Organizations continue to deploy rapidly in the cloud, while security is often an afterthought. Read about the five areas that could be exposing your AWS deployments to security threats. 

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

As organizations continue to build on AWS with no sign of slowing down, it’s important to know where the security blind spots are and how to address them.

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

The rapid shift to cloud-everything left users and apps vulnerable to security threats across all environments. Andras Cser from Forrester joined Joe Malenfant and Gokul Rajagopalan from Vectra to discuss cloud trends among organizations.

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

Vectra introduces Detect for AWS, solving threat detection and response for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) environments.

Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.

Vectra AIのリサーチャーは、SolarWindsのサプライチェーンへの侵害を、最初のバックドアからデータセンターやクラウド環境での永続的なアクセスの確立に至るまで分析しました。中でも攻撃の主要なターゲットとなっているMicrosoft Office 365に焦点を当てました。

Es ist wieder an der Zeit, uns die jüngere Vergangenheit anzuschauen und in die Zukunft zu blicken und darauf, was uns das nächste Jahr in puncto Cyber-Sicherheit bringen wird.

Learn how to mitigate online shopping threats and keep your personal data safe this holiday season.

Vectra AI社のセキュリティ分析責任者であるクChris Moralesが、オンラインショッピングの脅威を軽減し、ホリデーシーズンに個人データを安全に保つ方法を紹介いたします。

Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network—except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.

With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.

Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise—ultimately reducing the risk of breach.

“Ransomware operators” are rational economic entities that have evolved their tactics to optimize their ill-gotten financial returns. Their behavior changes mean detection and response approaches must change too.

The goal of an efficient incident response process is to free-up security analyst's time to focus on higher value work that requires critical thinking. Learn how automation can be applied to a detection and response process.

Vectra research highlights how attackers are using built-in tools and services to attack Office 365. We examine two such attacks that were detected and thwarted by organizations protected by Cognito Detect for Office 365.

世界で最も利用されているSaaSアプリケーションであるOffice 365に対する攻撃についてまとめたレポートを２つのケーススタディと共にご紹介します。

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.

Vectra announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.

Attackers are using legitimate tools built into Microsoft Office 365 to perform reconnaissance, move laterally, and extend their attacks. OurSpotlight Report on Office 365 identifies what they’re up to and where you should be looking.

90日間、400万件のOffice365アカウントを観察することで、組み込みのOffice 365機能を悪用した攻撃者のテクニックに関連した疑わしくハイリスクな振る舞いを特定することができました。

Discover how maturity and capability can be defined and measured across the five stages of the maturity model based on the desired level of risk awareness.

Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.

Vectra AI社は、2020年Office 365スポットライトレポートを発表しました。レポートでは、Office365に対する主なサイバーセキュリティ攻撃についてまとめています。

A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.

Analyzing the psychology of an insider threat case is a complex task because there is little evidence and scant public data about threat incidents. Develop an improved understanding of the mind of malicious insiders with the multiple life-stage model.

Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.

What danger do malicious and negligent insiders constitute and what kind of insider threats exist? Is your organization safe? Learn to spot the two types of insider threats.

Maze ransomware can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. Learn what a Maze attack progression looks like and how you can defend against these types of threats.

We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer’s security teams to further improve the agility, efficiency and efficacy of their security operations.

The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.

Healthcare’s shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.

Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.

Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today’s modern cyberattacks.

CognitoとCybereasonの連携によって、ハイブリッドやマルチクラウド、オンプレミスなど、企業の全ての環境を可視化し、今日の最新サイバー攻撃に容易に対抗できるようになります。

With increasingly sophisticated threats, cyber-risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.

増々巧妙化する脅威の拡大に伴い、サイバーリスクは世界中の企業にとって深刻な問題となりつつあります。

多要素認証のような段階を踏んだセキュリティ手法の採用が増えているにも関わらず、40％もの企業がアカウントの乗っ取りに苦しむなど、Office 365を介したデータ侵害が際立っています。

PAAを利用することで、SOCチームは、これらのタイプの攻撃を監視し防御することができます。

コマンドアンドコントロールチャネルを検出する広範なモデルが加わったことによって、Cognitoプラットフォームは、進化するマルウェア攻撃に企業が対抗するための強力なツールとなります。

Thinking about threat hunting by using terms from the MITRE’s ATT&CK Matrix to frame the context and guide what you can and cannot see within your environment.

不正行為者の目的、テクニック、戦略を特定することで、単独のアクティビティとしてではなく、どのような手段で攻撃者がその目的を達成しようとしているのかという全体的な観点から、脅威のハンティングを行うことが可能になります。

Vectra now integrates with Amazon Virtual Private Cloud (VPC) Ingress Routing and that our AI platform is currently available in the AWS Marketplace.

企業が、ビジネス上で高い価値を持つデータやサービスをクラウドへ安全に移行し続けるためには、可能な限りサイバーリスクを低減して、システムの可視性を高めるための取り組みが不可欠です。

The Cognito threat detection and response platform from Vectra now seamlessly integrates AI-based threat hunting and incident response of Chronicle Backstory, a global security telemetry platform, for increased context during investigations and hunts and greater operational intelligence.

That’s why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.

The integration of the Cognito network detection and response platform with the Forescout device visibility and control platform provides inside-the-network threat detection and response, a critical layer of defense in today’s security infrastructure.

The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.

By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.

Vectra AI社の「2019 Black Hat Edition of the Attacker Behavior Industry  Report」における分析データから、RDP の悪用が現実の世界で非常に一般化していることが分かります。Cognito プラットフォームを導入している企業の 90％ が、2019年1月から 6月にかけてRDP に関する何らかの疑わしい動作があったことを指摘しています。

The combination of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM) allows security professionals to have coverage across threat vectors from cloud workloads to the enterprise.

セキュリティの専門家は、ネットワークの検知と対応 (NDR)、エンドポイントの検知と対応 (EDR)、ログベースの検知機能 (SIEM) を組み合わせることで、クラウドのワークロードから企業に至るまで、脅威の攻撃対象全体をカバーできるようになります。

Since the early days of Vectra, we’ve been focused primarily on host devices. After all, hosts are the entities that generate the network traffic the Cognito platform analyses in looking for attacker behaviors.

Vectra AI社は、設立当初からホストデバイスに主眼を置いてきました。その理由は、攻撃者の行動を分析するためにCognitoプラットフォームが使用するネットワークトラフィックが、結果的にホストというエンティティで発生するからです。

Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker’s arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.

Tens of thousands of hackers and security researchers congregate in Las Vegas to participate in one of the largest hacker conventions in the world. Many of them are out to hack your device and put you on the infamous Wall of Sheep.

Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems that describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.

Most sessions on the internet today are encrypted. By any measure, more than half of all internet traffic uses TLS to encrypt client/server communication.

There are multiple phases in an active cyberattack and each is a perilous link in a complex kill-chain that gives criminals the opportunity to spy, spread and steal critical information in native and hybrid cloud workloads and user and IoT devices.

As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.

Au fil de l'évolution du paysage des menaces, l'équipe de Vectra a pu constater qu'une part importante des budgets informatiques est consacrée à renforcer les équipes de sécurité et la protection du périmètre réseau. L'objectif des entreprises est d'améliorer la détection des menaces et d'accélérer le tri des alertes.

Bei Vectra nehmen wir zurzeit wahr, wie Unternehmen als Reaktion auf die Entwicklungen in der Bedrohungslandschaft immer höhere Budgets für den Ausbau der Sicherheitsteams und die Erweiterung des Perimeter-Schutzes einsetzen. Hintergrund sind ihre Bemühungen, die Bedrohungserkennung zu verbessern und die Triage zu beschleunigen.

Vectra customers and security researchers respond to some of the world’s most consequential threats. And they tell us there’s a consistent set of questions they must answer when investigating any given attack scenario. Starting with an alert from Cognito Detect, another security tool, or their intuition, analysts will form a hypothesis as to what is occurring.

Although NDR and EDR can provide perspective on this, NDR is more critical because it provides perspective where EDR cannot. For example, exploits that operate at the BIOS level of a device can subvert EDR.

The collection and storage of network metadata strikes a balance that is just right for data lakes and SIEMs. Metadata enables security operations teams to craft queries that interrogate the data and lead to deeper investigations.

Lorsqu'elles élaborent leur programme de résolution des incidents, les équipes de sécurité sont confrontées à un défi de taille : trouver le juste milieu entre l'impératif de visibilité, de détection et de résolution des incidents d'une part, et le coût et la complexité du développement et de la gestion d'un dispositif de sécurité fonctionnel et performant d'autre part.

Imaginez un outil de sécurité qui pense exactement comme vous lui apprenez à penser, qui agit au moment opportun et selon les modalités que vous lui avez enseignées. Plus besoin d'adapter vos habitudes de travail à des règles génériques définies par quelqu'un d'autre. Plus besoin de vous demander comment pallier les failles de sécurité qui ne sont pas couvertes par ces règles.

Maschinelles Lernen, der Grundstein der Network Traffic Analytics (NTA) – das ist Technik, die in Ihrem Namen agieren kann, um Ihnen bessere Einblicke in Ihre Infrastruktur zu verschaffen, um die Leistung Ihrer Bedrohungserkennung zu erhöhen und um es Ihnen zu erleichtern, wirklich kritische Bedrohungen gut zu überstehen.

Eine der großen Herausforderungen beim Aufsetzen eines guten Incident-Response-Programms besteht darin, die notwendigen Verbesserungen bei der Netzwerk-Transparenz, der Bedrohungserkennung und einer schlagkräftigen Response gegen die Kosten und die Komplexität abzuwägen, die der Aufbau und der Betrieb eines gut einsetzbaren und effektiven Security-Stacks mit sich bringt.

When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.

There is a new breed of SIEM-less security architecture that allows companies to leverage intelligent people with general IT experience to become the next-generation of security analysts.

The United States has not been hit by a paralyzing cyberattack on critical infrastructure like the one that sidelined Ukraine in 2015. That attack disabled Ukraine's power grid, leaving more than 700,000 people in the dark.

La conférence BlackHat est formidable. Il n'existe pas de meilleur endroit pour découvrir la réalité de notre secteur, notamment ce qui préoccupe vraiment les professionnels de la sécurité des informations. Comme nous voulons toujours être en phase avec nos clients, il nous a semblé que la conférence BlackHat offrait l'occasion idéale de leur demander ce qui leur importe.

Nous avons mené l'enquête

Pour mieux comprendre ce qui compte pour nos clients, nous avons mené une simple enquête axée sur quatre questions à la conférenceBlack Hat.

We love Black Hat. It’s the best place to learn what information security practitioners really care about and what is the truth of our industry. Because we want to always be relevant to customers, we figured Black Hat is an ideal event to ask what matters.

Recently, Vectra published the 2018 Black Hat Edition of the Attacker Behavior Industry Report, which covers the period from January through June 2018. While there are plenty of threat-research reports out there, this one offers unique insights about real-world cyberattacker behaviors found in cloud, data center and enterprise networks.

Recently, we made an alarming discovery: hackers are using hidden tunnels to break into and steal from financial services firms! Clearly, this is serious business if it involves bad guys targeting massive amounts of money and private information. But what exactly are we dealing with? Let’s dig into what hidden tunnels are and how I find them to uncover the answer.

Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you’re an analyst, you probably have some incredible skills but are being held back by tedious, manual work.

Während 2017 noch Ransomware-Attacken wie NotPetya und WannaCry die Schlagzeilen beherrschten und den Angreifern eine Menge Geld einbrachten, nahm still und leise bereits das Krypto-Mining Fahrt auf – der Thronfolger der Ransomware, wenn es um opportunistische Verhaltensauffälligkeiten in IT-Netzen geht, mit denen Cyberkriminelle finanziellen Gewinn erzielen wollen.

Der unten wiedergegebene Reddit-Post zeigt recht anschaulich, in welchem Maße das Krypto-Mining für die Universitäten heute ein Problem darstellt. In einigen Fällen setzen geschäftstüchtige Studenten High-End-Computer fürs Mining ein, in anderen Fällen starten sie eine ganze Armee von Botnets zum selben Zweck.

While ransomware attacks like NotPetya and WannaCry were making headlines (and money) in 2017, cryptocurrency mining was quietly gaining strength as the heir apparent when it comes to opportunistic behaviors for monetary gain.

Zeit ist Geld im Kampf gegen Cyber-Attacken. Dem Ponemon-Institut zufolge liegen die mit einer Verletzung der Informationssicherheit verbundenen Kosten im Mittel bei 3,62 Millionen Dollar. Schafft man es, die Zeit bis zur Erkennung und Eindämmung eines Incidents zu reduzieren, lassen sich diese Aufwände signifikant verringern oder möglicherweise sogar verhindern.

Der Reifegrad und die Effektivität sind zwei der wichtigsten Maßeinheiten für die Leistungsfähigkeit eines SOCs. Die Reife gibt dabei an, welches Entwicklungsniveau ein Unternehmen in Bezug auf seinen Ansatz zum Management von Cyber-Security-Risiken erreicht hat, wobei dies den Grad des Bewusstseins für Risiken und Bedrohungen, die Reproduzierbarkeit erprobter Prozesse und die Anpassungsfähigkeit an neue Bedrohungen einschließt. Der Faktor Effektivität bestimmt, wie gut ein SOC einen Incident erkennt und bekämpft, sobald er eintritt.

Im meinem letzten Blogbeitrag habe ich über einen Kunden aus der Finanzbranche und seine Pen-Tests geschrieben und berichtet, wie ich dem Abwehrteam (Blue Team) half, das Team der Angreifer (Red Team) auf frischer Tat zu ertappen.

Dans mon dernier article, j'ai évoqué un test d'intrusion réalisé par un client du secteur financier. À cette occasion, j'ai expliqué comment j'avais aidé l'équipe de sécurité à détecter la présence d'une menace. Je vous reviens aujourd'hui avec un nouvel exercice de terrain.

In my last blog, I spoke about a financial customer performing pen testing and how I helped the blue team detect the red team as it carried-out an attack. I’m back again today with another story from the trenches.

Vectra®est le seul éditeur qualifié de «visionnaire» dans le Magic Quadrant2018 de Gartner, dans la catégorie Systèmes de détection et de prévention des intrusions (IDPS).

Gartner hat Vectra® kürzlich als den einzigen „Visionär“ in seinem Magic Quadrant 2018 für Intrusion-Detection- und -Prevention-Systeme (IDPS) positioniert.

Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS.

The random forest (RF) model, first proposed by Tin Kam Ho in 1995, is a subclass of ensemble learning methods that is applied to classification and regression. An ensemble method constructs a set of classifiers—a group of decision trees, in the case of RF—and determines the label for each data instance by taking the weighted average of each classifier’s output.

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Integration decreases cost and increases effectiveness. For this reason, Vectra is adaptive by design. Everything we do considers how to help our customers be more efficient and faster at fighting attacks. Sometimes it involves determining where to deliver sophisticated threat intelligence beyond the Vectra. Working with Splunk is a great example of this integration.

In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies. During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls. But as we now know, and industry research firms have stated, they aren’t enough to adequately deal with today’s threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

In the Information Security (InfoSec) community, AI is commonly seen as a savior—an application of technology that will allow businesses to more rapidly identify and mitigate threats, without having to add more humans. That human factor is commonly seen as a business inhibitor as the necessary skills and experience are both costly and difficult to obtain.

This is a prediction made by Gartner analyst Avivah Litan in her latest blog entry, The Disappearing UEBA Market. Of course it caught our attention here at Vectra. We are not a standalone UEBA company, nor do we want to be. First and foremost, we are an AI company that empowers threat hunters. But we often find ourselves in this discussion with people who believe UEBA alone will solve the world's problems (and possibly make coffee in the morning, too).

Enterprises have a strategy to encrypt everything. With this encryption however, attempts to perform SSL decryption mean there will be large volumes of encrypted data to process.

Vectra Threat Labs researchers have uncovered the activities of a group of individuals currently engaged in targeted attacks against entities in the Middle East. These attacks are themed around Middle Eastern political issues and the motivation appears to relate to espionage, as opposed to opportunistic or criminal intentions.

Sitting at the edge of the network and rarely configured or monitored for active compromise, the firewall today is a vulnerable target for persistent and targeted attacks.

Security researchers with Vectra Threat Labs recently uncovered a critical vulnerability affecting all versions of Microsoft Windows reaching all the way back to Windows 95. The vulnerability allows an attacker to execute code at system level either over a local network or the Internet. As a result, attackers could use this vulnerability both to infect an end-user from the Internet, and then spread through the internal network.

Ransomware is clearly the scourge of 2016. Every week there is a new and notable enterprise-level outbreak of this insidious class of malware—crippling and extorting an ever widening array of organizations.

‍