Welcome to the Vectra Blog

What value is there in detecting malicious actors if the detection isn't noticed? Vectra makes sure that your security operations see everything, and our updated Splunk Integration is the latest offering to help you do this.

A major apprenticeship program from the US government could fill vacant cybersecurity jobs - and we're here for it.

An influential industry analyst now declares NDR has reached the Hype Cycle's "Slope of Enlightenment." Vectra had confidence all along

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

We at Vectra think that SOC teams need to focus on 3 challenges to stay ahead of cyberattacks. Coverage, Clarity Control

Discover how Vectra AI aligns with the NIST Framework to enhance your cybersecurity strategy.

If you ask security analysts to describe the biggest pain points in their role, you will no doubt get a diverse set of answers. One thing that they will almost certainly have in common is the challenge of dealing with alert fatigue.

Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) that recommends proper configuration and monitoring of PowerShell to address the recurrence of the scripting language's use in cyberattacks.

How to move cybersecurity forward? At the core of this discussion, we always find the same core values. We at Vectra live up to the 9 C's.

Most marketing messages are a cocktail of sober reality and hyperbole. Of course, the proportions may vary from season to season, from one company to the next, but hype continues to be a perpetual factor in the cybersecurity world. At Vectra, however, we are firm believers in sober reality.

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them.

Vectra's latest report on cybersecurity shows: Traditional approaches won't work anymore. Key findings are listed here.

In order to help security teams validate the effectiveness of their Azure AD security controls and stop future attacks, the Vectra platform continuously monitors user activity and reveals instances of users bypassing multi-factor authentication (MFA) and other preventative controls.

Regardless of discipline, cybersecurity professionals deal with mounting pressure each day to make the right decisions and strategically play the right hand to keep their organisations a step or two ahead of cybercriminals. It can be stressful.

What If there was a Supply Chain Compromise of an IDP? The recent security incident at Okta represents yet another perspective on supply chain compromises. This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.

We have never seen a full-on cyber conflict rage across the world's digital systems, but if the situation in Ukraine leads to such a thing, CIOs and CISOs will find themselves on the front lines. With escalation patterns uncertain and no "rules of the road" governing cyberwar, any organization risks becoming a casualty. Already, CIOs and CISOs are seeing their roles evolve and enlarge. Vectra AI CRO Willem Hendrickx discusses their transformational hour

The cloud is complex. AWS alone has over 200 services (and quickly growing). Securely configuring even a small set of these services to operate at the scale of modern organizations today creates a variety of challenges.

It's only human to focus on external threats to your well-being. This often applies to organizations and their approaches to security as well; which is why so much energy is typically put into perimeter security. Yet, this approach is antithetical to the zero-trust methodology: Organizations must also pay attention to internal-to-internal and internal-to-external traffic just as much as traffic coming in.

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022.

The role of the CISO has never been clearly defined, and every CISO works differently.They are under a lot of pressure, and this leads to regular rotation of roles. The Masked CISO explains how this could be stopped if CISOs were given more autonomy and responsibility.

New Vectra CRO wants to achieve aggressive growth and continued global expansion for Vectra's leading network detection and response platform.

Software attacks with an extortionist background are unfortunately becoming the norm for many companies. But what if automated anti ransomware tools could unmask malware at an early stage and combat them effectively - even before they can cause harm?<br>

As we saw with the Log4J vulnerability, cybercriminals only need a single opening to infiltrate your environment. And while another vulnerability can't be prevented, there's still a lot that can be done to make sure you're ready for the next one.

With ransomware on the rise, prevention isn’t enough. An “assume compromise” approach with advanced detection is essential. Learn why a UK insurer chose Ve

Every year the world of cybersecurity encounters new challenges and obstacles for organisations to overcome, but 2021 managed to be an exceptionally dangerous year. So how will the lessons learnt from 2021 shape the cybersecurity landscape? Here are four areas of cybersecurity that will evolve in 2022.

Agile has its uses. It's increasingly being adopted as a technology wide operating model-to drive transformation everywhere, from helpdesks to datacenters. But is it always appropriate?

Exclusive cybersecurity research presented in a new report, details how hundreds of security leaders are addressing today's complex cyberthreats in their organisations.

Vectra has been recognized as a DeloitteTechnology Fast 500™ award winner - a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America.

"Do your part" is the theme of this year's Cybersecurity Awareness Month. See what you can do right now so cyberattacks don't become a problem in your Microsoft cloud environment.

Many organizations these days face incident response challenges. Get insight about the common challenges in this area, and what your organization can do to resolve them.

Discover four key ways AI can enhance SOC efficiency by improving alert accuracy, optimizing investigations, automating threat hunting, and prioritizing high-risk threats.

Stopping ransomware requires a new way of thinking. See why you can't only rely on legacy tools to keep your organization safe, but rather how you can leverage AI to detect when this invasive threat enters your cloud.

Hear cloud security experts from Splunk and Vectra explain how digital transformation has drastically changed security and why organizations need to adapt.

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

As organizations continue to build on AWS with no sign of slowing down, it's important to know where the security blind spots are and how to address them.

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

Discover how Microsoft and Vectra partner to deliver Zero Trust security solutions, focusing on key principles: verify explicitly, use least privileged access, and assume breach.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you're only as secure as your provider.

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

Vectra is honored to be named Cloud Security/SaaS Disruptor Company of the Year with a Gold Globee® Award in the Annual 2021 Awards.

As SOC 1.0 remains the norm for many organizations, this way of doing things does have its challenges. See why more organizations are updating their approach in an effort to spot attacks faster while benefiting from a cost savings.

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

Supply chain attacks represent an appealing opportunity for attackers. See why this type of attack is gaining in popularity and what defenders need to know to keep their organization safe.

In our latest Spotlight Report, see how the Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behavior that is abnormal or unsafe across their environments.

We're excited to announce a new integration with Zscaler! Find out how this integration with Cognito Detect provides end-to-end access visibility and protection for remote workers and business-critical applications.

Just a week after the Colonial Pipeline was shut down due to ransomware-attackers are at it again. It's now being reported that Ireland's health service shut down its IT systems and a company in Germany had to fork out a $4.4 million ransom on the same day.

Cyberattacks are hitting the headlines around the world and there seems to be no end to the noise the attacks are making. We dive into what an organisation should do to stay breached.

Vectra Cognito Azure AD Privilege Anomaly Detection identifies account takeovers in Azure AD, alerting teams to prevent attacks on mission-critical apps.

Network and endpoint defense technologies will have to either rapidly update signatures or use other investigative ways to detect command and control (C2). Uncover how threat actors evade security tools to execute C2 techniques to learn about what you should look for.

For us as Vectra, equality and inclusivity are key components of our culture. This International Women's Day, we want to celebrate the women in cybersecurity and highlight the opportunities available in the industry.

Vectra is honored to receive recognition from CRN by honoring the Vectra Partner Program with its prestigious 5-Star Partner Program Rating. We couldn't be more thrilled about this award and our amazing partner community.

Account takeovers targeting Office 365 are rising. Discover IT leaders’ top concerns about Office 365 security and cloud data protection.

Speed is a key ingredient to successful containment but switching between security solutions find the host or policy you want and applying it all takes time. Vectra enables security teams to enforce directly in the platform, saving valuable time for security operations.

Despite 71% of organizations suffering malicious SaaS account takeover, 90% are still accelerating cloud adoption. Surprising? Maybe not - read on as this blog distills the takeaways from mid-sized and large Office 365 enterprises.

Announcing extended coverage of Vectra in your entire AWS cloud footprint using the new AWS traffic mirroring capabilities on EC2 instances based on the popular Xen platform.

Discover three essential guideposts for enhancing organizational security, focusing on strategic planning, resilience, and risk quantification.

Vectra researchers dissect the SolarWinds supply chain attack, tracking backdoor to persistent access in data centers and cloud, with a focus on Office 365

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.

Learn how Command and Control (C2) frameworks are continuing to evolve in order to evade detection. Here we will examine a method known as JA3 signature randomization.

Discover why the NIST Zero Trust Architecture no longer requires decryption and how Vectra’s NDR solution enhances security.

As our reliance on technology grows, so does the need for robust cybersecurity to protect users and keep data and business operations safe.

The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.

With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.

Discover how the new security insights feature in the Vectra Cognito network detection and response platform eliminates the need for analysts to pivot between tools and provides additional insights related to attacker detections.

Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network-except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.

Vectra CTO Oliver Tavakoli looks back on a disruptive 2020 and shares his view of what 2021 holds for security practices.

Learn why we are celebrating our placement in the Deloitte Fast 500 list as an achievement and testament to a customer-first approach rather than a numbers goal.

Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise-ultimately reducing the risk of breach.

Discover how ransomware has evolved into targeted, double extortion attacks and learn proactive defense strategies to protect your organization.

Learn from Principle Research Analyst, Eric Hanselman, from 451 Research how the combination of the right data and the right analytics can help security teams to secure what is an important resource for the modern enterprise.

Vectra announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.

Learn more about how Vectra's new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.

Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.

A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.

We're delighted to to announce a new integration between our Cognito platform for NDR and the cPacket Networks visibility solution. The combined techniques provide robust security-response capabilities that track the source, target, and method of attack.

Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.

Discover how Vectra AI improves cybersecurity during M&As by detecting inherited and insider threats across all attack stages.

With the advent of AI, managed security service providers (MSSPs) have a huge opportunity to improve 24x7 network threat detection, response and visibility while augmenting their understanding of security events.

Discover in this blog why many organizations are struggling with the burden of maintaining IDPS deployments and how security teams can instead concentrate on detecting and mitigating active threats inside the network with network detection and response.

See the certificates in your network that are actively in use, those that are about to expire and ones that have already expired in the new dashboard in Cognito Recall.

Learn how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply attackers moving around inside your deployments due to reliance on signatures and being deployed at the network perimeter.

Consider getting rid of IDPS and the noise it creates and check out detecting and stopping cyberattacks using NDR. Free-up your security analysts to focus on investigations and threat-hunting instead of tweaking signatures.

AI-based detections are great at identifying attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give you the most durable coverage and early understanding of threats.

Discover step-by-step how Vectra AI identified early indicators of the Maze ransomware attack and prevented the encryption of the company files.

We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer's security teams to further improve the agility, efficiency and efficacy of their security operations.

The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.

Battista Cagnoni explores how to mature your SOC with processes for reactive threat detection and proactive threat hunting.

Our integration with Microsoft Defender ATP lets you perform Host Lockdown on Microsoft Defender ATP hosts.

At Vectra, our partners are integral to the way we go tomarket and we want to ensure you we are committed to the mutual success of our relationship.

Healthcare's shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.

The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category.

Vectra announces a partnership and deep product integration with Microsoft Defender for Endpoint (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.

Explore the role of network metadata in enhancing cybersecurity, its benefits, and how Vectra AI's advanced solutions provide comprehensive visibility and threat detection.

Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.

Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today's modern cyberattacks.

Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard.

Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network.