Asking the right questions to your vendor is critical to dissociate the trendy marketing wording from reality. Asking questions such as "What type of machine learning algorithms does your product use?" will help. Discover the top nine questions we think you should ask.
Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.
The rapid shift to cloud-everything left users and apps vulnerable to security threats across all environments. Andras Cser from Forrester joined Joe Malenfant and Gokul Rajagopalan from Vectra to discuss cloud trends among organizations.
5 Things to Know about DarkSide & Other Ransomware as a Service Groups
DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.
SUNBURST Highlights: How Current User Access Models Allowed World's Largest Supply Chain Attack
Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.
Jessica Couto Recognized as 2021 CRN Channel Chief
CRN® has named Jessica Couto, VP of Channel, Americas, at Vectra AI, to its 2021 list of Channel Chiefs. The prestigious CRN® Channel Chiefs list, released annually, recognizes prominent leaders that demonstrates exceptional leadership, vision, and commitment to their channel partner programs.
How to Track Attackers as They Move to Your Network from the Cloud
Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network-except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.
How Attackers Use Business Email to Compromise Office 365
With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.
Protecting Cloud Users and Data Across the Entire Network with Expanded Cloud Services
Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise-ultimately reducing the risk of breach.
The Business of Ransomware is Changing—Detection and Response Needs to Change Too
"Ransomware operators" are rational economic entities that have evolved their tactics to optimize their ill-gotten financial returns. Their behavior changes mean detection and response approaches must change too.
The goal of an efficient incident response process is to free-up security analyst's time to focus on higher value work that requires critical thinking. Learn how automation can be applied to a detection and response process.
A Tale of Two Attacks: Shining a Security Spotlight on Microsoft Office 365
Vectra research highlights how attackers are using built-in tools and services to attack Office 365. We examine two such attacks that were detected and thwarted by organizations protected by Cognito Detect for Office 365.
When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.
The Office 365 Tools and Open Services Attackers Love to Use
Attackers areusing legitimate toolsbuiltintoMicrosoft Office 365toperform reconnaissance, move laterally,and extend their attacks. OurSpotlightReport on Office 365 identifies whatthey're up to and where you should be looking.
Vectra and CrowdStrike Turn the Tables on Cyberattackers
Learn more about how Vectra's new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.
A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.
Analyzing the psychology of an insider threat case is a complex task because there is little evidence and scant public data about threat incidents. Develop an improved understanding of the mind of malicious insiders with the multiple life-stage model.
Insider Threats: What to Look For and How to Respond
Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.
Maze ransomware can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. Learn what a Maze attack progression looks like and how you can defend against these types of threats.
Vendor Collaboration in the Cybersecurity Industry is Essential (and Our Customers Deserve It)
We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer's security teams to further improve the agility, efficiency and efficacy of their security operations.
Expertise That Unlocks the Potential within Your Security Operations
The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.
The Sizable Risk of Cyber Well-being in Healthcare
Healthcare's shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.
What to Know Before Reading the 2020 Gartner Market Guide for NDR
The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category.
Vectra is pleased to announce the launch of two new training certification tracks for our partners. The VPSE certification is geared toward sales engineers, while our VSP certification focuses on positioning and selling Vectra Cognito.
Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.
Cybereason Integration: Obtain Full Visibility and Faster Responses
Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today's modern cyberattacks.
With increasingly sophisticated threats,cyber-risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.
Conduct Faster, Context-driven Investigations into Active Cyberattacks with Vectra and Chronicle
The Cognito threat detection and response platform from Vectra now seamlessly integrates AI-based threat hunting and incident response of Chronicle Backstory, a global security telemetry platform, for increased context during investigations and hunts and greater operational intelligence.
Automate Response and Speed Remediation with Swimlane and Vectra
That's why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.
Forescout Integration: Gain Real-time Visibility and Automated Response
The integration of the Cognito network detection and response platform with the Forescout device visibility and control platform provides inside-the-network threat detection and response, a critical layer of defense in today's security infrastructure.
Check Point Integration: Gain Continuous Threat Visibility and Enforcement
The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.
By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.
CrowdStrike, Splunk and Vectra—a Powerful Triad to Find and Stop Cyberattacks
The combination of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM) allows security professionals to have coverage across threat vectors from cloud workloads to the enterprise.
Ransomware Doesn’t Discriminate. It Only Cares about Money.
Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker's arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.
Tens of thousands of hackers and security researchers congregate in Las Vegas to participate in one of the largest hacker conventions in the world. Many of them are out to hack your device and put you on the infamous Wall of Sheep.
Notable Insights from the Gartner Market Guide for Intrusion Detection and Prevention Systems
Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems that describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.
There are multiple phases in an active cyberattack and each is a perilous link in a complex kill-chain that gives criminals the opportunity to spy, spread and steal critical information in native and hybrid cloud workloads and user and IoT devices.
As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.
Vectra customers and security researchers respond to some of the world's most consequential threats. And they tell us there's a consistent set of questions they must answer when investigating any given attack scenario. Starting with an alert from Cognito Detect, another security tool, or their intuition, analysts will form a hypothesis as to what is occurring.
Although NDR and EDR can provide perspective on this, NDR is more critical because it provides perspective where EDR cannot. For example, exploits that operate at the BIOS level of a device can subvert EDR.
Why Network Metadata Is Just Right for Your Data Lake
The collection and storage of network metadata strikes a balance that is just right for data lakes and SIEMs. Metadata enables security operations teams to craft queries that interrogate the data and lead to deeper investigations.
Lurking in the Shadows: Top 5 Lateral Spread Threat Behaviors
When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.
Most Attacks Against Energy and Utilities Occur in the Enterprise IT Network
The United States has not been hit by a paralyzing cyberattack on critical infrastructure like the one that sidelined Ukraine in 2015. That attack disabled Ukraine's power grid, leaving more than 700,000 people in the dark.
2018 Black Hat Superpower Survey: It's About Time and Talent
We love Black Hat. It's the best place to learn what information security practitioners really care about and what is the truth of our industry. Because we want to always be relevant to customers, we figured Black Hat is an ideal event to ask what matters.
Cyberattack Detections from More Than 250 Vectra Customers
Recently, Vectra published the 2018 Black Hat Edition of the Attacker Behavior Industry Report, which covers the period from January through June 2018. While there are plenty of threat-research reports out there, this one offers unique insights about real-world cyberattacker behaviors found in cloud, data center and enterprise networks.
Breaking Ground: Understanding and Identifying Hidden Tunnels
Recently, we made an alarming discovery: hackers are using hidden tunnels to break into and steal from financial services firms! Clearly, this is serious business if it involves bad guys targeting massive amounts of money and private information. But what exactly are we dealing with? Let's dig into what hidden tunnels are and how I find them to uncover the answer.
Giving Incident Responders Deeper Context About What Happened
Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you're an analyst, you probably have some incredible skills but are being held back by tedious, manual work.
The Alarming Surge in Cryptocurrency Mining on College Campuses
While ransomware attacks like NotPetya and WannaCry were making headlines (and money) in 2017, cryptocurrency mining was quietly gaining strength as the heir apparent when it comes to opportunistic behaviors for monetary gain.
Attackers Can Use Your Admin Tools to Spy, Spread, and Steal
In my last blog, I spoke about a financial customer performing pen testing and how I helped the blue team detect the red team as it carried-out an attack. I'm back again today with another story from the trenches.
Vectra Is Positioned as the Sole Visionary in the 2018 Gartner Magic Quadrant for IDPS
Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS.
The random forest (RF) model, first proposed by Tin Kam Ho in 1995, is a subclass of ensemble learning methods that is applied to classification and regression. An ensemble method constructs a set of classifiers-a group of decision trees, in the case of RF-and determines the label for each data instance by taking the weighted average of each classifier's output.
A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.
Splunk Integration: A Deep Dive into the Adaptive Security Architecture
Integration decreases cost and increases effectiveness. For this reason, Vectra is adaptive by design. Everything we do considers how to help our customers be more efficient and faster at fighting attacks. Sometimes it involves determining where to deliver sophisticated threat intelligence beyond the Vectra. Working with Splunk is a great example of this integration.
In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies. During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.
What’s an Adaptive Security Architecture and Why Do You Need It?
As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls. But as we now know, and industry research firms have stated, they aren't enough to adequately deal with today's threat environment, which is flooded by a dizzy array of advanced and targeted attacks.
In the Information Security (InfoSec) community, AI is commonly seen as a savior-an application of technology that will allow businesses to more rapidly identify and mitigate threats, without having to add more humans. That human factor is commonly seen as a business inhibitor as the necessary skills and experience are both costly and difficult to obtain.
This is a prediction made by Gartner analyst Avivah Litan in her latest blog entry, The Disappearing UEBA Market. Of course it caught our attention here at Vectra. We are not a standalone UEBA company, nor do we want to be. First and foremost, we are an AI company that empowers threat hunters. But we often find ourselves in this discussion with people who believe UEBA alone will solve the world's problems (and possibly make coffee in the morning, too).
Vectra Threat Labs researchers have uncovered the activities of a group of individuals currently engaged in targeted attacks against entities in the Middle East. These attacks are themed around Middle Eastern political issues and the motivation appears to relate to espionage, as opposed to opportunistic or criminal intentions.
The New Vulnerability that Creates a Dangerous Watering Hole in Your Network
Security researchers with Vectra Threat Labs recently uncovered a critical vulnerability affecting all versions of <a href="https://www.vectra.ai/news/vectra-networks-discovers-critical-microsoft-windows-vulnerability-that-allows-printer-watering-hole-attacks-to-spread-malware">Microsoft Windows</a> reaching all the way back to Windows 95. The vulnerability allows an attacker to execute code at system level either over a local network or the Internet. As a result, attackers could use this vulnerability both to infect an end-user from the Internet, and then spread through the internal network.
Ransomware is clearly the scourge of 2016. Every week there is a new and notable enterprise-level outbreak of this insidious class of malware-crippling and extorting an ever widening array of organizations.
In light of Apple's response to the FBI's request to gain access to San Bernardino shooter Syed Farook's iPhone, it appears that there is some confusion in the connection of this request from the FBI with the bigger government debate on providing backdoors and encryption.
The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren't probing your network, then they're diligently recording and cataloguing everything they've found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other.
Reports of successful hacks against Internet of Things (IoT) devices have been on the rise. Most of these efforts have involved demonstrating how to gain access to such a device or to break through its security barrier.
The need to block threats within milliseconds locks IDS/IPS into using signatures for detections. While signatures can detect a wide variety of threats, they rely on the fast-pattern-matching of known threats.
Recently, it came to our attention that HP DVLabs has uncovered at least tenvulnerabilitiesin the Belkin N300 Dual-Band Wi-Fi Range Extender (F9K1111). As this is the first update issued for the F9K1111 and there were not any public triggers for the vulnerabilities, we thought it would be interesting to take a deeper look.
Recently, Kasperky Labs disclosed that it was the victim of a sophisticated cyber attack, which they have named Duqu 2.0. The team at Kaspersky Labs has published a detailed analysis of Duqu 2.0 and it's definitely worth a read.
Updated June 3, 2015 11:00 AM(see details)Recently a popular privacy and unblocker application known as Hola has been gaining attention from the security community for a variety of vulnerabilities and highly questionable practices that allow the service to essentially behave as a botnet-for-hire through its sister service called Luminati. Vectra researchers have been looking into this application after observing it in customer networks over the past several weeks, and the results are both intriguing and troubling. In addition to its various botnet-enabling functions that are now part of the public record, the Hola application contains a variety of features that make it an ideal platform for executing targeted cyber attacks.
Automate Detection of Cyberthreats in Real Time. Why Wait?
Time is a big expense when it comes to detecting cyber threats and malware. The proliferation of new malware variants makes it impossible to detect and prevent zero-day threats inreal-time. Sandboxing takes at least 30 minutes to analyze a file and deliver a signature-and by then, threats will have spread to many more endpoints.
Security breaches did not stop making headlines in recent months, and while hackers still go after credit card data, the trends goes towards richer data records and exploiting various key assets inside an organization. As a consequence, organizations need to develop new schemes to identify and track key information assets.The biggest recent breach in the financial industry occurred at JP Morgan Chase, with an estimated 76 million customer records and another 8 million records belonging to businesses stolen from several internal servers. At Morgan Stanley, an employee of the company's wealth management group was fired after information from up to 10% of Morgan Stanley's wealthiest clientele was leaked. Even more sensitive was the largest health-care breach thus far: at Anthem, over 80 million records containing personally identifiable information (PII) including social security numbers were exposed. Less well-known, but potentially more costly in terms of damage and litigation is the alleged theft of trade secrets by the former CEO of Chesapeake's Energy (NYSE: CHK).
Insider Attacks Pose a Serious Threat to Critical U.S. Infrastructure
While the insider threat in government agencies and big companies is a known problem with somewhat implemented mitigation strategies, less is known about the insider threat to critical US infrastructure, such as water purification or nuclear power plants.
On June 6th, Forbes reporter Kashmir Hill wrote about an NSF researcher who misused NSF-funded supercomputing resources to mine Bitcoin valued between $8,000 and $10,000. The article points to a student at London Imperial College and a researcher at Harvard University who are also alleged to have used their University's computers to mine a similar virtual currency called Dogecoin.