Welcome to the
Vectra Blog

Ransomware. It is the new digital bogeyman. In the UAE, an industry survey from June 2021showed the extent to which the country (and by implication, the wider region)has been subjected to ransomware. Some 37% of respondents said they had beenvictims in the previous two years. A staggering 84% elected to pay the ransom, only for most of them — 90% of those who paid — to suffer from second attacksthat often came from the same bad actors.

‍

Vectra Detect cybersecurity solution is purpose-built to detect and stop ransomware attacks. The agentless and AI-driven Cognito Platform sees and stops ransomware before it can encrypt files and exfiltrate data by automatically detecting attacker behavior.

Stopping ransomware requires a new way of thinking. See why you can’t only rely on legacy tools to keep your organization safe, but rather how you can leverage AI to detect when this invasive threat enters your cloud.

Organizations continue to deploy rapidly in the cloud, while security is often an afterthought. Read about the five areas that could be exposing your AWS deployments to security threats. 

Hear cloud security experts from Splunk and Vectra explain how digital transformation has drastically changed security and why organizations need to adapt.

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

As organizations continue to build on AWS with no sign of slowing down, it’s important to know where the security blind spots are and how to address them.

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

Microsoft partners with Vectra to deliver Zero Trust security framework to provide analytics and mitigate threats emerging from distributed and hybrid-remote workforces.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

After obsessing for years over pushing the limits with AI to detect cyberattacker behavior, Vectra is proud to hold the most patents referenced in MITRE D3FEND.

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you’re only as secure as your provider.

Vectra is key contributor to new CEPS Report on the Technology, Governance and Policy Challenges of AI and Cybersecurity and supports Vectra’s mission to make the world a safer and fairer place.

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

Vectra is honored to be named Cloud Security/SaaS Disruptor Company of the Year with a Gold Globee® Award in the Annual 2021 Awards.

The rapid shift to cloud-everything left users and apps vulnerable to security threats across all environments. Andras Cser from Forrester joined Joe Malenfant and Gokul Rajagopalan from Vectra to discuss cloud trends among organizations.

Vectra AI社は先日、クラウドセキュリティに関する賞である「Globee 2021Disruptor Company Award for Security Cloud/SaaS」を受賞いたしました。

As SOC 1.0 remains the norm for many organizations, this way of doing things does have its challenges. See why more organizations are updating their approach in an effort to spot attacks faster while benefiting from a cost savings.

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

Vectra introduces Detect for AWS, solving threat detection and response for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) environments.

What makes threat detection so challenging? We answer that question and provide the expert insight around our latest Spotlight Report—Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365.

As cloud adoption continues to accelerate, the evolution of the next generation of modern attacks will traverse through and towards an enterprise’s cloud control plane. Learn why this risk should not be underestimated.

Supply chain attacks represent an appealing opportunity for attackers. See why this type of attack is gaining in popularity and what defenders need to know to keep their organization safe.

なぜ攻撃者はサプライチェーン攻撃を行うのでしょうか？現在どのような攻撃や侵害に注目が集まっているのか、さらに組織を守るには何が必要なのかご紹介します。

In our latest Spotlight Report, see how the Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behavior that is abnormal or unsafe across their environments.

最新のスポットライトレポートでは、MicrosoftのAzure ADとOffice365で見られる脅威トップ10によって、環境全体においてセキュリティチームが異常もしくは安全と判断する方法を紹介しています。

We’re excited to announce a new integration with Zscaler! Find out how this integration with Cognito Detect provides end-to-end access visibility and protection for remote workers and business-critical applications.

Just a week after the Colonial Pipeline was shut down due to ransomware—attackers are at it again. It’s now being reported that Ireland’s health service shut down its IT systems and a company in Germany had to fork out a $4.4 million ransom on the same day.

Cyberattacks are hitting the headlines around the world and there seems to be no end to the noise the attacks are making. We dive into what an organisation should do to stay breached.

The Vectra Cognito Azure AD Privilege Anomaly Detection is a radical step forward when detecting account takeover events targeting Azure AD to gain access to mission-critical SaaS applications. With it, teams are alerted, and attacks can be stopped before they cause harm.

Every year, this global retail giant in the beauty industry failed to pass red team exercises—until they deployed Vectra. Get the full story on how they use the Cognito platform to pass Red Team testing and ensure the overall security of its data.

Network and endpoint defense technologies will have to either rapidly update signatures or use other investigative ways to detect command and control (C2). Uncover how threat actors evade security tools to execute C2 techniques to learn about what you should look for.

We’re excited to announce extended EDR native integration support in the Cognito platform! Find out how you can benefit from these simple, seamless integrations for comprehensive coverage across the enterprise, IoT devices, hybrid cloud, and cloud environments.

平等性と包摂性は、Vectra AIにとって文化の重要な要素です。今年の国際女性デーは、サイバーセキュリティ業界の女性を祝福するとともに、この業界での可能性についてお伝えしたいと思います。

For us as Vectra, equality and inclusivity are key components of our culture. This International Women's Day, we want to celebrate the women in cybersecurity and highlight the opportunities available in the industry.

Find out how Vectra’s native integrations with Microsoft and AWS enable security teams to automatically contain events directly from the Cognito platform.

Vectra is honored to receive recognition from CRN by honoring the Vectra Partner Program with its prestigious 5-Star Partner Program Rating. We couldn’t be more thrilled about this award and our amazing partner community.

Account takeovers and identity-based attacks are on the rise, with Microsoft Office 365 at the heart of these threats. Find out what concerns are top of mind for IT decision makers when it comes to Office 365 security and protecting data in the cloud.

アカウントの乗っ取りとアイデンティティベース攻撃が増加しており、その中心にOffice 365があります。Office 365およびクラウド上のデータ保護の分野において現在、ITの責任者が懸念としてあげている問題についてご紹介します。

Speed is a key ingredient to successful containment but switching between security solutions find the host or policy you want and applying it all takes time. Vectra enables security teams to enforce directly in the platform, saving valuable time for security operations.

Despite 71% of organizations suffering malicious SaaS account takeover, 90% are still accelerating cloud adoption. Surprising? Maybe not – read on as this blog distills the takeaways from mid-sized and large Office 365 enterprises.

We’re excited to announce that Detect and Recall have successfully achieved SOC 2 Type 2 compliance. Find out how this milestone further ensures the security and confidentiality of our customers’ and partners’ data.

Announcing extended coverage of Vectra in your entire AWS cloud footprint using the new AWS traffic mirroring capabilities on EC2 instances based on the popular Xen platform.

The Hafnium campaign is targeting Microsoft Exchange Servers by leveraging several zero-day exploits and allows attackers to bypass authentication, including MFA to access e-mail accounts. Read more about hot to detect and stop the attack with Vectra Cognito.

Security leaders need to measure success, but too often the exercise focuses more on the absence of failure than the presence of success. Here’s three practical guideposts to achieve meaningful organizational security.

ビジネスにおいてセキュリティとテクノロジーの担当者は、セキュリティ対策の効果の成功度合いを測定する必要があります。ただ、多くの場合、成功の有無よりも失敗の有無に焦点が当てられています。組織のセキュリティにおいて実践可能な具体的な指針をご紹介します。

Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.

Vectra AIのリサーチャーは、SolarWindsのサプライチェーンへの侵害を、最初のバックドアからデータセンターやクラウド環境での永続的なアクセスの確立に至るまで分析しました。中でも攻撃の主要なターゲットとなっているMicrosoft Office 365に焦点を当てました。

Vectra announces extended support for Azure AD in Cognito Detect for Office 365. Find out how this increased coverage can secure users’ cloud identities and reduce consequences of supply chain attacks.

Pendant la pandémie, les pirates ont profité des informations sur le COVID-19. Découvrez comment un message LinkedIn ordinaire a déclenché une réaction en chaîne qui a conduit à une attaque généralisée et astucieuse contre l'une des principales sociétés pharmaceutiques.

Während der Pandemie haben Hacker Informationen über COVID-19 genützt. Finden Sie heraus, wie eine gewöhnliche LinkedIn-Nachricht eine Kettenreaktion auslöste, die zu einem weit verbreiteten, raffinierten Angriff auf eines der weltweit führenden Pharmaunternehmen führte.

CRN® has named Jessica Couto, VP of Channel, Americas, at Vectra AI, to its 2021 list of Channel Chiefs. The prestigious CRN® Channel Chiefs list, released annually, recognizes prominent leaders that demonstrates exceptional leadership, vision, and commitment to their channel partner programs.

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.

単一のAzureADアカウントを侵害することで、攻撃者はMicrosoftOffice 365を含む複数のSaaSアプリケーションにまたがる大量のデータにアクセスすることができてしまうことをSolarWindsへの攻撃から学んだかと思います。AzureADへの侵害をどのように検知および対応できるのかご紹介します。

The pandemic has made threat actors eager to exploit information about COVID-19. Find out how an ordinary LinkedIn message set off a chain reaction that escalated into a widespread, sophisticated attack at one of the world's leading pharmaceutical companies.

Learn how Command and Control (C2) frameworks are continuing to evolve in order to evade detection. Here we will examine a method known as JA3 signature randomization.

In 2020 we got a glimpse of just how much AI is beginning to penetrate everyday life. However, practical applications raise important questions about the ethical use of AI. In this blog, we reflect on the biggest stories in AI from last year.

2020年は、AIが日常生活に浸透し始めていることを垣間見ることができた年と言えます。AIが現実世界で使われるということは、AIの倫理的な利用についても検討する必要が出てきます。AIにおいて2020年で最も話題となったGPT-3をご紹介します。

Learn from Vectra CRO, Marc Gemassmer, what makes the SolarWinds hack unique from other breaches and how network detection and response can help remediate similar attacks in the future.

SolarWindsに関する侵害の特徴と、今回のような攻撃に対してネットワークの検知と対応（NDR）は何ができるのかを VectraAI社のCRO、Marc Gemassmerが紹介いたします。

Learn why a successful implementation of a Zero Trust Architecture requires a modern network detection and response solution that can collect metadata about encrypted traffic—without relying on the overhead of agents.

Es ist wieder an der Zeit, uns die jüngere Vergangenheit anzuschauen und in die Zukunft zu blicken und darauf, was uns das nächste Jahr in puncto Cyber-Sicherheit bringen wird.

As our reliance on technology grows, so does the need for robust cybersecurity to protect users and keep data and business operations safe.

テクノロジーへの依存度が飛躍的に高まるにつれ、ユーザーを保護し、ハッカーからデータとビジネスを安全に保つための強固なサイバーセキュリティの必要性も高まっています。

‍

The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.

Office365ユーザーやその他の類似プラットフォームを標的とした脅威の数は、2021年も増加し続けることは間違いありません。SaaSを使うことから生まれるリスクへの回避方法をVectraAI社のCTO OliverTavakoliが解説します。

Discover step-by-step how Vectra identified early indicators of a ransomware attack and prevented the encryption of network file share in this blog.

With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.

昨年2020年12月31日を持って、Adobe Flashは正式にサポート終了を迎えました。サポート終了後もFlashの使用を続けると、悪意を持つものにとって恰好の攻撃の対象となり得ます。Vectra AI社の製品を使いFlashの使用状況を簡単に追跡する方法をご紹介します。

Discover how the new security insights feature in the Vectra Cognito network detection and response platform eliminates the need for analysts to pivot between tools and provides additional insights related to attacker detections.

Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.

SolarWinds社のOrionsを介した攻撃について知っておくべきこと、そして今回の攻撃どのように展開されたのか、そしてクラウド上のユーザーを監視することが企業を保護するために不可欠である理由をご説明します。

Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Learn how to mitigate online shopping threats and keep your personal data safe this holiday season.

Vectra AI社のセキュリティ分析責任者であるクChris Moralesが、オンラインショッピングの脅威を軽減し、ホリデーシーズンに個人データを安全に保つ方法を紹介いたします。

Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network—except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.

With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.

Vectra CTO Oliver Tavakoli looks back on a disruptive 2020 and shares his view of what 2021 holds for security practices.

Aujourd’hui encore, il faut une moyenne de 200 jours pour repérer une attaque informatique, la plupart des outils préventifs s’arrêtant après la primo infection. En effet, en matière de sécurité informatique, une fois qu’un élément est compromis et qu’un attaquant a réussi à pénétrer un élément du système, il est quasiment impossible de le détecter

Learn why we are celebrating our placement in the Deloitte Fast 500 list as an achievement and testament to a customer-first approach rather than a numbers goal.

Vectra AI社は、DeloitteFast 500に3年連続でランクインしました。今回は私たちの客様第一の取り組みについてご紹介します。

Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise—ultimately reducing the risk of breach.

“Ransomware operators” are rational economic entities that have evolved their tactics to optimize their ill-gotten financial returns. Their behavior changes mean detection and response approaches must change too.

The goal of an efficient incident response process is to free-up security analyst's time to focus on higher value work that requires critical thinking. Learn how automation can be applied to a detection and response process.

Learn from Principle Research Analyst, Eric Hanselman, from 451 Research how the combination of the right data and the right analytics can help security teams to secure what is an important resource for the modern enterprise.

Vectra research highlights how attackers are using built-in tools and services to attack Office 365. We examine two such attacks that were detected and thwarted by organizations protected by Cognito Detect for Office 365.

世界で最も利用されているSaaSアプリケーションであるOffice 365に対する攻撃についてまとめたレポートを２つのケーススタディと共にご紹介します。

National Institute for Standards and Technology (NIST) publication for the Zero Trust Architecture (NIST SP 800-207) relies heavily on continuous and accurate monitoring. Find out why network detection and response (NDR) is a required component.

If you are in security operations, have you ever wondered how long it will take before use cases and playbooks are ready or prove value to your organization?

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.

Vectra announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.

Attackers are using legitimate tools built into Microsoft Office 365 to perform reconnaissance, move laterally, and extend their attacks. OurSpotlight Report on Office 365 identifies what they’re up to and where you should be looking.

90日間、400万件のOffice365アカウントを観察することで、組み込みのOffice 365機能を悪用した攻撃者のテクニックに関連した疑わしくハイリスクな振る舞いを特定することができました。

Learn more about how Vectra’s new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.

Discover how maturity and capability can be defined and measured across the five stages of the maturity model based on the desired level of risk awareness.

Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.

Die Kombination von EDR, NDR sowie SIEM bilden die SOC-Transparenz-Triade. Doch auf dem steinigen Weg zur Transparenz im Security Operations Center (SOC) muss man bei der Implementierung von Angriffserkennungstools zahlreiche Hindernisse überwinden.

Vectra AI社は、2020年Office 365スポットライトレポートを発表しました。レポートでは、Office365に対する主なサイバーセキュリティ攻撃についてまとめています。

We’re excited to announce a partnership with Fortinet to integrate the Cognito Platform and FortiGate next-generation firewalls to detect, respond, and block cyberattacks in cloud, data center, IoT, and enterprise networks.

Asset management is one of the toughest challenges IT organizations can face. Discover why the ability to detect threats early on the network is better than ranking your critical systems.