Welcome to the Vectra Blog

Innovative XDR capabilities can deliver the ML/AI capabilities your security team needs to outpace expanding AI-enhanced threats.

The escalating influence of generative AI on business and cybersecurity in 2024: its growing adoption, potential challenges, and the critical need for regulatory oversight.

Buyers should be aware that there are really four primary spaces that XDR vendors are coming from.

What does extended detection and response (XDR) security mean?

The security landscape is plagued by tools that cause more inefficiencies, more ineffectiveness, and more breaches than ever.

Vectra CDR for AWS enables SOC teams to keep pace with the ever-growing speed and scale of sophisticated hybrid attack.

On May 23rd, 2023, Barracuda announced a vulnerability (CVE-2023-2868) in their Email Security Gateway appliance that was being exploited in the wild as far back as October of 2022.

Unrivaled signal clarity and rapid response can help you protect your complex IT environment.

Vectra AI’s Security Research Team identified issues in Entra ID and Microsoft 365 logs that make your job harder — and may help attackers evade detection.

In my last post, we talked about the importance of security testing as one of the best ways to improve defenders’ skills and expertise and build confidence that ongoing security investments continue to provide ROI.

The best ways to improve defenders’ skills and expertise and build confidence that ongoing security investments continue to provide ROI.

Insight and key takeaways from Gartner Security and Risk Summit 2023

Explore the challenges confronting Security Operations Center (SOC) teams, addressing the surge in alert volumes and advocating for a redefined perspective on threat detection effectiveness.

Just a week before the conference MGM Resorts and Caesar’s Palace suffered major security breaches. Read how Vectra AI’s integration with CrowdStrike can potentially provide a powerful solution to security breaches like those.

In this blog, we explore the true purpose of Cybersecurity Awareness Month and why it is important for end users to understand their role in protecting organizations. We delve into the "Defenders' Dilemma" and shed light on the challenges faced by cybersecurity professionals. Discover how attackers prey on human nature and the impact of their actions on defenders' workload and well-being. Join us in advocating for empathy and teamwork in the fight against cyber threats.

Hooray! It’s Cybersecurity Awareness Month – a security marketer's dream. An entire month dedicated to building awareness and educating the public on adopting safe cyber practices.

Discover how Vectra AI empowers SOC teams to swiftly detect, analyze, and counteract cyber threats. Explore advanced investigation practices and streamlined workflows in this insightful blog by Ada Tirelli.

In this blog, Tom D'Aquino explores the growing trend of zero-day vulnerabilities and their potential connection with the surge in ransomware attacks, highlighting the importance of AI-based detection methods such as Vectra AI.

Some cybersecurity vendors say they provide AI but only deliver basic rule-based systems. Ask 4 questions to see if an AI in cybersecurity claim is real.

With the number of hybrid-cloud cyberattacks on the rise, SecOps teams now have a way to gain unmatched visibility into all actions taking place across the entire AWS infrastructure.

Is decrypting packet payloads operationally effective or efficient at helping defenders find signs of advanced nation state attacks or manually executed attacks like RansomOps in a network?

This new open-source tool bridges common gaps SOC teams face in cloud threat detection. Gain more flexibility to develop custom attack techniques.

Unveiling the Vectra AI Platform: Your pathway to fortified cybersecurity. Co-created with security pioneers, this innovative platform offers integrated Attack Signal Intelligence for unmatched resilience, SOC modernization, and agile response to advanced threats.

Vectra Research recently discovered a method for leveraging functionality newly-released by Microsoft to perform lateral movement to another Microsoft tenant.

In the vast and interconnected realm of the digital landscape, an insidious storm is brewing. This storm, as revealed by the Dutch National Coordinator for Security and Counterterrorism (NCTV) in their Cyber Security Assessment Netherlands 2022, is rapidly becoming the new norm: cyber and insider attacks orchestrated by nation-state actors ​(The National Coordinator for Counterterrorism and Security, 2022)​. One well-known example that exemplifies the magnitude of nation-state cyber threats is the SolarWinds cyber-attack. This incident had far-reaching consequences, creating a wave of disruption for numerous organizations.

In an era defined by rapid technological advancements, ensuring the resilience and security of our financial systems has become more crucial than ever. The Digital Operational Resilience Act (DORA), a regulatory framework introduced by the European Union (EU), stands as a beacon of progress, aiming to bolster cybersecurity and operational resilience within the financial sector. In this blog, we shall delve into the essence of DORA, while providing actionable insights to help businesses comply with this transformative legislation.

Forrester’s version of Network Detection and Response (NDR) has some serious flaws, including an obsession with decryption that’s dangerous for enterprises.

The Cambrian Explosion in large language model (LLM) AI SaaS services has opened a huge number of exciting opportunities for everyone, however there are some giant risks associated with these services. As people continue to leverage them regardless of risk — Vectra helps you track exactly who.

What do you need to know following the announcement of the integration of Vectra's Attack Signal Intelligence into Amazon Security Lake?

The recent Microsoft announcement on “Volt Typhoon” activity brings the reality of persistent threat actors back into the spotlight.

As threats become more prominent, it’s important to pose the question: what actually brings clarity? It’s a question that we can struggle with, but we may simply not be approaching it in the right way.

Looking for an alternative to Darktrace? See why 9 in 10 customers choose Vectra AI, the top Darktrace alternative powered by Attack Signal Intelligence.

As cloud compromises become the new normal, Cloud Detection and Response is the answer to monitor and detect suspicious behavior across cloud environments.

The NIS (Network and Information Security) Directive was the first EU-wide law on cybersecurity which came into effect in 2016. Let's summarize it for you.

Attacker techniques are dictated by the characteristics of the tech stack. So what is the approach needed to defend cloud systems?

Discover how Vectra AI, through user feedback, has improved its scoring model and user interface to provide more effective threat prioritization and an efficient workflow.

Vectra CRO Willem Hendrickx why he's excited about the opportunity ahead for AI in cybersecurity.

Vectra Match ingests intrusion detection signature context for more efficient and effective threat investigations and hunting.

Last week SentinelOne announced integrations with key industry players inclulding an enhanced collaboration with Vectra AI to expand the company’s XDR offering.

As a seasoned veteran of RSAC, Aaron Turner has curated a list of themes, must-attend sessions, and personal recommendations to consider as to navigate and prioritize your week in San Francisco.

72% of security practitioners "think they may have been breached, but don't knowit." Said differently, nearly three-quarters of security teams don't know wherethey are compromised right now.

When an analyst detects an intrusion, the most critical factor is analyzing the context of the intrusion. We do this by identifying the attacker’s tactics, techniques, and procedures (TTPs).

Recently, CISA released a new open-source tool named the Untitled Goose Tool that helps organizations investigate threats to Azure AD, M365 and Azure.

After detecting an event in the detection phase of an incident response and analyzing it in the analysis phase — you can use the automated solution for containment of the four supported AWS services.

What steps can you take to ensure that your organization is not the weakest link in the chain of critical infrastructure?

Being able to suffice multiple requirements in a single consolidated sensor relieves complexity and lowers cost. With the release of Vectra Match, a solution is now within easy reach.

Gain complete clarity on known and unknown threats across your network by combining Vectra Match signature context and the power of Vectra NDR with Security AI-driven Attack Signal Intelligence™.

This blog outlines the intel in the LastPass communiques and enumerates the attacker indicators while framing the discussion around the "Pyramid of Pain".

Recently, we investigated suspicious behavior in an environment where Azure passwordless authentication was set up. Prompting the investigations was several users were hit with unexpected Authenticator app prompts. To their credit, none of the users fell for the ruse or let the attacker in.

On February 9th 2023, a milestone partnership was celebrated between Vectra and KPMG, and they had a lot to share. The discussion centered around the value of EffectiveSecurity Observability (ESO) - powered by Vectra's Attack Signal Intelligence, while KPMG and Vectra hosted a joined webinar.

Security teams need the right tools to test cloud security controls in ways that emulate real attacker behavior to understand the gaps and ensure they have the proper visibility to stop an attacker.

When a physical threat presents itself, most people will implement protection mechanisms. When warned of an impending hurricane, people will naturally board up their property and take cover. This behavior is conditioned, but why doesn't that conditioning extend to enterprise security programs?

With KPMG's guidance and Vectra's technology, organizations can achieve greater visibility into their security posture, reduce risk and reassure the protection of their critical data.

In this blog, we'll examine known threats aimed at hybrid cloud environments and where you might be able to catch them before they become an issue.

Through harnessing Vectra's Security AI-driven Attack Signal Intelligence (ASI) for cloud, SecOps teams can continuously monitor and uncover sophisticated threats across their SaaS and cloud environments in real-time.

2022 brought a surplus of geopolitical drama and the world's first full-on cyberwar. What comes next? Here's an educated estimate.

In 2023, organisations must prepare for a growing attack surface, the war for cyber skills, and the rise of unknown threats

Modern cyber threats are increasingly evasive and difficult to detect. Vectra offers a new AI-driven solution: Attack Signal Intelligence.

When we enter our names, addresses, phone numbers, emails and credit card info - personally identifiable information (PII) - whose job is it to make sure that the information remains safe and not in the wrong hands? The retailer? The consumer?

Ransomware is a common type of cyber attack that may target individuals and businesses alike. Device users of any kind must be aware of the different types of ransomware attacks and how to prevent them.

Cyberattacks are still on the rise. Learn more about the problem of preventive cybersecurity and what needs to be changed.

In terms of delivering Managed Detection and Response (MDR), we view the term "shared responsibility' differently than some. It is more about collaboration than delineation. It is about how Vectra, and our customers work together in a seamless manner to resolve threats.

On November 1st 2022, after teasing the main show the week before, OpenSSL released their advisory describing two risks to OpenSSL 3.0.0 - 3.0.6. This was originally teased as a Critical level alert, which would have been the first Critical since 2015, however this was downgraded to a High owing to what OpenSSL describe as "mitigating factors".

Vectra SaaS CTO, Aaron Turner shares how to fix overwhelming security alerts that can cause your SOC team to miss critical threats. See how.

Cyber threat actors come in a variety of forms. Though they result in unwanted damage, their tactics, goals, and methods of attack differ. Avoiding being a victim begins with understanding the types of cybercriminals, their behaviors, goals, and motivations.

Last week I attended the Gartner Security and Risk Summit in London. The theme of the summit was Accelerating the Evolution of Security: Reframe and Simplify. From the very first keynote, Gartner laid down the gauntlet. "Change is needed and we must stop doing what we have always done and start learning from our mistakes." It is this very sentiment that set the tone for the show.

Native integration delivers Vectra's patented Security AI to CrowdStrike XDR, so joint customers can find attacker behaviors across public cloud, SaaS, identity, and networks from a single interface.

In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in. Attackers do not require elevated permissions to read these files, which exposes this concern to any attack that provides malicious actors with local or remote system access.

What value is there in detecting malicious actors if the detection isn't noticed? Vectra makes sure that your security operations see everything, and our updated Splunk Integration is the latest offering to help you do this.

A major apprenticeship program from the US government could fill vacant cybersecurity jobs - and we're here for it.

An influential industry analyst now declares NDR has reached the Hype Cycle's "Slope of Enlightenment." Vectra had confidence all along

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

We at Vectra think that SOC teams need to focus on 3 challenges to stay ahead of cyberattacks. Coverage, Clarity�Control

A US government agency provides a powerful framework for understanding today's cybersecurity challenges. Here's where Vectra AI fits in.

If you ask security analysts to describe the biggest pain points in their role, you will no doubt get a diverse set of answers. One thing that they will almost certainly have in common is the challenge of dealing with alert fatigue.

Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) that recommends proper configuration and monitoring of PowerShell to address the recurrence of the scripting language's use in cyberattacks.

How to move cybersecurity forward? At the core of this discussion, we always find the same core values. We at Vectra live up to the 9 C's.

Hybrid working models are a hacker's dream! Every remote IP is a potential risk. Learn how to protect your organization in the modern world.

Most marketing messages are a cocktail of sober reality and hyperbole. Of course, the proportions may vary from season to season, from one company to the next, but hype continues to be a perpetual factor in the cybersecurity world. At Vectra, however, we are firm believers in sober reality.

The MITRE ATT&ACK framework helps to keep your business secure. Learn how Vectra leverages MITRE ATT&CK and supports MITRE D3FEND.

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them.

Vectra's latest report on cybersecurity shows: Traditional approaches won't work anymore. Key findings are listed here.

In order to help security teams validate the effectiveness of their Azure AD security controls and stop future attacks, the Vectra platform continuously monitors user activity and reveals instances of users bypassing multi-factor authentication (MFA) and other preventative controls.

Regardless of discipline, cybersecurity professionals deal with mounting pressure each day to make the right decisions and strategically play the right hand to keep their organisations a step or two ahead of cybercriminals. It can be stressful.

The Vectra Masked CISO series gives security leaders a forum for discussing the biggest issues in security and advising their peers on how to overcome them.

We have never seen a full-on cyber conflict rage across the world's digital systems, but if the situation in Ukraine leads to such a thing, CIOs and CISOs will find themselves on the front lines. With escalation patterns uncertain and no "rules of the road" governing cyberwar, any organization risks becoming a casualty. Already, CIOs and CISOs are seeing their roles evolve and enlarge. Vectra AI CRO Willem Hendrickx discusses their transformational hour

What If there was a Supply Chain Compromise of an IDP? The recent security incident at Okta represents yet another perspective on supply chain compromises. This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.

The cloud is complex. AWS alone has over 200 services (and quickly growing). Securely configuring even a small set of these services to operate at the scale of modern organizations today creates a variety of challenges.

It's only human to focus on external threats to your well-being. This often applies to organizations and their approaches to security as well; which is why so much energy is typically put into perimeter security. Yet, this approach is antithetical to the zero-trust methodology: Organizations must also pay attention to internal-to-internal and internal-to-external traffic just as much as traffic coming in.

I want Vectra to be known also for its values, for its vision, for its people and attitude, and for its passion for making the world a safer and fairer place. In short, for our culture.

"Artificial intelligence is no match for human stupidity," observed a wry Albert Einstein. Today, we have evolved to where AI can deliver critical and indispensable advantages in the race toward cybersecurity. Nevertheless, even brilliant security managers do not always see how or why this is the case.

Updated perspective on cyberthreats as a result of ongoing Ukrainian/Russian conflict, including specific custom recall queries, and aggregation of common Russian state actor TTPs.

As the new reality ofthe continual dangers of cyberwar gradually sets in, organizations globally are working to harden their defenses. Most cyber-attacks are blocked by preventative safeguards. Highly motivated attackers, however, tend to find ways to get through those defenses.

Advanced Microsoft Cloud Attacks often attack through three key areas which we enumerate in this blog: Service Principals, Multi-Factor Authentication (MFA) Downgrade, and Mobile-Device MFA Authenticators.

While this wiper malware is new, it reuses much of the playbook employed by Russian state actors and ransomware gangs - fighting back requires us to sharpen the tools we already have.

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022.

The role of the CISO has never been clearly defined, and every CISO works differently.They are under a lot of pressure, and this leads to regular rotation of roles. The Masked CISO explains how this could be stopped if CISOs were given more autonomy and responsibility.

New Vectra CRO wants to achieve aggressive growth and continued global expansion for Vectra's leading network detection and response platform.

Dive into the intricacies of AI in cybersecurity with Vectra AI's 'Not All AI is Created Equal'. Learn about the distinction between security-led and math-led AI approaches, and discover how Vectra's unique, data-driven strategy offers superior threat detection and response capabilities, setting a new standard in AI-driven cybersecurity solutions.

Explore the real impact of AI and ML in cybersecurity with Vectra AI's blog 'The Great AI/ML Debate'. Uncover the truth behind the buzzwords and learn how AI-driven solutions can effectively counter modern security threats, including ransomware attacks.