Welcome to the Vectra Blog

It's only human to focus on external threats to your well-being. This often applies to organizations and their approaches to security as well; which is why so much energy is typically put into perimeter security. Yet, this approach is antithetical to the zero-trust methodology: Organizations must also pay attention to internal-to-internal and internal-to-external traffic just as much as traffic coming in.

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022.

The role of the CISO has never been clearly defined, and every CISO works differently.They are under a lot of pressure, and this leads to regular rotation of roles. The Masked CISO explains how this could be stopped if CISOs were given more autonomy and responsibility.

New Vectra CRO wants to achieve aggressive growth and continued global expansion for Vectra's leading network detection and response platform.

Software attacks with an extortionist background are unfortunately becoming the norm for many companies. But what if automated anti ransomware tools could unmask malware at an early stage and combat them effectively - even before they can cause harm?<br>

As we saw with the Log4J vulnerability, cybercriminals only need a single opening to infiltrate your environment. And while another vulnerability can't be prevented, there's still a lot that can be done to make sure you're ready for the next one.

With ransomware on the rise, prevention isn’t enough. An “assume compromise” approach with advanced detection is essential. Learn why a UK insurer chose Ve

Every year the world of cybersecurity encounters new challenges and obstacles for organisations to overcome, but 2021 managed to be an exceptionally dangerous year. So how will the lessons learnt from 2021 shape the cybersecurity landscape? Here are four areas of cybersecurity that will evolve in 2022.

Agile has its uses. It's increasingly being adopted as a technology wide operating model-to drive transformation everywhere, from helpdesks to datacenters. But is it always appropriate?

Exclusive cybersecurity research presented in a new report, details how hundreds of security leaders are addressing today's complex cyberthreats in their organisations.

Vectra has been recognized as a DeloitteTechnology Fast 500™ award winner - a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America.

"Do your part" is the theme of this year's Cybersecurity Awareness Month. See what you can do right now so cyberattacks don't become a problem in your Microsoft cloud environment.

Many organizations these days face incident response challenges. Get insight about the common challenges in this area, and what your organization can do to resolve them.

Discover four key ways AI can enhance SOC efficiency by improving alert accuracy, optimizing investigations, automating threat hunting, and prioritizing high-risk threats.

Stopping ransomware requires a new way of thinking. See why you can't only rely on legacy tools to keep your organization safe, but rather how you can leverage AI to detect when this invasive threat enters your cloud.

Hear cloud security experts from Splunk and Vectra explain how digital transformation has drastically changed security and why organizations need to adapt.

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

As organizations continue to build on AWS with no sign of slowing down, it's important to know where the security blind spots are and how to address them.

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

Discover how Microsoft and Vectra partner to deliver Zero Trust security solutions, focusing on key principles: verify explicitly, use least privileged access, and assume breach.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you're only as secure as your provider.

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

Vectra is honored to be named Cloud Security/SaaS Disruptor Company of the Year with a Gold Globee® Award in the Annual 2021 Awards.

As SOC 1.0 remains the norm for many organizations, this way of doing things does have its challenges. See why more organizations are updating their approach in an effort to spot attacks faster while benefiting from a cost savings.

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

Supply chain attacks represent an appealing opportunity for attackers. See why this type of attack is gaining in popularity and what defenders need to know to keep their organization safe.

In our latest Spotlight Report, see how the Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behavior that is abnormal or unsafe across their environments.

We're excited to announce a new integration with Zscaler! Find out how this integration with Cognito Detect provides end-to-end access visibility and protection for remote workers and business-critical applications.

Just a week after the Colonial Pipeline was shut down due to ransomware-attackers are at it again. It's now being reported that Ireland's health service shut down its IT systems and a company in Germany had to fork out a $4.4 million ransom on the same day.

Cyberattacks are hitting the headlines around the world and there seems to be no end to the noise the attacks are making. We dive into what an organisation should do to stay breached.

Vectra Cognito Azure AD Privilege Anomaly Detection identifies account takeovers in Azure AD, alerting teams to prevent attacks on mission-critical apps.

Network and endpoint defense technologies will have to either rapidly update signatures or use other investigative ways to detect command and control (C2). Uncover how threat actors evade security tools to execute C2 techniques to learn about what you should look for.

For us as Vectra, equality and inclusivity are key components of our culture. This International Women's Day, we want to celebrate the women in cybersecurity and highlight the opportunities available in the industry.

Vectra is honored to receive recognition from CRN by honoring the Vectra Partner Program with its prestigious 5-Star Partner Program Rating. We couldn't be more thrilled about this award and our amazing partner community.

Account takeovers targeting Office 365 are rising. Discover IT leaders’ top concerns about Office 365 security and cloud data protection.

Speed is a key ingredient to successful containment but switching between security solutions find the host or policy you want and applying it all takes time. Vectra enables security teams to enforce directly in the platform, saving valuable time for security operations.

Despite 71% of organizations suffering malicious SaaS account takeover, 90% are still accelerating cloud adoption. Surprising? Maybe not - read on as this blog distills the takeaways from mid-sized and large Office 365 enterprises.

Announcing extended coverage of Vectra in your entire AWS cloud footprint using the new AWS traffic mirroring capabilities on EC2 instances based on the popular Xen platform.

Discover three essential guideposts for enhancing organizational security, focusing on strategic planning, resilience, and risk quantification.

Vectra researchers dissect the SolarWinds supply chain attack, tracking backdoor to persistent access in data centers and cloud, with a focus on Office 365

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.

Learn how Command and Control (C2) frameworks are continuing to evolve in order to evade detection. Here we will examine a method known as JA3 signature randomization.

Discover why the NIST Zero Trust Architecture no longer requires decryption and how Vectra’s NDR solution enhances security.

As our reliance on technology grows, so does the need for robust cybersecurity to protect users and keep data and business operations safe.

The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.

With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.

Discover how the new security insights feature in the Vectra Cognito network detection and response platform eliminates the need for analysts to pivot between tools and provides additional insights related to attacker detections.

Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network-except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.

Vectra CTO Oliver Tavakoli looks back on a disruptive 2020 and shares his view of what 2021 holds for security practices.

Learn why we are celebrating our placement in the Deloitte Fast 500 list as an achievement and testament to a customer-first approach rather than a numbers goal.

Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise-ultimately reducing the risk of breach.

Discover how ransomware has evolved into targeted, double extortion attacks and learn proactive defense strategies to protect your organization.

Learn from Principle Research Analyst, Eric Hanselman, from 451 Research how the combination of the right data and the right analytics can help security teams to secure what is an important resource for the modern enterprise.

Vectra announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.

Learn more about how Vectra's new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.

Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.

A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.

We're delighted to to announce a new integration between our Cognito platform for NDR and the cPacket Networks visibility solution. The combined techniques provide robust security-response capabilities that track the source, target, and method of attack.

Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.

Discover how Vectra AI improves cybersecurity during M&As by detecting inherited and insider threats across all attack stages.

With the advent of AI, managed security service providers (MSSPs) have a huge opportunity to improve 24x7 network threat detection, response and visibility while augmenting their understanding of security events.

Discover in this blog why many organizations are struggling with the burden of maintaining IDPS deployments and how security teams can instead concentrate on detecting and mitigating active threats inside the network with network detection and response.

See the certificates in your network that are actively in use, those that are about to expire and ones that have already expired in the new dashboard in Cognito Recall.

Learn how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply attackers moving around inside your deployments due to reliance on signatures and being deployed at the network perimeter.

Consider getting rid of IDPS and the noise it creates and check out detecting and stopping cyberattacks using NDR. Free-up your security analysts to focus on investigations and threat-hunting instead of tweaking signatures.

AI-based detections are great at identifying attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give you the most durable coverage and early understanding of threats.

Discover step-by-step how Vectra AI identified early indicators of the Maze ransomware attack and prevented the encryption of the company files.

We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer's security teams to further improve the agility, efficiency and efficacy of their security operations.

The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.

Battista Cagnoni explores how to mature your SOC with processes for reactive threat detection and proactive threat hunting.

Our integration with Microsoft Defender ATP lets you perform Host Lockdown on Microsoft Defender ATP hosts.

At Vectra, our partners are integral to the way we go tomarket and we want to ensure you we are committed to the mutual success of our relationship.

Healthcare's shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.

The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category.

Vectra announces a partnership and deep product integration with Microsoft Defender for Endpoint (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.

Explore the role of network metadata in enhancing cybersecurity, its benefits, and how Vectra AI's advanced solutions provide comprehensive visibility and threat detection.

Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.

Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today's modern cyberattacks.

Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard.

Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network.

With increasingly sophisticated threats,cyber-risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.

Over the past decade, cyber operations have become intertwined with geopolitical conflict. In recent asymmetric campaigns, state-sponsored threat groups have mapped critical infrastructure, disrupted systems, held information hostage, and stolen state secrets as a form of warfare.

PAA enables SOC teams to monitor and defend against these types of attacks. In addition to our extensive models that detect command-and-control channels, this make the Cognito platform a powerful tool to combat evolving malware attacks against enterprises.

That's why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.

The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.

Explore new NIST guidelines on Zero Trust Architecture and how Vectra enhances network visibility and security.

By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.

Learn how Vectra AI strengthens zero trust security with continuous monitoring and real-time threat detection across hybrid and cloud environments.

The rationale behind choosing a managed security services provider (MSSP) can be numerous, but one of the primary reasons is to overcome the cybersecurity skills shortage. Finding the right talent in cybersecurity and retaining skilled professionals once they've been trained is very difficult.

The time of separated networks-when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment-is long gone.

Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker's arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.

Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems that describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.

Leveraging the multi-homed attribute to identify potential command-and-control channels within expansive infrastructures.

As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.

Today, I am thrilled to share the news that Vectra has completed a $100 million Series E funding round led by TCV, one of the largest growth equity firms backing private and public technology companies.

When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.

Imagine having a security tool that thinks the way you teach it to think, that takes action when and how you have trained it to act. No more adapting your work habits to generic rules written by a third party and wondering how to fill in security gaps that the rules did not tell you about.