shift of employees who would normally work in an office to a remote location that will naturally create a shift in internal movement of network traffic. The outcome will be a change of internal network traffic patterns in which attackers could hide their own communication.

In the era of near-total data, SOC teams and analysts can become swamped by the sheer volume. And that’s before we even get to the cost of data ingestion and storage! In this blog, we will explore the value of network metadata, and why we just can’t get this level of visibility elsewhere.

Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.

Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today’s modern cyberattacks.

CognitoとCybereasonの連携によって、ハイブリッドやマルチクラウド、オンプレミスなど、企業の全ての環境を可視化し、今日の最新サイバー攻撃に容易に対抗できるようになります。

Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard.

Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your SOC analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.

Vectra AI社が提供するAccount LockdownとActive Directoryを統合することで、カスタマイズ可能なアカウントをすぐ適用することができるようになります。

ネットワークではなくアカウントを無効化することで、該当アカウントへのアクセスを外部から凍結し、サービスが停止する事態を回避できます。

With increasingly sophisticated threats, cyber risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.

増々巧妙化する脅威の拡大に伴い、サイバーリスクは世界中の企業にとって深刻な問題となりつつあります。

多要素認証のような段階を踏んだセキュリティ手法の採用が増えているにも関わらず、40％もの企業がアカウントの乗っ取りに苦しむなど、Office 365を介したデータ侵害が際立っています。

Over the past decade, cyber operations have become intertwined with geopolitical conflict. In recent asymmetric campaigns, state-sponsored threat groups have mapped critical infrastructure, disrupted systems, held information hostage, and stolen state secrets as a form of warfare.

PAA enables SOC teams to monitor and defend against these types of attacks. In addition to our extensive models that detect command-and-control channels, this make the Cognito platform a powerful tool to combat evolving malware attacks against enterprises.

PAAを利用することで、SOCチームは、これらのタイプの攻撃を監視し防御することができます。

コマンドアンドコントロールチャネルを検出する広範なモデルが加わったことによって、Cognitoプラットフォームは、進化するマルウェア攻撃に企業が対抗するための強力なツールとなります。

Thinking about threat hunting by using terms from the MITRE’s ATT&CK Matrix to frame the context and guide what you can and cannot see within your environment.

不正行為者の目的、テクニック、戦略を特定することで、単独のアクティビティとしてではなく、どのような手段で攻撃者がその目的を達成しようとしているのかという全体的な観点から、脅威のハンティングを行うことが可能になります。

Vectra now integrates with Amazon Virtual Private Cloud (VPC) Ingress Routing and that our AI platform is currently available in the AWS Marketplace.

企業が、ビジネス上で高い価値を持つデータやサービスをクラウドへ安全に移行し続けるためには、可能な限りサイバーリスクを低減して、システムの可視性を高めるための取り組みが不可欠です。

The Cognito threat detection and response platform from Vectra now seamlessly integrates AI-based threat hunting and incident response of Chronicle Backstory, a global security telemetry platform, for increased context during investigations and hunts and greater operational intelligence.

That’s why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.

The integration of the Cognito network detection and response platform with the Forescout device visibility and control platform provides inside-the-network threat detection and response, a critical layer of defense in today’s security infrastructure.

The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.

NISTは、その目的について「どんな企業もサイバーセキュリティリスクを完全に排除することはできません。ZTAを既存のサイバーセキュリティポリシーやガイダンス、ID管理やアクセス管理、継続的な監視、さらに全般的なサイバー・ハイジーンによって補完することで、全般的なリスクを軽減し、一般的な脅威から自社を保護できるようになります」としています。

According to NIST, “No enterprise can completely eliminate cybersecurity risk. When complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cyber hygiene, ZTA can reduce overall risk exposure and protect against common threats.”

企業の買収は非常に大掛かりな取り組みであり、膨大な計画と完璧な遂行が求められます。さらに時間も重要となります。買収による統合がより迅速に完了すれば、市場への価値提供もまた素早く実現できます。

By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.

Vectra AI社の「2019 Black Hat Edition of the Attacker Behavior Industry  Report」における分析データから、RDP の悪用が現実の世界で非常に一般化していることが分かります。Cognito プラットフォームを導入している企業の 90％ が、2019年1月から 6月にかけてRDP に関する何らかの疑わしい動作があったことを指摘しています。

The combination of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM) allows security professionals to have coverage across threat vectors from cloud workloads to the enterprise.

セキュリティの専門家は、ネットワークの検知と対応 (NDR)、エンドポイントの検知と対応 (EDR)、ログベースの検知機能 (SIEM) を組み合わせることで、クラウドのワークロードから企業に至るまで、脅威の攻撃対象全体をカバーできるようになります。

In infosec, the concept of “zero trust” has grown significantly in the last couple of years and has become a hot topic. A zero-trust architecture fundamentally distrusts all entities in a network and does not allow any access to resources until an entity has been authenticated and authorized to use that specific resource, i.e. trusted.

情報セキュリティの世界で使われる「ゼロトラスト」というコンセプトは、ここ数年で大きく業界内で広がり、ホットなトピックになっています。基本的にゼロトラストアーキテクチャーは、ネットワークの全エンティティを信頼せず、エンティティが特定のリソースに対するアクセスについて認証または許可を受けていない（つまり信頼されない）限り、いかなるリソースへのアクセスも許可しないというものです。

Since the early days of Vectra, we’ve been focused primarily on host devices. After all, hosts are the entities that generate the network traffic the Cognito platform analyses in looking for attacker behaviors.

Vectra AI社は、設立当初からホストデバイスに主眼を置いてきました。その理由は、攻撃者の行動を分析するためにCognitoプラットフォームが使用するネットワークトラフィックが、結果的にホストというエンティティで発生するからです。

The rationale behind choosing a managed security services provider (MSSP) can be numerous, but one of the primary reasons is to overcome the cybersecurity skills shortage. Finding the right talent in cybersecurity and retaining skilled professionals once they’ve been trained is very difficult.

マネージドセキュリティサービスプロバイダー（MSSP）を選択する理由は数多くありますが、主な理由の1つとして、サイバーセキュリティに関するスキル不足を補うという内容を挙げることができます。サイバーセキュリティに関する適正な能力を持つ人材を探し出し、トレーニングを行ってスキルの高い専門家に育てあげ、維持していくことは決して容易ではありません。

For the second year in a row, we conducted the Vectra superhero survey at Black Hat. The survey is a quick six-question poll that helps us understand the current cloud adoption and top-of-mind concerns of attendees.

The time of separated networks – when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment – is long gone.

Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker’s arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.

Tens of thousands of hackers and security researchers congregate in Las Vegas to participate in one of the largest hacker conventions in the world. Many of them are out to hack your device and put you on the infamous Wall of Sheep.

Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems (ID: G00385800)*, written by Gartner researchers Craig Lawson and John Watts, was published. The guide describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.

Most sessions on the internet today are encrypted. By any measure, more than half of all internet traffic uses TLS to encrypt client/server communication.

In a previous blog, we spoke about the importance of security enrichments in your network metadata. These serve as the foundation for threat hunters and analysts to test and query against hypotheses during an investigative process.

Vectra announced a close-knit development partnership with Amazon, beginning with the integration of its Cognito platform in AWS environments.

As a security leader, you need the most effective way forward to protect your most valuable assets, make security an integral part of your business and supporting your digitalization journey full on, and inspire the trust of the employees, customers and partners who work with you.

There are multiple phases in an active cyberattack and each is a perilous link in a complex kill-chain that gives criminals the opportunity to spy, spread and steal critical information in native and hybrid cloud workloads and user and IoT devices.

As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.

Preventing a compromise is increasingly difficult but detecting the behaviors that occur – from command and control to data exfiltration – are not.

Today, I am thrilled to share the news that Vectra has completed a $100 million Series E funding round led by TCV, one of the largest growth equity firms backing private and public technology companies.

Au fil de l'évolution du paysage des menaces, l'équipe de Vectra a pu constater qu'une part importante des budgets informatiques est consacrée à renforcer les équipes de sécurité et la protection du périmètre réseau. L'objectif des entreprises est d'améliorer la détection des menaces et d'accélérer le tri des alertes.

Bei Vectra nehmen wir zurzeit wahr, wie Unternehmen als Reaktion auf die Entwicklungen in der Bedrohungslandschaft immer höhere Budgets für den Ausbau der Sicherheitsteams und die Erweiterung des Perimeter-Schutzes einsetzen. Hintergrund sind ihre Bemühungen, die Bedrohungserkennung zu verbessern und die Triage zu beschleunigen.

Vectra customers and security researchers respond to some of the world’s most consequential threats. And they tell us there’s a consistent set of questions they must answer when investigating any given attack scenario. Starting with an alert from Cognito Detect, another security tool, or their intuition, analysts will form a hypothesis as to what is occurring.

In a previous blog, we wrote about the benefits that come with Zeek-formatted metadata. This blog builds on that thread by discussing why our customers come to us as an enterprise solution to support their Zeek deployments.

Although NDR and EDR can provide perspective on this, NDR is more critical because it provides perspective where EDR cannot. For example, exploits that operate at the BIOS level of a device can subvert EDR.

The collection and storage of network metadata strikes a balance that is just right for data lakes and SIEMs. Metadata enables security operations teams to craft queries that interrogate the data and lead to deeper investigations.

Lorsqu'elles élaborent leur programme de résolution des incidents, les équipes de sécurité sont confrontées à un défi de taille : trouver le juste milieu entre l'impératif de visibilité, de détection et de résolution des incidents d'une part, et le coût et la complexité du développement et de la gestion d'un dispositif de sécurité fonctionnel et performant d'autre part.

Imaginez un outil de sécurité qui pense exactement comme vous lui apprenez à penser, qui agit au moment opportun et selon les modalités que vous lui avez enseignées. Plus besoin d'adapter vos habitudes de travail à des règles génériques définies par quelqu'un d'autre. Plus besoin de vous demander comment pallier les failles de sécurité qui ne sont pas couvertes par ces règles.

Maschinelles Lernen, der Grundstein der Network Traffic Analytics (NTA) – das ist Technik, die in Ihrem Namen agieren kann, um Ihnen bessere Einblicke in Ihre Infrastruktur zu verschaffen, um die Leistung Ihrer Bedrohungserkennung zu erhöhen und um es Ihnen zu erleichtern, wirklich kritische Bedrohungen gut zu überstehen.

Attackers intent on stealing personally-identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

Eine der großen Herausforderungen beim Aufsetzen eines guten Incident-Response-Programms besteht darin, die notwendigen Verbesserungen bei der Netzwerk-Transparenz, der Bedrohungserkennung und einer schlagkräftigen Response gegen die Kosten und die Komplexität abzuwägen, die der Aufbau und der Betrieb eines gut einsetzbaren und effektiven Security-Stacks mit sich bringt.

When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.

There is a new breed of SIEM-less security architecture that allows companies to leverage intelligent people with general IT experience to become the next-generation of security analysts.

Imagine having a security tool that thinks the way you teach it to think, that takes action when and how you have trained it to act. No more adapting your work habits to generic rules written by a third party and wondering how to fill in security gaps that the rules did not tell you about.