Welcome to the
Vectra Blog

Featured blog posts

3 Guideposts for Organizational Security

By:

Tim Wade

February 22, 2021

Security leaders need to measure success, but too often the exercise focuses more on the absence of failure than the presence of success. Here’s three practical guideposts to achieve meaningful organizational security.

Read blog post
Tim Wade

SUNBURST Highlights How Current User Access Models Allowed World's Largest Supply Chain Attack

By:

Chris Morales

February 17, 2021

Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.

Read blog post
Chris Morales

Cloud Identity Detections with Azure AD

By:

Sam Martin

February 11, 2021

Vectra announces extended support for Azure AD in Cognito Detect for Office 365. Find out how this increased coverage can secure users’ cloud identities and reduce consequences of supply chain attacks.

Read blog post
Sam Martin

Jessica Couto Recognized as 2021 CRN Channel Chief

By:

Jennifer Geisler

February 8, 2021

CRN® has named Jessica Couto, VP of Channel, Americas, at Vectra AI, to its 2021 list of Channel Chiefs. The prestigious CRN® Channel Chiefs list, released annually, recognizes prominent leaders that demonstrates exceptional leadership, vision, and commitment to their channel partner programs.

Read blog post
Jennifer Geisler

All blog posts

by topic

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

by author

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

by language

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

by date

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

3 Guideposts for Organizational Security

By:
Tim Wade
February 22, 2021

Security leaders need to measure success, but too often the exercise focuses more on the absence of failure than the presence of success. Here’s three practical guideposts to achieve meaningful organizational security.

Read blog post
Strategic Security Leadership
Tim Wade
English
2021

SUNBURST Highlights How Current User Access Models Allowed World's Largest Supply Chain Attack

By:
Chris Morales
February 17, 2021

Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.

Read blog post
Security research
Chris Morales
English
2021

Cloud Identity Detections with Azure AD

By:
Sam Martin
February 11, 2021

Vectra announces extended support for Azure AD in Cognito Detect for Office 365. Find out how this increased coverage can secure users’ cloud identities and reduce consequences of supply chain attacks.

Read blog post
Threat detection
Sam Martin
English
2021

Sanofi bloque une cyberattaque en temps réel grâce à Cognito

By:
Hitesh Sheth
February 10, 2021

Pendant la pandémie, les pirates ont profité des informations sur le COVID-19. Découvrez comment un message LinkedIn ordinaire a déclenché une réaction en chaîne qui a conduit à une attaque généralisée et astucieuse contre l'une des principales sociétés pharmaceutiques.

Read blog post
Cybersecurity
Hitesh Sheth
French
2021

Sanofi stoppt mit Cognito in Echtzeit einen Cyber-Angriff

By:
Hitesh Sheth
February 10, 2021

Während der Pandemie haben Hacker Informationen über COVID-19 genützt. Finden Sie heraus, wie eine gewöhnliche LinkedIn-Nachricht eine Kettenreaktion auslöste, die zu einem weit verbreiteten, raffinierten Angriff auf eines der weltweit führenden Pharmaunternehmen führte.

Read blog post
Cybersecurity
Hitesh Sheth
German
2021

Jessica Couto Recognized as 2021 CRN Channel Chief

By:
Jennifer Geisler
February 8, 2021

CRN® has named Jessica Couto, VP of Channel, Americas, at Vectra AI, to its 2021 list of Channel Chiefs. The prestigious CRN® Channel Chiefs list, released annually, recognizes prominent leaders that demonstrates exceptional leadership, vision, and commitment to their channel partner programs.

Read blog post
Cybersecurity
Jennifer Geisler
English
2021

Azure AD Security Solutions - Azure AD Detection Coverage

By:
John Mancini
February 4, 2021

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.

Read blog post
Threat detection
John Mancini
English
2021

Sanofi Uses Cognito to Stop Cyberattack in Real Time

By:
Hitesh Sheth
February 1, 2021

The pandemic has made threat actors eager to exploit information about COVID-19. Find out how an ordinary LinkedIn message set off a chain reaction that escalated into a widespread, sophisticated attack at one of the world's leading pharmaceutical companies.

Read blog post
Cybersecurity
Hitesh Sheth
English
2021

Command and Control (C2) Evasion Techniques

By:
Joshua St. Hilaire
January 28, 2021

Learn how Command and Control (C2) frameworks are continuing to evolve in order to evade detection. Here we will examine a method known as JA3 signature randomization.

Read blog post
Security research
Joshua St. Hilaire
English
2021

2020’s Biggest Stories in AI

By:
Christopher Thissen
January 26, 2021

In 2020 we got a glimpse of just how much AI is beginning to penetrate everyday life. However, practical applications raise important questions about the ethical use of AI. In this blog, we reflect on the biggest stories in AI from last year.

Read blog post
Artificial intelligence
Christopher Thissen
English
2021

The SolarWinds Breach and its Case for Network Detection and Response (NDR)

By:
Marc Gemassmer
January 21, 2021

Learn from Vectra CRO, Marc Gemassmer, what makes the SolarWinds hack unique from other breaches and how network detection and response can help remediate similar attacks in the future.

Read blog post
Threat detection
Marc Gemassmer
English
2021

Why the NIST Zero Trust Architecture No Longer Requires Decryption

By:
Marcus Hartwig
January 14, 2021

Learn why a successful implementation of a Zero Trust Architecture requires a modern network detection and response solution that can collect metadata about encrypted traffic – without relying on the overhead of agents.

Read blog post
Security operations
Marcus Hartwig
English
2021

Das Jahr im Rückblick – und das kommende Jahr

By:
Andreas Müller
January 12, 2021

Es ist wieder an der Zeit, uns die jüngere Vergangenheit anzuschauen und in die Zukunft zu blicken und darauf, was uns das nächste Jahr in puncto Cyber-Sicherheit bringen wird.

Read blog post
Cybersecurity
Andreas Müller
German
2021

Why Accelerated Cloud Adoption Exposes Organisations to Security Risk

By:
Chris Fisher
January 7, 2021

As our reliance on technology grows, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers. Growth in cybercriminal activity has become a Catch 22 – the more organisations invest in data protection technologies, the more adept cyber criminals become.

Read blog post
Cybersecurity
Chris Fisher
English
2021

Office 365 Threats and Inversion of the Corporate Network

By:
Oliver Tavakoli
January 6, 2021

The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.

Read blog post
Security operations
Oliver Tavakoli
English
2021

5 Steps of an Actual Maze Ransomware Post Incident

By:
Marcus Hartwig
January 5, 2021

Discover step-by-step how Vectra identified early indicators of a ransomware attack and prevented the encryption of network file share in this blog.

Read blog post
Threat detection
Marcus Hartwig
English
2021

Gone in a Flash: How Vectra Tracks and Flags Flash Usage in Your Network

By:
Gearoid O Fearghail
December 17, 2020

With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.

Read blog post
Security operations
Gearoid O Fearghail
English
2020

Understand Your Environment Better with Security Insights from Vectra

By:
Sam Martin
December 15, 2020

Discover how the new security insights feature in the Vectra Cognito network detection and response platform eliminates the need for analysts to pivot between tools and provides additional insights related to attacker detections.

Read blog post
Security operations
Sam Martin
English
2020

SolarWinds Orion Hack: What To Know & How To Protect Your Network

By:
Luke Richards
December 15, 2020

Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.

Read blog post
Breach
Luke Richards
English
2020

FireEye Breach: Attack Details & How FireEye Rapidly Responded

By:
Nathan Einwechter
December 11, 2020

Discover new learnings from the FireEye breach, including how the Vectra security research team understood the objectives of many of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Read blog post
Threat detection
Nathan Einwechter
English
2020

Beware of Malicious Websites and Using Identical Passwords this Holiday Season

By:
Chris Morales
December 10, 2020

Our Head of Security Analytics, Chris Morales, shares how to mitigate online shopping threats and keep your personal data safe this holiday season.

Read blog post
Cybersecurity
Chris Morales
English
2020

How to Track Attackers as They Move to Your Network from the Cloud

By:
Matt Walmsley
December 8, 2020

Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network – except ours. In Cognito, we're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.

Read blog post
Threat detection
Matt Walmsley
English
2020

How Attackers Use Business Email to Compromise Office 365

By:
Chris Morales
December 3, 2020

With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.

Read blog post
Threat detection
Chris Morales
English
2020

The Year in Review – and the Year to Come

By:
Oliver Tavakoli
November 30, 2020

Vectra CTO Oliver Tavakoli looks back on a disruptive 2020 and shares his view of what 2021 holds for security practices.

Read blog post
Cybersecurity
Oliver Tavakoli
English
2020

Les Enjeux De La Transformation Du SOC

By:
Christophe Jolly
November 19, 2020

Aujourd’hui encore, il faut une moyenne de 200 jours pour repérer une attaque informatique, la plupart des outils préventifs s’arrêtant après la primo infection. En effet, en matière de sécurité informatique, une fois qu’un élément est compromis et qu’un attaquant a réussi à pénétrer un élément du système, il est quasiment impossible de le détecter.

Read blog post
Security operations
Christophe Jolly
French
2020

Why Did Vectra Make the Deloitte Fast 500 for Third Year in a Row?

By:
Jennifer Geisler
November 19, 2020

Learn why we are celebrating our placement in the Deloitte Fast 500 list as an achievement and testament to a customer-first approach rather than a numbers goal.

Read blog post
Industry
Jennifer Geisler
English
2020

Protecting Cloud Users and Data Across the Entire Network with Expanded Cloud Services

By:
Joe Malenfant
November 18, 2020

Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise – ultimately reducing the risk of breach.

Read blog post
Infrastructure
Joe Malenfant
English
2020

The Business of Ransomware is Changing – Detection and Response Need to Change Too

By:
Vectra
November 5, 2020

“Ransomware operators” are rational economic entities that have evolved their tactics to optimize their ill-gotten financial returns. Their behavior changes mean detection and response approaches must change too.

Read blog post
Security operations
Vectra
English
2020

Incident Response and Knowing When to Automate

By:
Chris Morales
October 28, 2020

The goal of an efficient incident response process is to free-up security analyst's time to focus on higher value work that requires critical thinking. Learn how automation can be applied to a detection and response process.

Read blog post
Security operations
Chris Morales
English
2020

Parting the Clouds in Threat Hunting

By:
Eric Hanselman
October 27, 2020

Learn from Principle Research Analyst, Eric Hanselman, from 451 Research how the combination of the right data and the right analytics can help security teams to secure what is an important resource for the modern enterprise.

Read blog post
Analyst
Eric Hanselman
English
2020

What’s Multi Factor Authentication (MFA) & How Can MFA Be Hacked

By:
Vectra
October 26, 2020

Vectra research highlights how attackers are using built-in tools and services to attack Office 365. We examine two such attacks that were detected and thwarted by organizations protected by Cognito Detect for Office 365.

Read blog post
Industry
Vectra
English
2020

Why NDR is a Required Component of NIST Zero Trust Architecture

By:
Marcus Hartwig
October 22, 2020

National Institute for Standards and Technology (NIST) publication for the Zero Trust Architecture (NIST SP 800-207) relies heavily on continuous and accurate monitoring. Find out why network detection and response (NDR) is a required component.

Read blog post
Security operations
Marcus Hartwig
English
2020

The Value of NDR Use Cases for Your SIEM

By:
Henrik Davidsson
October 21, 2020

If you are in security operations, have you ever wondered how long it will take before use cases and playbooks are ready or prove value to your organization?

Read blog post
Security operations
Henrik Davidsson
English
2020

Vectra and Splunk Partner on Mission Control For an Out of this World Launch

By:
Jitin Dhanani
October 20, 2020

Vectra Cognito announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.

Read blog post
Integration
Jitin Dhanani
English
2020

How to Win the Cybersecurity Battle in Healthcare

By:
Chris Morales
October 20, 2020

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.

Read blog post
Industry
Chris Morales
English
2020

Office 365 Multi-Factor Authentication (MFA) Threats & Attacks

By:
Chris Morales
October 19, 2020

Attackers are using legitimate tools built into Microsoft Office 365 to perform reconnaissance, move laterally, and extend their attacks. OurSpotlight Report on Office 365 identifies what they’re up to and where you should be looking.

Read blog post
Industry
Chris Morales
English
2020

Vectra and CrowdStrike Turn the Tables on Cyberattackers

By:
Marcus Hartwig
October 15, 2020

Learn more about how Vectra’s new Cognito Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.

Read blog post
Integration
Marcus Hartwig
English
2020

Incident Response Maturity and the Roadmap to Success

By:
Chris Morales
October 14, 2020

Discover how maturity and capability can be defined and measured across the five stages of the maturity model based on the desired level of risk awareness.

Read blog post
Security operations
Chris Morales
English
2020

What We Saw in 90 days from 4 Million Microsoft Office 365 Accounts

By:
Chris Morales
October 13, 2020

Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.

Read blog post
Industry
Chris Morales
English
2020

Mit NDR können Sie Ihr SIEM noch besser nutzen (und EDR hilft auch)

By:
Gregory Cardiet
October 13, 2020

Die Kombination von EDR, NDR sowie SIEM bilden die SOC-Transparenz-Triade. Doch auf dem steinigen Weg zur Transparenz im Security Operations Center (SOC) muss man bei der Implementierung von Angriffserkennungstools zahlreiche Hindernisse überwinden.

Read blog post
Gregory Cardiet
German
2020

Fortinet Integration: Advanced Monitoring and NDR with Automated Response

By:
Sam Martin
October 8, 2020

We’re excited to announce a partnership with Fortinet to integrate the Cognito platform and FortiGate next-generation firewalls to detect, respond, and block cyberattacks in cloud, data center, IoT, and enterprise networks.

Read blog post
Integration
Sam Martin
English
2020

Count Your 16,000 Most Critical Assets? Are You Nuts?

By:
Nathan Einwechter
October 6, 2020

Asset management is one of the toughest challenges IT organizations can face. Discover why the ability to detect threats early on the network is better than ranking your critical systems.

Read blog post
Infrastructure
Nathan Einwechter
English
2020

Incident Response and the Need for Speed

By:
Chris Morales
September 30, 2020

A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.

Read blog post
Security operations
Chris Morales
English
2020

The Psychology Behind an Insider Threat

By:
Joe Malenfant
September 29, 2020

Analyzing the psychology of an insider threat case is a complex task because there is little evidence and scant public data about threat incidents. Develop an improved understanding of the mind of malicious insiders with the multiple life-stage model.

Read blog post
Cybersecurity
Joe Malenfant
English
2020

NDR Helps You Achieve More from Your SIEM (EDR Helps, Too)

By:
Gregory Cardiet
September 25, 2020

Gregory Cardiet, technical leader for Vectra, shares his thoughts and experiences on why enterprises are increasingly integrating network detection and response (NDR) as a core element of their security operations visibility capabilities.

Read blog post
Gregory Cardiet
English
2020

cPacket Networks Integration: Deliver NDR with Fast Forensics

By:
Sam Martin
September 24, 2020

We’re delighted to to announce a new integration between our Cognito platform for NDR and the cPacket Networks visibility solution. The combined techniques provide robust security-response capabilities that track the source, target, and method of attack.

Read blog post
Integration
Sam Martin
English
2020

Insider Threats: What to Look For and How to Respond

By:
Joe Malenfant
September 22, 2020

Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.

Read blog post
Cybersecurity
Joe Malenfant
English
2020

Detecting ZeroLogon with Zero Signatures

By:
Stephen Malone
September 22, 2020

The recent ZeroLogon (CVE-2020-1472) vulnerability allows an attacker to gain Domain Admin credentials. The Vectra AI/ML models are designed to detect attacks regardless of tools or signatures and alerted on ZeroLogon even before it was announced.

Read blog post
Threat detection
Stephen Malone
English
2020

Controlling Cyber-risk in Mergers and Acquisitions

By:
Henrik Davidsson
September 21, 2020

During a merger and acquisition, there are several critical cybersecurity challenges to overcome and manage during an M&A. Vectra can help speed-up due diligence and integration by automating threat hunting and prioritizing detected threats based on certainty and risk

Read blog post
Security operations
Henrik Davidsson
English
2020

How to Gain Full Threat Visibility Where Only the Network Exists

By:
Henrik Davidsson
September 21, 2020

Learn why the SOC visibility triad is a better way to gain full visibility into threats and why Vectra is critical to help provide that visibility.

Read blog post
Security operations
Henrik Davidsson
English
2020

The Two Types of Insider Threats

By:
Joe Malenfant
September 15, 2020

What danger do malicious and negligent insiders constitute and what kind of insider threats exist? Is your organization safe? Learn to spot the two types of insider threats.

Read blog post
Cybersecurity
Joe Malenfant
English
2020

The Value of AI-driven Network Detection and Response for MSSPs

By:
Henrik Davidsson
September 14, 2020

With the advent of AI, managed security service providers (MSSPs) have a huge opportunity to improve 24x7 network threat detection, response and visibility while augmenting their understanding of security events.

Read blog post
Artificial intelligence
Henrik Davidsson
English
2020

Insiders and Whistleblowers

By:
Marcus Hartwig
September 8, 2020

The ultimate goal of most insider attacks is to steal data. Just one insider threat incident can cost your organization up to $3 million. Learn when disclosure is protected and how to stay ahead of malicious attacks in this blog.

Read blog post
Cybersecurity
Marcus Hartwig
English
2020

Can Data Science Identify Insider Threats?

By:
Tim Wade
September 1, 2020

The problem of detecting an insider threat before it happens is difficult to solve as the prediction of human behavior itself. Discover how applying a data science approach to detection can reveal clues to catch know and unknown attackers across your enterprise.

Read blog post
Threat detection
Tim Wade
English
2020

Why IDPS is Cumbersome and Hampers Security Personnel

By:
Marcus Hartwig
August 25, 2020

Discover in this blog why many organizations are struggling with the burden of maintaining IDPS deployments and how security teams can instead concentrate on detecting and mitigating active threats inside the network with network detection and response.

Read blog post
Security operations
Marcus Hartwig
English
2020

Easily Track Expiring Certificates in Cognito Recall

By:
Gearoid O Fearghail
August 20, 2020

New dashboard in Cognito Recall shows certificates in your network that are actively in use, those that are about to expire and ones that have already expired. This will enable you to deliver tangible value to system administrators and service owners by alerting them if widely-used key certificates in your organization will expire soon and helping to prevent easily-avoidable outages.

Read blog post
Security operations
Gearoid O Fearghail
English
2020

Why IDPS Lacks the Capability to Detect Modern Attacks

By:
Marcus Hartwig
August 18, 2020

Learn how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply attackers moving around inside your deployments due to reliance on signatures and being deployed at the network perimeter.

Read blog post
Threat detection
Marcus Hartwig
English
2020

Alert Fatigue and Bad Signatures Leads to Missed Attacks

By:
Marcus Hartwig
August 11, 2020

Consider getting rid of IDPS and the noise it creates and check out detecting and stopping cyberattacks using NDR. Free-up your security analysts to focus on investigations and threat-hunting instead of tweaking signatures.

Read blog post
Threat detection
Marcus Hartwig
English
2020

Vectra Threat Intelligence: the Icing on the Cake

By:
John Mancini
August 6, 2020

AI-based detections are great at identifying attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give security teams the most durable coverage and early understanding of threats.

Read blog post
Artificial intelligence
John Mancini
English
2020

Using Vectra to Detect and Stop Maze Ransomware

By:
Marion Hennequin
August 5, 2020

Maze ransomware can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. Learn what a Maze attack progression looks like and how you can defend against these types of threats.

Read blog post
Threat detection
Marion Hennequin
English
2020

Ferret Out a RAT: Don’t Just Build a Better Mousetrap

By:
Tim Wade
August 3, 2020

Learn why using AI models to look for the communication pattern of a RAT in network data, can help detect them in real-time with high-fidelity based on the behavior observed.

Read blog post
Artificial intelligence
Tim Wade
English
2020

Le secteur de la santé plus que jamais soumis à un risque majeur de cyber-sécurité

By:
Christophe Jolly
July 29, 2020

En première ligne de la pandémie de COVID-19, les professionnels de la santé chargés de nous protéger travaillent sans relâche pour prendre soin de nous. Mais comment le secteur de la santé a-t-il fait face aux cyberattaques ciblées en cette période critique ?

Read blog post
Industry
Christophe Jolly
French
2020

Vendor Collaboration in the Cybersecurity Industry is Essential (and Our Customers Deserve It)

By:
Vectra
July 28, 2020

We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer’s security teams to further improve the agility, efficiency and efficacy of their security operations.

Read blog post
Integration
Vectra
English
2020

Expertise That Unlocks the Potential within Your Security Operations

By:
Vectra
July 21, 2020

The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.

Read blog post
Security operations
Vectra
English
2020

Security Limitations of IOCs - Lessons Learned from APT29

By:
Tim Wade
July 20, 2020

What the recent advanced threat actor 29 shows about the security limitations of indicator of compromise and how you can defend against privileged access attacks.

Read blog post
Cybersecurity
Tim Wade
English
2020

SOC Maturity: Reactive, Proactive and Threat Hunting

By:
Battista Cagnoni
July 20, 2020

Battista Cagnoni examines how you can mature your Security Operations Center (SOC) using processes for reactive threat detection and proactive threat hunting.

Read blog post
Security operations
Battista Cagnoni
English
2020

Why Does Monitoring How Privileged Account Access is Used (and Abused) Matter?

By:
Marcus Hartwig
July 19, 2020

Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. The recent Twitter Hack compromising several high-profile accounts becomes another stark example.

Read blog post
Breach
Marcus Hartwig
English
2020

Expanding Vectra Lockdown Capabilities with Defender ATP

By:
Jose Malacara
July 14, 2020

Our integration with Microsoft Defender ATP lets you perform Host Lockdown on Microsoft Defender ATP hosts.

Read blog post
Integration
Jose Malacara
English
2020

Vectra’s Commitment to the Channel is Validated with the Launch of Our New Partner Program

By:
Marc Gemassmer
July 9, 2020

At Vectra, our partners are integral to the way we go tomarket and we want to ensure you we are committed to the mutual success of our relationship.

Read blog post
Marc Gemassmer
English
2020

Gravierende Cyber-Risiken im Gesundheitswesen

By:
Andreas Müller
July 9, 2020

Die Umstellung des Gesundheitswesens auf die Cloud ist nicht neu. COVID-19 hat jedoch die Roadmap für die Cloud-Einführung beschleunigt und die Sicherheitsteams somit in einen eher reaktiven als proaktiven Angreifersuchmodus versetzt.

Read blog post
Industry
Andreas Müller
German
2020

Ernstige cyberrisico's in de zorg

By:
Paul Tel
July 9, 2020

Ze lopen altijd voorop tijdens de COVID-19-pandemie: gezondheidswerkers werken onvermoeibaar door voor ons. Maar hoe doet de zorg het in deze tijden van crisis als het gaat om gerichte cyberaanvallen?

Read blog post
Security research
Paul Tel
2020

The Sizable Risk of Cyber Well-being in Healthcare

By:
Chris Morales
June 30, 2020

Healthcare’s shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.

Read blog post
Industry
Chris Morales
English
2020

Office 365 Security: Power Automate is the New PowerShell

By:
Rohan Chitradurga
June 29, 2020

Learn why Microsoft Power Automate is great for Office 365 users, but why it’s terrifying for security professionals.

Read blog post
Threat detection
Rohan Chitradurga
English
2020

MFA is Not Enough - Malicious OAuth Apps in Office 365 are Here to Stay

By:
Marcus Hartwig
June 24, 2020

MFA is a great step to take, but there are always ways around preventive controls. One of the well-known MFA bypass techniques is the installation of malicious Azure/O365 OAuth apps. In case there were any doubts, the recent attacks on Government and business reported by the AustralianPrime Minister constitute a powerful reminder. Learn why you need to implement detection-based solutions.

Read blog post
Breach
Marcus Hartwig
English
2020

What to Know Before Reading the 2020 Gartner Market Guide for NDR

By:
Jennifer Geisler
June 16, 2020

The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category. As the market pushes to move away from simple analysis and towards actionable response, the “R” in NDR must be recognized for what it truly is – an opportunity for your organization to have a clearly outlined strategy for automatic and manual response.

Read blog post
Analyst
Jennifer Geisler
English
2020

Vectra and Microsoft Join Forces to Fulfill the SOC Triad

By:
Marcus Hartwig
June 9, 2020

Vectra announces a partnership and deep product integration with Microsoft Defender ATP (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using. This integration will ultimately elevate the visibility of the SOC and prevent attackers from establishing footholds across enterprise networks.

Read blog post
Security operations
Marcus Hartwig
English
2020

New Partner Training

By:
Jessica Couto
April 13, 2020

Vectra is pleased to announce the launch of two new training certification tracks for our partners. The VPSE certification is geared toward sales engineers, while our VSP certification focuses on positioning and selling Vectra Cognito.

Read blog post
Cybersecurity
Jessica Couto
English
2020

Using Vectra network metadata to find attacker tools and exploits

By:
Stephen Malone
March 26, 2020

Attack tools and techniques can change over time, but attack behaviours remain a stable indicator of attackers within the network. Using attack behaviour as a high-fidelity signal allows you to take action quickly to stop attacks or prevent further damage.

Read blog post
Threat detection
Stephen Malone
English
2020

Remote Work, Not Remote Control

By:
Marion Hennequin
March 25, 2020

In order to contain the spread of COVID-19, employees are being asked to work remotely when possible. This sudden and immediate shift of employees who would normally work in an office to a remote location will naturally create a shift in internal movement of network traffic. The outcome will be a change of internal network traffic patterns in which attackers could hide their own communication.

The below areas will require extra attention and understanding by the security operations analysts who are handling the day to day impact of their quickly changing environment.

Read blog post
Security operations
Marion Hennequin
English
2020

What is network metadata, and why do I need it?

By:
Stephen Malone
March 25, 2020

In the era of near-total data, SOC teams and analysts can become swamped by the sheer volume. And that’s before we even get to the cost of data ingestion and storage! In this blog, we will explore the value of network metadata, and why we just can’t get this level of visibility elsewhere.

Read blog post
Cybersecurity
Stephen Malone
English
2020

Is there still value in JA3 fingerprinting?

By:
Matthew Pieklik
March 11, 2020

This blog post is the first in a series that will cover basic threat investigation and threat hunting techniques using network metadata from Cognito Stream.

Read blog post
Cybersecurity
Matthew Pieklik
English
2020

Vectra + Sentinel One

By:
Vectra
February 26, 2020

Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.

Read blog post
Cybersecurity
Vectra
English
2020

Cybereason integration: Obtain full visibility and faster responses

By:
Vectra
February 25, 2020

Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today’s modern cyberattacks.

Read blog post
Integration
Vectra
English
2020

Moving from Prevention to Detection with the SOC Visibility Triad

By:
Marcus Hartwig
February 24, 2020

Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard. The SOC visibility triad encourages three specialized technologies. EDR for endpoint, NDR for Network, and SIEM for security analytics and correlation. But for all of this tech to be successful, they need robust integrations to each other, as SOC analysts’ time is at a premium.

Read blog post
Security operations
Marcus Hartwig
English
2020

Expanding the "R" in NDR: Account Lockdown

By:
Jose Malacara
February 13, 2020

Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network. By disabling an attacker's account, you can limit attacker progression along the killchain. This gives your SOC analysts time to conduct a thorough investigation, knowing that they have contained the blast radius of an attack by limiting the use of account-based attack vectors.

Read blog post
Security operations
Jose Malacara
English
2020

Vectra SaaS Detections – Office 365

By:
Vectra
February 11, 2020

With increasingly sophisticated threats, cyber risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.

Read blog post
Security operations
Vectra
English
2020

DHS cyber agency releases advisory on Iranian threats

By:
Nathan Einwechter
January 9, 2020

Over the past decade, cyber operations have become intertwined with geopolitical conflict. In recent asymmetric campaigns, state-sponsored threat groups have mapped critical infrastructure, disrupted systems, held information hostage, and stolen state secrets as a form of warfare.

Read blog post
Breach
Nathan Einwechter
English
2020

Dridex resurfaces to open the door to credential theft

By:
Marcus Hartwig
December 17, 2019

PAA enables SOC teams to monitor and defend against these types of attacks. In addition to our extensive models that detect command-and-control channels, this make the Cognito platform a powerful tool to combat evolving malware attacks against enterprises.

Read blog post
Security operations
Marcus Hartwig
English
2019

Achieving Threat Hunting Consistency with the MITRE ATT&CK Matrix

By:
Vectra
December 13, 2019

Thinking about threat hunting by using terms from the MITRE’s ATT&CK Matrix to frame the context and guide what you can and cannot see within your environment.

Read blog post
Cybersecurity
Vectra
English
2019

Vectra integrates AI-driven network threat detection and response with AWS VPC Ingress Routing

By:
Vectra
December 3, 2019

Vectra now integrates with Amazon Virtual Private Cloud (VPC) Ingress Routing and that our AI platform is currently available in the AWS Marketplace.

Read blog post
Cybersecurity
Vectra
English
2019

Chronicle integration: Conduct faster, context-driven investigations into active cyberattacks with Vectra and Chronicle

By:
Jitin Dhanani
November 19, 2019

The Cognito threat detection and response platform from Vectra now seamlessly integrates AI-based threat hunting and incident response of Chronicle Backstory, a global security telemetry platform, for increased context during investigations and hunts and greater operational intelligence.

Read blog post
Security operations
Jitin Dhanani
English
2019

Swimlane integration: Automate response and speed remediation with Swimlane and Vectra

By:
Jitin Dhanani
November 11, 2019

That’s why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.

Read blog post
Security operations
Jitin Dhanani
English
2019

Forescout integration: Gain real-time visibility and automated response

By:
Jitin Dhanani
November 4, 2019

The integration of the Cognito network detection and response platform with the Forescout device visibility and control platform provides inside-the-network threat detection and response, a critical layer of defense in today’s security infrastructure.

Read blog post
Security operations
Jitin Dhanani
English
2019

Check Point integration: Gain continuous threat visibility and enforcement

By:
Jitin Dhanani
October 28, 2019

The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.

Read blog post
Security operations
Jitin Dhanani
English
2019

New NIST guidelines on Zero Trust Architecture calls for deeper visibility into the network

By:
Marcus Hartwig
October 7, 2019

According to NIST, “No enterprise can completely eliminate cybersecurity risk. When complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cyber hygiene, ZTA can reduce overall risk exposure and protect against common threats.”

Read blog post
Infrastructure
Marcus Hartwig
English
2019

RDP attacks and the organizations they target

By:
John Chavez
September 25, 2019

By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.

Read blog post
Cybersecurity
John Chavez
English
2019

CrowdStrike, Splunk and Vectra – A powerful triad to find and stop cyberattacks

By:
Vectra
September 17, 2019

The combination of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM) allows security professionals to have coverage across threat vectors from cloud workloads to the enterprise.

Read blog post
Security operations
Vectra
English
2019

Trust, but verify (Доверяй, но проверяй)

By:
Marcus Hartwig
September 16, 2019

In infosec, the concept of “zero trust” has grown significantly in the last couple of years and has become a hot topic. A zero-trust architecture fundamentally distrusts all entities in a network and does not allow any access to resources until an entity has been authenticated and authorized to use that specific resource, i.e. trusted.

Read blog post
Threat detection
Marcus Hartwig
English
2019

Privileged Access Analytics

By:
Vectra
September 9, 2019

Since the early days of Vectra, we’ve been focused primarily on host devices. After all, hosts are the entities that generate the network traffic the Cognito platform analyses in looking for attacker behaviors.

Read blog post
Threat detection
Vectra
English
2019