Welcome to the
Vectra Blog

Exclusive cybersecurity research presented in a new report, details how hundreds of security leaders are addressing today’s complex cyberthreats in their organisations.

Are CISOs today “playing it safe”, clinging to old playbooks and legacy tools like IDPS? Read why The Masked CISO thinks the old ways aren’t working and why it’s time to throw away the rule book.

Vectra has been recognized as a DeloitteTechnology Fast 500™ award winner — a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America.

Introducing Sidekick MDR for VECTRA customers with 24*7 eyes-on-glass service leveraging cloud-scale analytics of the VECTRA Cognito platform to enable security teams to meaningfully detect and respond to ransomware, nation-state and insider attacks.

Learn why these two points are critical when choosing a threat detection and response vendor: 1) Darktrace is a sales & marketing engine, not a technology innovator 2) 91% of customers who consider both Darktrace and Vectra choose Vectra.

‍

Hear what Tallink, the largest shipping company operating in the Baltic Sea, says are the most valuable capabilities in an NDR solution and what you need to know when selecting one for your environment.

“Do your part” is the theme of this year’s Cybersecurity Awareness Month. See what you can do right now so cyberattacks don’t become a problem in your Microsoft cloud environment.

Die Cyber-Sicherheitslösung Vectra Detect erkennt und blockiert Ransomware-Angriffe. Die agentenlose und KI-gestützte Cognito-Plattform bietet automatische Verhaltenserkennung und stoppt Ransomware, bevor diese Dateien verschlüsseln und Daten extrahieren kann.

La solution de cybersécurité Vectra Detect est spécialement conçue pour détecter et bloquer les attaques par ransomware. Optimisée par l'IA, la plate-forme sans agent Cognito identifie les ransomwares avant qu'ils n'aient pu chiffrer des fichiers ou exfiltrer des données.

Many organizations these days face incident response challenges. Get insight about the common challenges in this area, and what your organization can do to resolve them.

AI can save your SOC valuable time by automating workloads, while accurately tracking down cyberattacker activities found in ransomware and supply chain attacks.

Ransomware. It is the new digital bogeyman. In the UAE, an industry survey from June 2021showed the extent to which the country (and by implication, the wider region)has been subjected to ransomware. Some 37% of respondents said they had beenvictims in the previous two years. A staggering 84% elected to pay the ransom, only for most of them — 90% of those who paid — to suffer from second attacksthat often came from the same bad actors.

‍

Vectra Detect cybersecurity solution is purpose-built to detect and stop ransomware attacks. The agentless and AI-driven Cognito Platform sees and stops ransomware before it can encrypt files and exfiltrate data by automatically detecting attacker behavior.

Stopping ransomware requires a new way of thinking. See why you can’t only rely on legacy tools to keep your organization safe, but rather how you can leverage AI to detect when this invasive threat enters your cloud.

Organizations continue to deploy rapidly in the cloud, while security is often an afterthought. Read about the five areas that could be exposing your AWS deployments to security threats. 

Hear cloud security experts from Splunk and Vectra explain how digital transformation has drastically changed security and why organizations need to adapt.

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

As organizations continue to build on AWS with no sign of slowing down, it’s important to know where the security blind spots are and how to address them.

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

Microsoft partners with Vectra to deliver Zero Trust security framework to provide analytics and mitigate threats emerging from distributed and hybrid-remote workforces.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

After obsessing for years over pushing the limits with AI to detect cyberattacker behavior, Vectra is proud to hold the most patents referenced in MITRE D3FEND.

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you’re only as secure as your provider.

Vectra is key contributor to new CEPS Report on the Technology, Governance and Policy Challenges of AI and Cybersecurity and supports Vectra’s mission to make the world a safer and fairer place.

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

Vectra is honored to be named Cloud Security/SaaS Disruptor Company of the Year with a Gold Globee® Award in the Annual 2021 Awards.

The rapid shift to cloud-everything left users and apps vulnerable to security threats across all environments. Andras Cser from Forrester joined Joe Malenfant and Gokul Rajagopalan from Vectra to discuss cloud trends among organizations.

As SOC 1.0 remains the norm for many organizations, this way of doing things does have its challenges. See why more organizations are updating their approach in an effort to spot attacks faster while benefiting from a cost savings.

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

Vectra introduces Detect for AWS, solving threat detection and response for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) environments.

What makes threat detection so challenging? We answer that question and provide the expert insight around our latest Spotlight Report—Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365.

As cloud adoption continues to accelerate, the evolution of the next generation of modern attacks will traverse through and towards an enterprise’s cloud control plane. Learn why this risk should not be underestimated.

Supply chain attacks represent an appealing opportunity for attackers. See why this type of attack is gaining in popularity and what defenders need to know to keep their organization safe.

In our latest Spotlight Report, see how the Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behavior that is abnormal or unsafe across their environments.

We’re excited to announce a new integration with Zscaler! Find out how this integration with Cognito Detect provides end-to-end access visibility and protection for remote workers and business-critical applications.

Just a week after the Colonial Pipeline was shut down due to ransomware—attackers are at it again. It’s now being reported that Ireland’s health service shut down its IT systems and a company in Germany had to fork out a $4.4 million ransom on the same day.

Cyberattacks are hitting the headlines around the world and there seems to be no end to the noise the attacks are making. We dive into what an organisation should do to stay breached.

The Vectra Cognito Azure AD Privilege Anomaly Detection is a radical step forward when detecting account takeover events targeting Azure AD to gain access to mission-critical SaaS applications. With it, teams are alerted, and attacks can be stopped before they cause harm.

Every year, this global retail giant in the beauty industry failed to pass red team exercises—until they deployed Vectra. Get the full story on how they use the Cognito platform to pass Red Team testing and ensure the overall security of its data.

Network and endpoint defense technologies will have to either rapidly update signatures or use other investigative ways to detect command and control (C2). Uncover how threat actors evade security tools to execute C2 techniques to learn about what you should look for.

We’re excited to announce extended EDR native integration support in the Cognito platform! Find out how you can benefit from these simple, seamless integrations for comprehensive coverage across the enterprise, IoT devices, hybrid cloud, and cloud environments.

For us as Vectra, equality and inclusivity are key components of our culture. This International Women's Day, we want to celebrate the women in cybersecurity and highlight the opportunities available in the industry.

Find out how Vectra’s native integrations with Microsoft and AWS enable security teams to automatically contain events directly from the Cognito platform.

Vectra is honored to receive recognition from CRN by honoring the Vectra Partner Program with its prestigious 5-Star Partner Program Rating. We couldn’t be more thrilled about this award and our amazing partner community.

Account takeovers and identity-based attacks are on the rise, with Microsoft Office 365 at the heart of these threats. Find out what concerns are top of mind for IT decision makers when it comes to Office 365 security and protecting data in the cloud.

Speed is a key ingredient to successful containment but switching between security solutions find the host or policy you want and applying it all takes time. Vectra enables security teams to enforce directly in the platform, saving valuable time for security operations.

Despite 71% of organizations suffering malicious SaaS account takeover, 90% are still accelerating cloud adoption. Surprising? Maybe not – read on as this blog distills the takeaways from mid-sized and large Office 365 enterprises.

We’re excited to announce that Detect and Recall have successfully achieved SOC 2 Type 2 compliance. Find out how this milestone further ensures the security and confidentiality of our customers’ and partners’ data.

Announcing extended coverage of Vectra in your entire AWS cloud footprint using the new AWS traffic mirroring capabilities on EC2 instances based on the popular Xen platform.

The Hafnium campaign is targeting Microsoft Exchange Servers by leveraging several zero-day exploits and allows attackers to bypass authentication, including MFA to access e-mail accounts. Read more about hot to detect and stop the attack with Vectra Cognito.

Security leaders need to measure success, but too often the exercise focuses more on the absence of failure than the presence of success. Here’s three practical guideposts to achieve meaningful organizational security.

Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.

Vectra announces extended support for Azure AD in Cognito Detect for Office 365. Find out how this increased coverage can secure users’ cloud identities and reduce consequences of supply chain attacks.

Pendant la pandémie, les pirates ont profité des informations sur le COVID-19. Découvrez comment un message LinkedIn ordinaire a déclenché une réaction en chaîne qui a conduit à une attaque généralisée et astucieuse contre l'une des principales sociétés pharmaceutiques.

Während der Pandemie haben Hacker Informationen über COVID-19 genützt. Finden Sie heraus, wie eine gewöhnliche LinkedIn-Nachricht eine Kettenreaktion auslöste, die zu einem weit verbreiteten, raffinierten Angriff auf eines der weltweit führenden Pharmaunternehmen führte.

CRN® has named Jessica Couto, VP of Channel, Americas, at Vectra AI, to its 2021 list of Channel Chiefs. The prestigious CRN® Channel Chiefs list, released annually, recognizes prominent leaders that demonstrates exceptional leadership, vision, and commitment to their channel partner programs.

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.

The pandemic has made threat actors eager to exploit information about COVID-19. Find out how an ordinary LinkedIn message set off a chain reaction that escalated into a widespread, sophisticated attack at one of the world's leading pharmaceutical companies.

Learn how Command and Control (C2) frameworks are continuing to evolve in order to evade detection. Here we will examine a method known as JA3 signature randomization.

In 2020 we got a glimpse of just how much AI is beginning to penetrate everyday life. However, practical applications raise important questions about the ethical use of AI. In this blog, we reflect on the biggest stories in AI from last year.

Learn from Vectra CRO, Marc Gemassmer, what makes the SolarWinds hack unique from other breaches and how network detection and response can help remediate similar attacks in the future.

Learn why a successful implementation of a Zero Trust Architecture requires a modern network detection and response solution that can collect metadata about encrypted traffic—without relying on the overhead of agents.

Es ist wieder an der Zeit, uns die jüngere Vergangenheit anzuschauen und in die Zukunft zu blicken und darauf, was uns das nächste Jahr in puncto Cyber-Sicherheit bringen wird.

As our reliance on technology grows, so does the need for robust cybersecurity to protect users and keep data and business operations safe.

The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.

Discover step-by-step how Vectra identified early indicators of a ransomware attack and prevented the encryption of network file share in this blog.

With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.

Discover how the new security insights feature in the Vectra Cognito network detection and response platform eliminates the need for analysts to pivot between tools and provides additional insights related to attacker detections.

Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.

Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Learn how to mitigate online shopping threats and keep your personal data safe this holiday season.

Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network—except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.

With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.

Vectra CTO Oliver Tavakoli looks back on a disruptive 2020 and shares his view of what 2021 holds for security practices.

Aujourd’hui encore, il faut une moyenne de 200 jours pour repérer une attaque informatique, la plupart des outils préventifs s’arrêtant après la primo infection. En effet, en matière de sécurité informatique, une fois qu’un élément est compromis et qu’un attaquant a réussi à pénétrer un élément du système, il est quasiment impossible de le détecter

Learn why we are celebrating our placement in the Deloitte Fast 500 list as an achievement and testament to a customer-first approach rather than a numbers goal.

Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise—ultimately reducing the risk of breach.

“Ransomware operators” are rational economic entities that have evolved their tactics to optimize their ill-gotten financial returns. Their behavior changes mean detection and response approaches must change too.

The goal of an efficient incident response process is to free-up security analyst's time to focus on higher value work that requires critical thinking. Learn how automation can be applied to a detection and response process.

Learn from Principle Research Analyst, Eric Hanselman, from 451 Research how the combination of the right data and the right analytics can help security teams to secure what is an important resource for the modern enterprise.

Vectra research highlights how attackers are using built-in tools and services to attack Office 365. We examine two such attacks that were detected and thwarted by organizations protected by Cognito Detect for Office 365.

National Institute for Standards and Technology (NIST) publication for the Zero Trust Architecture (NIST SP 800-207) relies heavily on continuous and accurate monitoring. Find out why network detection and response (NDR) is a required component.

If you are in security operations, have you ever wondered how long it will take before use cases and playbooks are ready or prove value to your organization?

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.

Vectra announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.

Attackers are using legitimate tools built into Microsoft Office 365 to perform reconnaissance, move laterally, and extend their attacks. OurSpotlight Report on Office 365 identifies what they’re up to and where you should be looking.

Learn more about how Vectra’s new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.

Discover how maturity and capability can be defined and measured across the five stages of the maturity model based on the desired level of risk awareness.

Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.

Die Kombination von EDR, NDR sowie SIEM bilden die SOC-Transparenz-Triade. Doch auf dem steinigen Weg zur Transparenz im Security Operations Center (SOC) muss man bei der Implementierung von Angriffserkennungstools zahlreiche Hindernisse überwinden.

We’re excited to announce a partnership with Fortinet to integrate the Cognito Platform and FortiGate next-generation firewalls to detect, respond, and block cyberattacks in cloud, data center, IoT, and enterprise networks.

Asset management is one of the toughest challenges IT organizations can face. Discover why the ability to detect threats early on the network is better than ranking your critical systems.

A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.

Analyzing the psychology of an insider threat case is a complex task because there is little evidence and scant public data about threat incidents. Develop an improved understanding of the mind of malicious insiders with the multiple life-stage model.

Gregory Cardiet, technical leader for Vectra, shares his thoughts and experiences on why enterprises are increasingly integrating network detection and response (NDR) as a core element of their security operations visibility capabilities.

We’re delighted to to announce a new integration between our Cognito platform for NDR and the cPacket Networks visibility solution. The combined techniques provide robust security-response capabilities that track the source, target, and method of attack.

Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.

The recent ZeroLogon (CVE-2020-1472) vulnerability allows an attacker to gain Domain Admin credentials. The Vectra AI/ML models are designed to detect attacks regardless of tools or signatures and alerted on ZeroLogon even before it was announced.

During a merger and acquisition, there are several critical cybersecurity challenges to overcome and manage during an M&A. Vectra can help speed-up due diligence and integration by automating threat hunting and prioritizing detected threats based on certainty and risk.

Learn why the SOC visibility triad is a better way to gain full visibility into threats and why Vectra is critical to help provide that visibility.