Welcome to the Vectra Blog

Who Dares Predict the Future? Vectra. A 2023 Survey

2022 brought a surplus of geopolitical drama and the world's first full-on cyberwar. What comes next? Here's an educated estimate.

December 21, 2022

Christian Borst

2023 Cybersecurity Predictions: Battle of the Cyber capabilities

In 2023, organisations must prepare for a growing attack surface, the war for cyber skills, and the rise of unknown threats

November 30, 2022

Gearóid Ó Fearghaíl

Vectra Integrates Game-Changing Attack Signal Intelligence™ into Amazon Security Lake

What do you need to know following the announcement of the integration of Vectra's Attack Signal Intelligence into Amazon Security Lake?

November 29, 2022

AI Helps Detect Evasive Cyberattackers

Modern cyber threats are increasingly evasive and difficult to detect. Vectra offers a new AI-driven solution: Attack Signal Intelligence.

November 22, 2022

Who Holds Accountability for Cyberattacks on Retail

When we enter our names, addresses, phone numbers, emails and credit card info - personally identifiable information (PII) - whose job is it to make sure that the information remains safe and not in the wrong hands? The retailer? The consumer?

November 21, 2022

Jonathan Barrett

What Are the Types of Ransomware Attacks?

Ransomware is a common type of cyber attack that may target individuals and businesses alike. Device users of any kind must be aware of the different types of ransomware attacks and how to prevent them.

November 18, 2022

Stijn Rommens

Detecting Cyberattacks Before They Succeed

Cyberattacks are still on the rise. Learn more about the problem of preventive cybersecurity and what needs to be changed.

November 14, 2022

Thomas Patterson

Vectra Managed Detection and Response (MDR) Shared Responsibility Model

In terms of delivering Managed Detection and Response (MDR), we view the term "shared responsibility' differently than some. It is more about collaboration than delineation. It is about how Vectra, and our customers work together in a seamless manner to resolve threats.

November 1, 2022

OpenSSL Security Advisory

On November 1st 2022, after teasing the main show the week before, OpenSSL released their advisory describing two risks to OpenSSL 3.0.0 - 3.0.6. This was originally teased as a Critical level alert, which would have been the first Critical since 2015, however this was downgraded to a High owing to what OpenSSL describe as "mitigating factors".

October 27, 2022

Aaron Turner

Breaking Through Alert Noise to Stop Cyberattacks Before They Become Breaches

Vectra SaaS CTO, Aaron Turner shares how to fix overwhelming security alerts that can cause your SOC team to miss critical threats. See how.

October 12, 2022

Vectra Attack Signal Intelligence (ASI)

72% of security practitioners "think they may have been breached, but don't knowit." Said differently, nearly three-quarters of security teams don't know wherethey are compromised right now.

September 20, 2022

Mark Wojtasiak

More or less of the same at the Gartner Security and Risk Summit 2022

Last week I attended the Gartner Security and Risk Summit in London. The theme of the summit was Accelerating the Evolution of Security: Reframe and Simplify. From the very first keynote, Gartner laid down the gauntlet. "Change is needed and we must stop doing what we have always done and start learning from our mistakes." It is this very sentiment that set the tone for the show.

September 19, 2022

Jose Malacara

XDR - Erase the unknowns with eco-system solutions that deliver coverage, clarity and control

Native integration delivers Vectra's patented Security AI to CrowdStrike XDR, so joint customers can find attacker behaviors across public cloud, SaaS, identity, and networks from a single interface.

September 13, 2022

Connor Peoples

Undermining Microsoft Teams Security by Mining Tokens

In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in. Attackers do not require elevated permissions to read these files, which exposes this concern to any attack that provides malicious actors with local or remote system access.

August 18, 2022

Gearóid Ó Fearghaíl

If a Threat detection catches an attacker and no one is around to see it, is it really detected?

What value is there in detecting malicious actors if the detection isn't noticed? Vectra makes sure that your security operations see everything, and our updated Splunk Integration is the latest offering to help you do this.

August 17, 2022

Hitesh Sheth

Needed: 700,000 Innovators. Wanted: a Safer and Fairer World

A major apprenticeship program from the US government could fill vacant cybersecurity jobs - and we're here for it.

August 16, 2022

Take it from Gartner: The Time for the Right NDR Is Now!

An influential industry analyst now declares NDR has reached the Hype Cycle's "Slope of Enlightenment." Vectra had confidence all along

July 20, 2022

Kat Traxler

Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

July 10, 2022

Mark Wojtasiak

Erase the Unknowns, Transform the SOC

We at Vectra think that SOC teams need to focus on 3 challenges to stay ahead of cyberattacks. Coverage, Clarity�Control

July 6, 2022

As Customers Grasp the NIST Framework, They See More Value in Vectra

A US government agency provides a powerful framework for understanding today's cybersecurity challenges. Here's where Vectra AI fits in.

July 1, 2022

Brad Woodberg

Why triage alerts - when AI can do it for you?

If you ask security analysts to describe the biggest pain points in their role, you will no doubt get a diverse set of answers. One thing that they will almost certainly have in common is the challenge of dealing with alert fatigue.

June 24, 2022

John Mancini

Controlling Cyberattacks with PowerShell Shouldn't Mean Moving on Without it

Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) that recommends proper configuration and monitoring of PowerShell to address the recurrence of the scripting language's use in cyberattacks.

June 21, 2022

The Truth About AI in Cybersecurity? To Reveal Real Value, Ask Four Questions

Many security propositions claim artificial intelligence provides a value boost. The real story is more complicated.

June 13, 2022

Mark Wojtasiak

The 9 C’s of Cybersecurity Value

How to move cybersecurity forward? At the core of this discussion, we always find the same core values. We at Vectra live up to the 9 C's.

May 25, 2022

John O Callaghan

Everyone Is Now Remote, NDR is No Longer Relevant

Hybrid working models are a hacker's dream! Every remote IP is a potential risk. Learn how to protect your organization in the modern world.

May 9, 2022

Hype Doesn’t Last. Great Cybersecurity Does

Most marketing messages are a cocktail of sober reality and hyperbole. Of course, the proportions may vary from season to season, from one company to the next, but hype continues to be a perpetual factor in the cybersecurity world. At Vectra, however, we are firm believers in sober reality.

April 27, 2022

Should security teams be giving service with a smile?

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them.

April 27, 2022

John Mancini

MITRE ATT&CK Coverage: Vectra AI provides over 90%

The MITRE ATT&ACK framework helps to keep your business secure. Learn how Vectra leverages MITRE ATT&CK and supports MITRE D3FEND.

April 26, 2022

New Data Suggest It’s Time to Change the Way Organizations Deal with Cyberattacks

Vectra's latest report on cybersecurity shows: Traditional approaches won't work anymore. Key findings are listed here.

April 19, 2022

John Mancini

Azure AD: Users Are Bypassing Your MFA

In order to help security teams validate the effectiveness of their Azure AD security controls and stop future attacks, the Vectra platform continuously monitors user activity and reveals instances of users bypassing multi-factor authentication (MFA) and other preventative controls.

April 7, 2022

Steve Cottrell

Mounting Pressure in Cybersecurity Shouldn’t Discourage Those Who Wear Capes

Regardless of discipline, cybersecurity professionals deal with mounting pressure each day to make the right decisions and strategically play the right hand to keep their organisations a step or two ahead of cybercriminals. It can be stressful.

April 5, 2022

Testing, Testing, Testing: Why Red Teaming is a Must for Every CISO

The Vectra Masked CISO series gives security leaders a forum for discussing the biggest issues in security and advising their peers on how to overcome them.

March 25, 2022

Generals Without Uniforms: A Transformational Hour for CIOs and CISOs

We have never seen a full-on cyber conflict rage across the world's digital systems, but if the situation in Ukraine leads to such a thing, CIOs and CISOs will find themselves on the front lines. With escalation patterns uncertain and no "rules of the road" governing cyberwar, any organization risks becoming a casualty. Already, CIOs and CISOs are seeing their roles evolve and enlarge. Vectra AI CRO Willem Hendrickx discusses their transformational hour

March 25, 2022

What If there was a Supply Chain Compromise of an IDP like Okta?

What If there was a Supply Chain Compromise of an IDP? The recent security incident at Okta represents yet another perspective on supply chain compromises. This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.

March 24, 2022

Aakash Gupta

How Attackers Target Your AWS Cloud

The cloud is complex. AWS alone has over 200 services (and quickly growing). Securely configuring even a small set of these services to operate at the scale of modern organizations today creates a variety of challenges.

March 15, 2022

Jonathan Barrett

Insider Threats From External Events

It's only human to focus on external threats to your well-being. This often applies to organizations and their approaches to security as well; which is why so much energy is typically put into perimeter security. Yet, this approach is antithetical to the zero-trust methodology: Organizations must also pay attention to internal-to-internal and internal-to-external traffic just as much as traffic coming in.

March 14, 2022

What Drives Vectra – and Me

I want Vectra to be known also for its values, for its vision, for its people and attitude, and for its passion for making the world a safer and fairer place. In short, for our culture.

March 10, 2022

Yann Fareau

AI: Two Small Letters – Many Big Advantages

"Artificial intelligence is no match for human stupidity," observed a wry Albert Einstein. Today, we have evolved to where AI can deliver critical and indispensable advantages in the race toward cybersecurity. Nevertheless, even brilliant security managers do not always see how or why this is the case.

March 9, 2022

Russian Cyber Attacks: What We Know so far

Updated perspective on cyberthreats as a result of ongoing Ukrainian/Russian conflict, including specific custom recall queries, and aggregation of common Russian state actor TTPs.

March 8, 2022

Teppo Halonen

Know Your Enemies – (Network) Behavior Gives Away the Attacker. Every Time.

As the new reality ofthe continual dangers of cyberwar gradually sets in, organizations globally are working to harden their defenses. Most cyber-attacks are blocked by preventative safeguards. Highly motivated attackers, however, tend to find ways to get through those defenses.

March 1, 2022

Aaron Turner

Demystifying Advanced Microsoft Cloud Attacks

Advanced Microsoft Cloud Attacks often attack through three key areas which we enumerate in this blog: Service Principals, Multi-Factor Authentication (MFA) Downgrade, and Mobile-Device MFA Authenticators.

February 25, 2022

Oliver Tavakoli

Russian Wiper Malware is Novel – Protecting Against it Need Not Be

While this wiper malware is new, it reuses much of the playbook employed by Russian state actors and ransomware gangs - fighting back requires us to sharpen the tools we already have.

February 23, 2022

Mitigating, Detecting, and Responding to Russian Cyberactivity

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022.

February 17, 2022

Is a focus on tech skills for CISOs holding us back in the boardroom?

The role of the CISO has never been clearly defined, and every CISO works differently.They are under a lot of pressure, and this leads to regular rotation of roles. The Masked CISO explains how this could be stopped if CISOs were given more autonomy and responsibility.

February 14, 2022

High Growth with a Human Face

New Vectra CRO wants to achieve aggressive growth and continued global expansion for Vectra's leading network detection and response platform.

February 1, 2022

Not All AI is Created Equal

In this blog series, Kevin Kennedy, SVP of Products at Vectra goes beyond the buzzwords and explains what artificial intelligence and machine learning truly mean in relation to cybersecurity. He explains how organizations using AI can gain an advantage over today's attackers that will stop them in their tracks.

January 31, 2022

The Great AI/ML Debate

January 26, 2022

Steve Cottrell

Ransomware protection: How to identify attacks with NDR & AI

Software attacks with an extortionist background are unfortunately becoming the norm for many companies. But what if automated anti ransomware tools could unmask malware at an early stage and combat them effectively - even before they can cause harm?<br>

January 25, 2022

Log4J Won’t Be the Last Exploit, So Let’s Make Sure You’re Ready

As we saw with the Log4J vulnerability, cybercriminals only need a single opening to infiltrate your environment. And while another vulnerability can't be prevented, there's still a lot that can be done to make sure you're ready for the next one.

January 20, 2022

Being “Threat-Led” is the answer. Your ISO certificate won’t save you from a breach!

A threat-led approach is key to an organisation's security strategy. CISOs should measure security based on their ability to discover if they've been breached, mean time to breach when testing security, or the mean time to detect unknown threats.

January 20, 2022

Assume Compromise: It's time to change your security mentality

With ransomware attacks continuing to dominate media headlines, it's clear that a security approach centered on prevention no longer suffices. A shift towards an "assume compromise' security approach prepares your business to deal with the intensity and frequency of today's ransomware attacks. To that end, advanced detection and response capabilities play a crucial role. In this blog, you will also learn why a large British multinational insurance company chose Vectra, Wipro's Venture Partner, to meet its security needs.

January 18, 2022

Cybersecurity 2022: These four areas will evolve!

Every year the world of cybersecurity encounters new challenges and obstacles for organisations to overcome, but 2021 managed to be an exceptionally dangerous year. So how will the lessons learnt from 2021 shape the cybersecurity landscape? Here are four areas of cybersecurity that will evolve in 2022.

January 12, 2022

Steve Cottrell

Security principles vs zero day attack, who wins?

When it comes to cyber security, the old adage of "doing the simple things well' is more relevant today than ever before. Three simple principles have been around for decades but they hold true now more than ever because we live in an increasingly cloud-orientated environment where we need to be vigilant at all times.

December 20, 2021

Kat Traxler

Log4J’s Unique Impact In The Cloud

Threat actors can use the Log4J vulnerability as a platform for launching attacks, but what does this mean for cloud environments? Find out exactly how attackers are exploiting this vulnerability and what this could mean for your organization.

December 16, 2021

Move fast, break security: why CISOs must push back against Agile IT

Agile has its uses. It's increasingly being adopted as a technology wide operating model-to drive transformation everywhere, from helpdesks to datacenters. But is it always appropriate?

December 15, 2021

Log4Shell - The Evolution of an Exploit

A few days after the Log4Shell vulnerability was discovered, we now have more observations about how the exploit is being leveraged. Here's what we know, today.

December 10, 2021

CVE-2021-44228 Log4J Zero Day Affecting… The Internet

A new 0day was discovered in the log4j application on December 10, 2021. This vulnerability impacts a widely used logging solution spanning an incredibly large attack surface.

December 5, 2021

Nine Questions To Ask Your AI Vendor And Why

Asking the right questions to your vendor is critical to dissociate the trendy marketing wording from reality. Asking questions such as "What type of machine learning algorithms does your product use?" will help. Discover the top nine questions we think you should ask.

December 2, 2021

Garry Veale

New Research Uncovers How Top Security Teams Detect Cyberthreats

Exclusive cybersecurity research presented in a new report, details how hundreds of security leaders are addressing today's complex cyberthreats in their organisations.

November 29, 2021

It’s about the survival of the fittest!

CISOs Must be Brave Enough to Throw Away Their Security Playbook or Suffer the Consequences!

November 17, 2021

Fast Growth Requires Even Faster Security

Vectra has been recognized as a DeloitteTechnology Fast 500™ award winner - a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America.

November 9, 2021

Jonathan Barrett

Introducing Sidekick MDR: 24*7 eyes-on-glass service for threat detection and response

Introducing Sidekick MDR for VECTRA customers with 24*7 eyes-on-glass service leveraging cloud-scale analytics of the VECTRA Cognito platform to enable security teams to meaningfully detect and respond to ransomware, nation-state and insider attacks.

October 27, 2021

Vectra vs. Darktrace: Why Customers Choose Us by a Wide Margin

Learn why these two points are critical when choosing a threat detection and response vendor: 1) Darktrace is a sales & marketing engine, not a technology innovator 2) 91% of customers who consider both Darktrace and Vectra choose Vectra.

October 19, 2021

Sridevi Sheth

How Tallink Tosses Cybercriminals Overboard

Hear what Tallink, the largest shipping company operating in the Baltic Sea, says are the most valuable capabilities in an NDR solution and what you need to know when selecting one for your environment.

October 18, 2021

Doing Your Part to Secure Your Microsoft Cloud

"Do your part" is the theme of this year's Cybersecurity Awareness Month. See what you can do right now so cyberattacks don't become a problem in your Microsoft cloud environment.

September 29, 2021

4 Ways to Give Your SOC Valuable Time Back with AI

AI can save your SOC valuable time by automating workloads, while accurately tracking down cyberattacker activities found in ransomware and supply chain attacks.

September 23, 2021

Rabih Itani

Ransomware & RansomOps Contained: How to Best the Digital Pest

Ransomware. It is the new digital bogeyman. In the UAE, an industry survey from June 2021showed the extent to which the country (and by implication, the wider region)has been subjected to ransomware. Some 37% of respondents said they had beenvictims in the previous two years. A staggering 84% elected to pay the ransom, only for most of them - 90% of those who paid - to suffer from second attacksthat often came from the same bad actors.

September 10, 2021

Nagi SriRanga

Is Ransomware Damage Irreversible?

Vectra Detect cybersecurity solution is purpose-built to detect and stop ransomware attacks. The agentless and AI-driven Cognito Platform sees and stops ransomware before it can encrypt files and exfiltrate data by automatically detecting attacker behavior.

August 25, 2021

Detecting When Ransomware Moves into Your Cloud

Stopping ransomware requires a new way of thinking. See why you can't only rely on legacy tools to keep your organization safe, but rather how you can leverage AI to detect when this invasive threat enters your cloud.

August 18, 2021

5 Areas Exposing Your AWS Deployments to Security Threats

Organizations continue to deploy rapidly in the cloud, while security is often an afterthought. Read about the five areas that could be exposing your AWS deployments to security threats.

August 17, 2021

How Security Experts are Surviving Cloud Transformation

Hear cloud security experts from Splunk and Vectra explain how digital transformation has drastically changed security and why organizations need to adapt.

August 16, 2021

Hacker Raises Hand, Claims T-Mobile Breach

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

August 11, 2021

Uncovering Security Blind Spots in IaaS and PaaS Environments

As organizations continue to build on AWS with no sign of slowing down, it's important to know where the security blind spots are and how to address them.

August 4, 2021

State of Security: How Pros Address Daily Cloud Security Challenges

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

July 21, 2021

Microsoft Partners with Vectra to Deliver Zero Trust Security

Microsoft partners with Vectra to deliver Zero Trust security framework to provide analytics and mitigate threats emerging from distributed and hybrid-remote workforces.

July 15, 2021

Confronting Risk and Exposure in Healthcare

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

July 13, 2021

Rohan Chitradurga

MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

After obsessing for years over pushing the limits with AI to detect cyberattacker behavior, Vectra is proud to hold the most patents referenced in MITRE D3FEND.

July 5, 2021

Hitesh Sheth

Prevention and Preparedness Revisited: Cyber Defense after Kaseya Ransomware Attack

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you're only as secure as your provider.

July 4, 2021

New Think Tank Report Shapes EU Thinking on AI and Cybersecurity

Vectra is key contributor to new CEPS Report on the Technology, Governance and Policy Challenges of AI and Cybersecurity and supports Vectra's mission to make the world a safer and fairer place.

July 2, 2021

Putting CVE-2021-1675 PrintNightmare to Rest

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

June 29, 2021

Taking Down Cloud Threats for the Win

Vectra is honored to be named Cloud Security/SaaS Disruptor Company of the Year with a Gold Globee® Award in the Annual 2021 Awards.

June 29, 2021

Demystifying Cloud Security with Forrester

The rapid shift to cloud-everything left users and apps vulnerable to security threats across all environments. Andras Cser from Forrester joined Joe Malenfant and Gokul Rajagopalan from Vectra to discuss cloud trends among organizations.

June 24, 2021

Henrik Davidsson

Are You Transforming Your SOC Yet?

As SOC 1.0 remains the norm for many organizations, this way of doing things does have its challenges. See why more organizations are updating their approach in an effort to spot attacks faster while benefiting from a cost savings.

June 22, 2021

5 Things to Know about DarkSide & Other Ransomware as a Service Groups

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

June 16, 2021

Vectra Introduces Detect for AWS: Threat Detection and Response for IaaS and PaaS

Vectra introduces Detect for AWS, solving threat detection and response for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) environments.

June 14, 2021

Detecting Attackers as They Head Towards Your Money

What makes threat detection so challenging? We answer that question and provide the expert insight around our latest Spotlight Report-Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365.

June 2, 2021