Cybersecurity Sensors – Threat Detection Throughout a Distributed Network
Keeping data from getting out into the wild or being damaged by cyber attackers is what keeps CISOs, the executive team and boards of directors up at night. To protect organizations, cybersecurity needs to be automated and real-time, it needs to learn contextually like we do and it needs to monitor for threats at every corner of the network in a way that organizations can afford without sacrificing coverage.
The deeper or distributed your network is, the harder it is to detect cyberattacks including malware and advanced persistent threats (APT). Remote sites of a distributed network are often the most vulnerable because the security systems at headquarters are too costly to deploy everywhere and budgets do not allow for the hiring of security analysts at remote sites. Attackers know these sites are not monitored, so they use them as a side door through which they can spy and spread their way deep into internal network segments where they can steal or destroy key assets.
Today, we announced the Vectra S-series sensor, the security industry’s first dedicated sensor for automated breach detection. When customers combine the new S-series sensors with our X-series platform, their organization can automatically detect indicators of attacks across the entire network – even at remote sites or on internal segments – with a single unified view of their risk profile.
The strategy to create the S-series sensors came from our customers. They required a threat detection solution that can be cost-effectively deployed consistently across the organization because attackers will enter where security is the weakest. One customer said “I love the automation and real-time insights, but if I don’t have it in Tulsa, that is probably where the attacker will enter.” In addition to requiring a sensor to be easy to deploy and use, customers wanted to avoid the need for more hard-to-find staff.
The S-series sensor can be installed at any remote site – a retail store, a bank branch, or a healthcare clinic. Once connected, administrators configure the sensor via the Vectra cloud and essentially ‘forget’ the device.
The sensors at remote sites or on internal segments quickly become the eyes and ears of the X-series brain. These sensors monitor raw traffic at the remote and distill it down to essential metadata. Metadata is sent to the X-series – the brain of this distributed architecture – where data science and machine learning detect and intuitively report cyber attacks in progress.
The X-series is an “analyst in software” running 24-by-7. Rob Caputo, principal consultant at CS Technology, says the Vectra solution "just sits there and does its job. We don't have to do any maintenance, which makes this product really easy to use." He also says that the prioritized alerts enable first-line security staff to handle most issues. "Our frontline support people can jump on something immediately and eradicate the problem before it escalates, saving precious time and money."