Joshua St. Hilaire

Principal Security Researcher

Joshua St.Hilaire is currently a Principal SecurityResearcher at Vectra where he currently leads research on adversarial detection models. He has twenty years of experience in computer security focused on incident response, threat hunting and reverse-engineering.

All blog posts from this author

Security research

Command and Control (C2) Evasion Techniques, Part 2

April 26, 2021
Read blog post
Security research

Command and Control (C2) Evasion Techniques

January 28, 2021
Read blog post

Joshua St. Hilaire

Principal Security Researcher

Joshua St.Hilaire is currently a Principal SecurityResearcher at Vectra where he currently leads research on adversarial detection models. He has twenty years of experience in computer security focused on incident response, threat hunting and reverse-engineering.

Posts from

Joshua St. Hilaire

May 1, 2021
|
By
Hitesh Sheth

This is a test blog post

This is the post summary.

Read More
April 7, 2021
|
By
Jennifer Geisler

This is a test blog post for another dummy article for spacing.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere. Justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Read More
March 25, 2021
|
By
Hitesh Sheth

This is a test blog post for another dummy article

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Read More
January 13, 2021
|
By

This is a test blog post for another dummy article with a longer title

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet.

Read More
August 20, 2020
|
By
Gearoid O Fearghail

Easily Track Expiring Certificates in Cognito Recall

See the certificates in your network that are actively in use, those that are about to expire and ones that have already expired in the new dashboard in Cognito Recall.

Read More
August 18, 2020
|
By
Marcus Hartwig

Why IDPS Lacks the Capability to Detect Modern Attacks

Learn how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply attackers moving around inside your deployments due to reliance on signatures and being deployed at the network perimeter.

Read More
August 18, 2020
|
By
Marcus Hartwig

なぜIDPSは最新の攻撃を検知する能力に欠けているのか

なぜIDPSがラテラルムーブの動きや東西のトラフィックなど、内部を動き回る攻撃者を検知する能力に欠けているかについて説明いたします。

Read More
August 11, 2020
|
By
Marcus Hartwig

Alert Fatigue and Bad Signatures Leads to Missed Attacks

Consider getting rid of IDPS and the noise it creates and check out detecting and stopping cyberattacks using NDR. Free-up your security analysts to focus on investigations and threat-hunting instead of tweaking signatures.

Read More
August 11, 2020
|
By
Marcus Hartwig

アラート疲れと質の低いシグネチャーによって攻撃を見逃すことも

IDPSから、NDRへ置き換えるタイミングがきているのではないでしょうか。セキュリティアナリストが、シグネチャーの微調整作業に時間を費やす代わりに本当に必要な調査や脅威のハンティングに時間を使えるようにします。

Read More
August 6, 2020
|
By
John Mancini

Vectra Threat Intelligence: The Icing on the Cake

AI-based detections are great at identifying attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give you the most durable coverage and early understanding of threats.

Read More
August 6, 2020
|
By
John Mancini

Vectra Threat Intelligence:脅威インテリジェンスでさらなる高みへ

AIベースの検出は、未知の攻撃者や既知の攻撃者の振る舞いを識別するのに優れており、一方で、脅威インテリジェンスは既知の脅威を迅速にラベル付けしてカバーします。

Read More
August 5, 2020
|
By
Vectra

Using Vectra to Detect and Stop Maze Ransomware

Maze ransomware can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. Learn what a Maze attack progression looks like and how you can defend against these types of threats.

Read More
August 3, 2020
|
By
Tim Wade

Ferret Out a RAT: Don’t Just Build a Better Mousetrap

Learn why using AI models to look for the communication pattern of a RAT in network data, can help detect them in real-time with high-fidelity based on the behavior observed.

Read More
August 3, 2020
|
By
Tim Wade

RATを捕まえるには、何が必要なのか?

AIモデルを使用してネットワークデータからRATの通信パターンを探すことで、観察された振る舞いに基づいてリアルタイムにRATを検出する方法。

Read More
July 29, 2020
|
By
Christophe Jolly

Le secteur de la santé plus que jamais soumis à un risque majeur de cyber-sécurité

En première ligne de la pandémie de COVID-19, les professionnels de la santé chargés de nous protéger travaillent sans relâche pour prendre soin de nous. Mais comment le secteur de la santé a-t-il fait face aux cyberattaques ciblées en cette période critique ?

Read More
July 28, 2020
|
By
Vectra

Vendor Collaboration in the Cybersecurity Industry is Essential (and Our Customers Deserve It)

We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer’s security teams to further improve the agility, efficiency and efficacy of their security operations.

Read More
July 21, 2020
|
By
Matt Walmsley

Expertise That Unlocks the Potential within Your Security Operations

The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.

Read More
July 20, 2020
|
By
Tim Wade

Security Limitations of IOCs - Lessons Learned From APT29

What the recent advanced threat actor 29 shows about the security limitations of indicator of compromise and how you can defend against privileged access attacks.

Read More
July 20, 2020
|
By
Battista Cagnoni

SOC Maturity: Reactive, Proactive and Threat Hunting

Battista Cagnoni examines how you can mature your Security Operations Center (SOC) using processes for reactive threat detection and proactive threat hunting.

Read More
July 20, 2020
|
By
Tim Wade

IOC(侵害指標)のセキュリティの限界、ハッカー集団「APT29」からの教訓

「APT29」による攻撃は、セキュリティの限界と攻撃に対してどのように身を守ることができるか考える機会となりました。

Read More
July 19, 2020
|
By
Marcus Hartwig

Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. The recent Twitter Hack compromising several high-profile accounts becomes another stark example.

Read More
July 19, 2020
|
By
Marcus Hartwig

なぜ特権アクセスが不正に使用されていないかを監視することが重要なのか?

サイバー攻撃が侵入拡大を図る過程では、多くの重要情報を入手できる特権アクセスが大きな鍵となります。

Read More
July 14, 2020
|
By
Jose Malacara

Expanding Vectra Lockdown Capabilities With Defender ATP

Our integration with Microsoft Defender ATP lets you perform Host Lockdown on Microsoft Defender ATP hosts.

Read More
July 14, 2020
|
By
Jose Malacara

Defender ATPでVectra AI社のLockdown機能を拡張

Microsoft DefenderATPとの連携でCognito Detect UIからMicrosoft Defender ATPホスト上でHost Lockdownを実行することができます。

Read More
July 9, 2020
|
By
Marc Gemassmer

Vectra’s Commitment to the Channel Is Validated With the Launch of Our New Partner Program

At Vectra, our partners are integral to the way we go tomarket and we want to ensure you we are committed to the mutual success of our relationship.

Read More
July 9, 2020
|
By
Andreas Müller

Gravierende Cyber-Risiken im Gesundheitswesen

Die Umstellung des Gesundheitswesens auf die Cloud ist nicht neu. COVID-19 hat jedoch die Roadmap für die Cloud-Einführung beschleunigt und die Sicherheitsteams somit in einen eher reaktiven als proaktiven Angreifersuchmodus versetzt.

Read More
July 9, 2020
|
By
Paul Tel

Ernstige cyberrisico's in de zorg

Ze lopen altijd voorop tijdens de COVID-19-pandemie: gezondheidswerkers werken onvermoeibaar door voor ons. Maar hoe doet de zorg het in deze tijden van crisis als het gaat om gerichte cyberaanvallen?

Read More
June 30, 2020
|
By
Vectra

The Sizable Risk of Cyber Well-being in Healthcare

Healthcare’s shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.

Read More
June 29, 2020
|
By
Rohan Chitradurga

Office 365のセキュリティ、Power Automateは新しいPowerShellである 

Power AutomateはOffice 365ユーザーにとって素晴らしいですが、セキュリティ担当者にとっては脅威でもあります。

Read More
June 29, 2020
|
By
Rohan Chitradurga

Office 365 Security: Power Automate is the New PowerShell

Learn why Microsoft Power Automate is great for Office 365 users, but why it’s terrifying for security professionals.

Read More
June 24, 2020
|
By
Marcus Hartwig

MFA is Not Enough - Malicious OAuth Apps in Office 365 are Here to Stay

MFA is a great step to take, but there are always ways around preventive controls. One of the well-known MFA bypass techniques is the installation of malicious Azure/O365 OAuth apps. Learn why you need to implement detection-based solutions.

Read More
June 24, 2020
|
By
Marcus Hartwig

多要素認証(MFA)だけでは不十分、Office 365の悪質なOAuth アプリは普及し続ける

多要素認証(MFA)はセキュリティ対策の一つですが、悪意のあるAzure/O365 OAuthアプリのインストールなどの迂回する方法があります。

Read More
June 16, 2020
|
By
Jennifer Geisler

What to Know Before Reading the 2020 Gartner Market Guide for NDR

The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category.

Read More
June 9, 2020
|
By
Marcus Hartwig

MicrosoftとVectra AI社、SOCトライアド実現のために協業

Vectra AI社は、パートナーシップを結び、Microsoft Defender ATP (EDR) および Microsoft Azure Sentinel (SIEM) と深いレベルでの製品連携を行うことを発表しました。

Read More
June 9, 2020
|
By
Marcus Hartwig

Vectra and Microsoft Join Forces to Fulfill the SOC Triad

Vectra announces a partnership and deep product integration with Microsoft Defender for Endpoint (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.

Read More
May 25, 2020
|
By
Stephen Malone

ネットワークメタデータの概要と、それが必要な理由とは?

あらゆる場所でデータが溢れかえっています。その中でどのデータを保存し、また利用したらよいのでしょうか?

Read More
April 13, 2020
|
By
Jessica Couto

New Partner Training

Vectra is pleased to announce the launch of two new training certification tracks for our partners. The VPSE certification is geared toward sales engineers, while our VSP certification focuses on positioning and selling Vectra Cognito.

Read More
March 26, 2020
|
By
Stephen Malone

Using Vectra Network Metadata to Find Attacker Tools and Exploits

Attack tools and techniques can change over time, but attack behaviours remain a stable indicator of attackers within the network. Using attack behaviour as a high-fidelity signal allows you to take action quickly to stop attacks or prevent further damage.

Read More
March 26, 2020
|
By
Stephen Malone

Vectra AI社のネットワークメタデータを活用した攻撃者とエクスプロイトの検知

攻撃用のツールやテクニックは、時間とともに変化しますが、攻撃に関わる振る舞いは、ネットワーク内での攻撃者の存在を示す普遍的な指標となります。

Read More
March 25, 2020
|
By
Jonathan Barrett

Remote Work, Not Remote Control

COVID-19 has caused a sudden and immediate shift of employees who would normally work in an office to a remote location that will naturally create a shift in internal movement of network traffic. The outcome will be a change of internal network traffic patterns in which attackers could hide their own communication.

Read More
March 25, 2020
|
By
Stephen Malone

What Is Network Metadata, and Why Do I Need It?

In the era of near-total data, SOC teams and analysts can become swamped by the sheer volume. And that’s before we even get to the cost of data ingestion and storage! In this blog, we will explore the value of network metadata, and why we just can’t get this level of visibility elsewhere.

Read More
February 26, 2020
|
By
Vectra

Vectra + Sentinel One

Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.

Read More
February 25, 2020
|
By
Vectra

Cybereason Integration: Obtain Full Visibility and Faster Responses

Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today’s modern cyberattacks.

Read More
February 25, 2020
|
By
Vectra

Cybereasonとの連携:完全な可視化と素早い対応を可能に

CognitoとCybereasonの連携によって、ハイブリッドやマルチクラウド、オンプレミスなど、企業の全ての環境を可視化し、今日の最新サイバー攻撃に容易に対抗できるようになります。

Read More
February 24, 2020
|
By
Marcus Hartwig

Moving From Prevention to Detection With the Soc Visibility Triad

Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard.

Read More
February 13, 2020
|
By
Jose Malacara

Expanding the "R" in NDR: Account Lockdown

Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your SOC analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.

Read More
February 13, 2020
|
By
Jose Malacara

NDRにおける”R”(対応手段)を拡大:Account Lockdown

Vectra AI社が提供するAccount LockdownとActive Directoryを統合することで、カスタマイズ可能なアカウントをすぐ適用することができるようになります。

ネットワークではなくアカウントを無効化することで、該当アカウントへのアクセスを外部から凍結し、サービスが停止する事態を回避できます。

Read More
February 11, 2020
|
By
Vectra

Vectra SaaS Detections – Office 365

With increasingly sophisticated threats, cyber risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.

Read More
February 11, 2020
|
By
Vectra

Vectra製品のSaaS対応-Office 365

増々巧妙化する脅威の拡大に伴い、サイバーリスクは世界中の企業にとって深刻な問題となりつつあります。

多要素認証のような段階を踏んだセキュリティ手法の採用が増えているにも関わらず、40%もの企業がアカウントの乗っ取りに苦しむなど、Office 365を介したデータ侵害が際立っています。

Read More
January 9, 2020
|
By
Nathan Einwechter

DHS Cyber Agency Releases Advisory on Iranian Threats

Over the past decade, cyber operations have become intertwined with geopolitical conflict. In recent asymmetric campaigns, state-sponsored threat groups have mapped critical infrastructure, disrupted systems, held information hostage, and stolen state secrets as a form of warfare.

Read More
December 17, 2019
|
By
Marcus Hartwig

Dridex Resurfaces to Open the Door to Credential Theft

PAA enables SOC teams to monitor and defend against these types of attacks. In addition to our extensive models that detect command-and-control channels, this make the Cognito platform a powerful tool to combat evolving malware attacks against enterprises.

Read More
December 17, 2019
|
By
Vectra

認証情報を盗難のリスクに晒すDridexが再浮上

PAAを利用することで、SOCチームは、これらのタイプの攻撃を監視し防御することができます。

コマンドアンドコントロールチャネルを検出する広範なモデルが加わったことによって、Cognitoプラットフォームは、進化するマルウェア攻撃に企業が対抗するための強力なツールとなります。

Read More
December 13, 2019
|
By
Vectra

Achieving Threat Hunting Consistency with the MITRE ATT&CK Matrix

Thinking about threat hunting by using terms from the MITRE’s ATT&CK Matrix to frame the context and guide what you can and cannot see within your environment.

Read More
December 13, 2019
|
By
Vectra

MITRE ATT&CK Matrix を使用した一貫性ある脅威ハンティングの実現

不正行為者の目的、テクニック、戦略を特定することで、単独のアクティビティとしてではなく、どのような手段で攻撃者がその目的を達成しようとしているのかという全体的な観点から、脅威のハンティングを行うことが可能になります。

Read More
December 3, 2019
|
By
Vectra

Vectra Integrates AI-driven Network Threat Detection and Response With AWS VPC Ingress Routing

Vectra now integrates with Amazon Virtual Private Cloud (VPC) Ingress Routing and that our AI platform is currently available in the AWS Marketplace.

Read More
December 3, 2019
|
By
Vectra

Vectra AI社が、AI駆動型ネットワーク上の脅威検知と対応ソリューションをAWS VPC Ingress Routingと統合

企業が、ビジネス上で高い価値を持つデータやサービスをクラウドへ安全に移行し続けるためには、可能な限りサイバーリスクを低減して、システムの可視性を高めるための取り組みが不可欠です。

Read More
November 19, 2019
|
By
Vectra

Chronicle Integration: Conduct Faster, Context-driven Investigations Into Active Cyberattacks With Vectra and Chronicle

The Cognito threat detection and response platform from Vectra now seamlessly integrates AI-based threat hunting and incident response of Chronicle Backstory, a global security telemetry platform, for increased context during investigations and hunts and greater operational intelligence.

Read More
November 11, 2019
|
By
Vectra

Swimlane Integration: Automate Response and Speed Remediation With Swimlane and Vectra

That’s why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.

Read More
November 4, 2019
|
By
Vectra

Forescout Integration: Gain Real-time Visibility and Automated Response

The integration of the Cognito network detection and response platform with the Forescout device visibility and control platform provides inside-the-network threat detection and response, a critical layer of defense in today’s security infrastructure.

Read More
October 28, 2019
|
By
Vectra

Check Point Integration: Gain Continuous Threat Visibility and Enforcement

The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.

Read More
October 7, 2019
|
By
Marcus Hartwig

より詳細なネットワークの可視化を求めるゼロトラストアーキテクチャーについて、NISTが新たなガイドラインを発表

NISTは、その目的について「どんな企業もサイバーセキュリティリスクを完全に排除することはできません。ZTAを既存のサイバーセキュリティポリシーやガイダンス、ID管理やアクセス管理、継続的な監視、さらに全般的なサイバー・ハイジーンによって補完することで、全般的なリスクを軽減し、一般的な脅威から自社を保護できるようになります」としています。

Read More
October 7, 2019
|
By
Marcus Hartwig

New NIST Guidelines on Zero Trust Architecture Calls for Deeper Visibility Into the Network

According to NIST, “No enterprise can completely eliminate cybersecurity risk. When complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cyber hygiene, ZTA can reduce overall risk exposure and protect against common threats.”

Read More
October 2, 2019
|
By
Henrik Davidsson

M&A によるサイバーリスクのコントロール

企業の買収は非常に大掛かりな取り組みであり、膨大な計画と完璧な遂行が求められます。さらに時間も重要となります。買収による統合がより迅速に完了すれば、市場への価値提供もまた素早く実現できます。

Read More
September 25, 2019
|
By

RDP Attacks and the Organizations They Target

By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.

Read More
September 25, 2019
|
By

RDP 攻撃とその標的になる企業

Vectra AI社の「2019 Black Hat Edition of the Attacker Behavior Industry  Report」における分析データから、RDP の悪用が現実の世界で非常に一般化していることが分かります。Cognito プラットフォームを導入している企業の 90% が、2019年1月から 6月にかけてRDP に関する何らかの疑わしい動作があったことを指摘しています。

Read More
September 17, 2019
|
By
Vectra

Crowdstrike, Splunk and Vectra – a Powerful Triad to Find and Stop Cyberattacks

The combination of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM) allows security professionals to have coverage across threat vectors from cloud workloads to the enterprise.

Read More
September 17, 2019
|
By
Vectra

CrowdStrike、Splunk、Vectra AI社 – サイバー攻撃の検知と阻止に向けた、3社による強力な施策

セキュリティの専門家は、ネットワークの検知と対応 (NDR)、エンドポイントの検知と対応 (EDR)、ログベースの検知機能 (SIEM) を組み合わせることで、クラウドのワークロードから企業に至るまで、脅威の攻撃対象全体をカバーできるようになります。

Read More
September 16, 2019
|
By
Marcus Hartwig

Trust, but Verify (доверяй, но проверяй)

In infosec, the concept of “zero trust” has grown significantly in the last couple of years and has become a hot topic. A zero-trust architecture fundamentally distrusts all entities in a network and does not allow any access to resources until an entity has been authenticated and authorized to use that specific resource, i.e. trusted.

Read More
September 16, 2019
|
By
Marcus Hartwig

信ぜよ、されど確認せよ (Доверяй, но проверяй)

情報セキュリティの世界で使われる「ゼロトラスト」というコンセプトは、ここ数年で大きく業界内で広がり、ホットなトピックになっています。基本的にゼロトラストアーキテクチャーは、ネットワークの全エンティティを信頼せず、エンティティが特定のリソースに対するアクセスについて認証または許可を受けていない(つまり信頼されない)限り、いかなるリソースへのアクセスも許可しないというものです。

Read More
September 9, 2019
|
By
Vectra

Privileged Access Analytics

Since the early days of Vectra, we’ve been focused primarily on host devices. After all, hosts are the entities that generate the network traffic the Cognito platform analyses in looking for attacker behaviors.

Read More
September 9, 2019
|
By
Vectra

特権アクセス分析

Vectra AI社は、設立当初からホストデバイスに主眼を置いてきました。その理由は、攻撃者の行動を分析するためにCognitoプラットフォームが使用するネットワークトラフィックが、結果的にホストというエンティティで発生するからです。

Read More
August 22, 2019
|
By
Henrik Davidsson

Considerations When Selecting Your Managed Security Services Provider

The rationale behind choosing a managed security services provider (MSSP) can be numerous, but one of the primary reasons is to overcome the cybersecurity skills shortage. Finding the right talent in cybersecurity and retaining skilled professionals once they’ve been trained is very difficult.

Read More
August 22, 2019
|
By
Henrik Davidsson

マネージド・セキュリティサービスプロバイダーを選択する上での考慮点

マネージドセキュリティサービスプロバイダー(MSSP)を選択する理由は数多くありますが、主な理由の1つとして、サイバーセキュリティに関するスキル不足を補うという内容を挙げることができます。サイバーセキュリティに関する適正な能力を持つ人材を探し出し、トレーニングを行ってスキルの高い専門家に育てあげ、維持していくことは決して容易ではありません。

Read More
August 19, 2019
|
By
Marcus Hartwig

2019 Black Hat Survey: The Network Is Transforming

For the second year in a row, we conducted the Vectra superhero survey at Black Hat. The survey is a quick six-question poll that helps us understand the current cloud adoption and top-of-mind concerns of attendees.

Read More
August 12, 2019
|
By
Henrik Davidsson

Vectra and Nozomi Networks Safely Secure the It/OT Convergence

The time of separated networks – when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment – is long gone.

Read More
August 7, 2019
|
By
Vectra

Ransomware Doesn’t Discriminate. It Only Cares About Money.

Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker’s arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.

Read More
July 25, 2019
|
By
Vectra

Survival Guide: Being Secure at Black Hat 2019

Tens of thousands of hackers and security researchers congregate in Las Vegas to participate in one of the largest hacker conventions in the world. Many of them are out to hack your device and put you on the infamous Wall of Sheep.

Read More
July 23, 2019
|
By
Vectra

Notable Insights From the Gartner Market Guide for Intrusion Detection and Prevention Systems

Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems (ID: G00385800)*, written by Gartner researchers Craig Lawson and John Watts, was published. The guide describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.

Read More
July 16, 2019
|
By
Vectra

Encrypted Command and Control: Can You Really Cover Your Tracks?

Most sessions on the internet today are encrypted. By any measure, more than half of all internet traffic uses TLS to encrypt client/server communication.

Read More
July 9, 2019
|
By
Hsin Chen

Improving Threat-hunting Efficiency With the Multi-homed Attribute

In a previous blog, we spoke about the importance of security enrichments in your network metadata. These serve as the foundation for threat hunters and analysts to test and query against hypotheses during an investigative process.

Read More
June 25, 2019
|
By
Gareth Bradshaw

Securing Your AWS Workloads With Vectra Cognito

Vectra announced a close-knit development partnership with Amazon, beginning with the integration of its Cognito platform in AWS environments.

Read More
June 20, 2019
|
By
Henrik Davidsson

Accelerate Your Cybersecurity With a Managed Detection and Response Service

As a security leader, you need the most effective way forward to protect your most valuable assets, make security an integral part of your business and supporting your digitalization journey full on, and inspire the trust of the employees, customers and partners who work with you.

Read More
June 20, 2019
|
By
Vectra

Threat Behaviors in the Attack Lifecycle

There are multiple phases in an active cyberattack and each is a perilous link in a complex kill-chain that gives criminals the opportunity to spy, spread and steal critical information in native and hybrid cloud workloads and user and IoT devices.

Read More
June 18, 2019
|
By
Vectra

Comparing Vectra and Verizon Threat Research

As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.

Read More
June 10, 2019
|
By
Vectra

How to Gain Visibility Into Attacker Behaviors Inside Cloud Environments

Preventing a compromise is increasingly difficult but detecting the behaviors that occur – from command and control to data exfiltration – are not.

Read More
June 10, 2019
|
By
Hitesh Sheth

Vectra Will Keep Working to Secure the Cloud With the Just Announced $100 Million in Funding

Today, I am thrilled to share the news that Vectra has completed a $100 million Series E funding round led by TCV, one of the largest growth equity firms backing private and public technology companies.

Read More
June 4, 2019
|
By
Vectra

Tapis dans l'ombre : les cinq principaux comportements malveillants de propagation latérale

Au fil de l'évolution du paysage des menaces, l'équipe de Vectra a pu constater qu'une part importante des budgets informatiques est consacrée à renforcer les équipes de sécurité et la protection du périmètre réseau. L'objectif des entreprises est d'améliorer la détection des menaces et d'accélérer le tri des alertes.

Read More
May 27, 2019
|
By
Vectra

Die Top 5 der Vorgehensweisen beim Lateral Movement

Bei Vectra nehmen wir zurzeit wahr, wie Unternehmen als Reaktion auf die Entwicklungen in der Bedrohungslandschaft immer höhere Budgets für den Ausbau der Sicherheitsteams und die Erweiterung des Perimeter-Schutzes einsetzen. Hintergrund sind ihre Bemühungen, die Bedrohungserkennung zu verbessern und die Triage zu beschleunigen.

Read More
May 21, 2019
|
By
Vectra

Not All Data Is Created the Same

Vectra customers and security researchers respond to some of the world’s most consequential threats. And they tell us there’s a consistent set of questions they must answer when investigating any given attack scenario. Starting with an alert from Cognito Detect, another security tool, or their intuition, analysts will form a hypothesis as to what is occurring.

Read More
May 15, 2019
|
By
Rohan Chitradurga

Don’t Do It: Rolling Your Own Production Zeek Deployment

In a previous blog, we wrote about the benefits that come with Zeek-formatted metadata. This blog builds on that thread by discussing why our customers come to us as an enterprise solution to support their Zeek deployments.

Read More
May 7, 2019
|
By
Vectra

Three cornerstones of the SOC nuclear triad

Although NDR and EDR can provide perspective on this, NDR is more critical because it provides perspective where EDR cannot. For example, exploits that operate at the BIOS level of a device can subvert EDR.

Read More
April 30, 2019
|
By
Vectra

Why Network Metadata Is Just Right for Your Data Lake

The collection and storage of network metadata strikes a balance that is just right for data lakes and SIEMs. Metadata enables security operations teams to craft queries that interrogate the data and lead to deeper investigations.

Read More
April 30, 2019
|
By
Vectra

Visibilité, détection et aide à la résolution des incidents avec une architecture sans outil SIEM

Lorsqu'elles élaborent leur programme de résolution des incidents, les équipes de sécurité sont confrontées à un défi de taille : trouver le juste milieu entre l'impératif de visibilité, de détection et de résolution des incidents d'une part, et le coût et la complexité du développement et de la gestion d'un dispositif de sécurité fonctionnel et performant d'autre part.

Read More
April 25, 2019
|
By
Vectra

Apprentissage automatique : la pierre angulaire de l'analyse du trafic réseau

Imaginez un outil de sécurité qui pense exactement comme vous lui apprenez à penser, qui agit au moment opportun et selon les modalités que vous lui avez enseignées. Plus besoin d'adapter vos habitudes de travail à des règles génériques définies par quelqu'un d'autre. Plus besoin de vous demander comment pallier les failles de sécurité qui ne sont pas couvertes par ces règles.

Read More
April 25, 2019
|
By
Vectra

Maschinelles lernen: die ideale basis für network traffic analytics (NTA)

Maschinelles Lernen, der Grundstein der Network Traffic Analytics (NTA) – das ist Technik, die in Ihrem Namen agieren kann, um Ihnen bessere Einblicke in Ihre Infrastruktur zu verschaffen, um die Leistung Ihrer Bedrohungserkennung zu erhöhen und um es Ihnen zu erleichtern, wirklich kritische Bedrohungen gut zu überstehen.

Read More
April 24, 2019
|
By
Vectra

Confronting Risk and Exposure in Healthcare Networks

Attackers intent on stealing personally-identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

Read More
April 5, 2019
|
By
Vectra

Bedrohungserkennung und Response mit einer Architektur ohne SIEM

Eine der großen Herausforderungen beim Aufsetzen eines guten Incident-Response-Programms besteht darin, die notwendigen Verbesserungen bei der Netzwerk-Transparenz, der Bedrohungserkennung und einer schlagkräftigen Response gegen die Kosten und die Komplexität abzuwägen, die der Aufbau und der Betrieb eines gut einsetzbaren und effektiven Security-Stacks mit sich bringt.

Read More
April 1, 2019
|
By
Vectra

Lurking in the Shadows: Top 5 Lateral Spread Threat Behaviors

When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.

Read More
March 20, 2019
|
By
Vectra

Visibility, Detection and Response Using a SIEM-less Architecture

There is a new breed of SIEM-less security architecture that allows companies to leverage intelligent people with general IT experience to become the next-generation of security analysts.

Read More
January 26, 2019
|
By
Vectra

Machine Learning: The Cornerstone of Network Traffic Analytics (NTA)

Imagine having a security tool that thinks the way you teach it to think, that takes action when and how you have trained it to act. No more adapting your work habits to generic rules written by a third party and wondering how to fill in security gaps that the rules did not tell you about.

Read More