Integrating With Microsoft to Detect Cyberattacks in Azure Hybrid Clouds

September 25, 2018
Gareth Bradshaw
Senior Product Manager & Technology Strategist
Integrating With Microsoft to Detect Cyberattacks in Azure Hybrid Clouds

Microsoft unveiled the Azure Virtual Network TAP, and Vectra announced its first-mover advantage as a development partner and the demonstration of its Cognito platform operating in Azure hybrid cloud environments.

What’s extraordinary about this watershed announcement is that enterprises will be able to rely on the Cognito platform to find hidden threats quickly, empower threat hunters, and speed incident response to avert data loss in Azure hybrid cloud environments.

The Azure Virtual Network TAP captures a copy of the data flowing between virtual machines, passing it to the Cognito vSensor which runs in Azure and extracts enriched metadata for analysis by the Cognito platform. By doing so, the virtual network TAP provides visibility into Azure network traffic, while Cognito automates the real-time detection of advanced cyberattacks.

Using the Azure Virtual Network TAP, Cognito will examine east-west and north-south traffic. With Cognito, cybercriminals who attack Azure cloud workloads cannot hide their malicious reconnaissance, lateral movement and data exfiltration behaviors inside the network.

The Azure Virtual Network TAP is a secure source of cloud network visibility for the Cognito platform, ensuring there is nowhere for cyberattackers to hide.

Unlike agent-based monitoring solutions, which can be disabled by attackers or even made to replay misleading traffic, the Azure-native TAP sits within the cloud infrastructure where it cannot be compromised and will not impact performance. Enterprises will be able to adopt the Cognito integration with the Azure Virtual Network TAP with complete confidence.

Protecting your core business

Cloud security should not simply consist of a perimeter security solution deployed in the cloud. Joint research from Microsoft and the University of Wisconsin shows that 80% of traffic stays inside the data center. In addition, cloud workloads typically encounter threats in the more advanced phases of the cyberattack lifecycle.

The IaaS and PaaS cloud services occupying Azure clouds are at the heart of nearly every modern enterprise, providing scalable, reliable access to data and applications that are critical to business processes.

An unprotected cloud puts these enterprise applications and data at risk. Using the Azure Virtual Network TAP, the Cognito platform will protect these environments at the earliest signs of an attack.

“Customers are adopting Microsoft Azure at a rapid pace,” said Ross Ortega, partner program manager of Azure Networking at Microsoft. “By partnering with Vectra, we are enabling enterprise customers who want to embrace AI-based cybersecurity to extend the Cognito platform to protect Azure workloads.”

Visibility and intelligence across the enterprise

Perimeter security technologies, such as virtual firewalls, focus on detecting the initial compromise or infection (e.g., exploits and malware). But advanced attackers have shown they can easily evade perimeter defenses and spread undetected inside the network by blending in with normal traffic.

Once they are inside, attackers are far more likely to infect other devices, elevate their level of privileged access and use their position of trust to pivot into the cloud to steal or damage critical assets.

Administrative accounts and protocols give attackers backdoor access to the cloud without having to exploit an application vulnerability. Attackers use standard administrative tools like SSH, Telnet or RDP to easily blend in with normal traffic as they move laterally to locate and steal sensitive data or intellectual property.

Since these advanced attacks use commonly-allowed protocols and don’t rely on malicious payloads, it is essential to use behavioral models to detect hidden attacker behaviors within network traffic.

In addition, cloud environments are always in flux. The dynamic and agile nature of the cloud is one of its most attractive qualities. Developers can quickly spin up new applications and have access to live production data for testing. Security technologies must be equally agile at handling these dynamics.

Finding attacker behaviors and tracking the progression of advanced attacks require visibility across each part of the network, regardless of the underlying technology. It isn’t enough to just deploy a virtual version of a traditional security tool as a workload in the cloud. Advanced threat detection solutions must provide visibility into all traffic in the cloud, hybrid environments and the enterprise.

For more information about the Vectra partnership with Microsoft and Cognito’s integration with the Azure Virtual Network TAP.