Welcome to the Vectra Blog

Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker's arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.

Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems that describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.

Leveraging the multi-homed attribute to identify potential command-and-control channels within expansive infrastructures.

As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.

Today, I am thrilled to share the news that Vectra has completed a $100 million Series E funding round led by TCV, one of the largest growth equity firms backing private and public technology companies.

When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.

Imagine having a security tool that thinks the way you teach it to think, that takes action when and how you have trained it to act. No more adapting your work habits to generic rules written by a third party and wondering how to fill in security gaps that the rules did not tell you about.

The United States has not been hit by a paralyzing cyberattack on critical infrastructure like the one that sidelined Ukraine in 2015. That attack disabled Ukraine's power grid, leaving more than 700,000 people in the dark.

Microsoft unveiled the Azure Virtual Network TAP, and Vectra announced its first-mover advantage as a development partner and the demonstration of its Cognito platform operating in Azure hybrid cloud environments.

Recently, Vectra published the 2018 Black Hat Edition of the Attacker Behavior Industry Report, which covers the period from January through June 2018. While there are plenty of threat-research reports out there, this one offers unique insights about real-world cyberattacker behaviors found in cloud, data center and enterprise networks.

Explore how cybersecurity AI systems can effectively leverage various learning techniques enhance threat detection and reduce analyst workload.

Recently, we made an alarming discovery: hackers are using hidden tunnels to break into and steal from financial services firms! Clearly, this is serious business if it involves bad guys targeting massive amounts of money and private information. But what exactly are we dealing with? Let's dig into what hidden tunnels are and how I find them to uncover the answer.

Learn how neural networks and deep learning enable AI systems to detect and respond to complex cyber threats with speed and precision.

Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you're an analyst, you probably have some incredible skills but are being held back by tedious, manual work.

Explore the fundamentals of algorithmic learning with Sohrob Kazerounian as he delves into supervised, unsupervised, and reinforcement learning methods.

Explore the distinctions between AI and machine learning, clarifying their unique roles and interconnections within cybersecurity applications.

Explore the origins of AI, tracing the evolution from early neural networks to the foundational Dartmouth workshop that defined AI's trajectory.

While ransomware attacks like NotPetya and WannaCry were making headlines (and money) in 2017, cryptocurrency mining was quietly gaining strength as the heir apparent when it comes to opportunistic behaviors for monetary gain.

Explore Alan Turing's pioneering contributions to machine intelligence, the Turing Machine, and his perspectives on the development of modern computing.

In my last blog, I spoke about a financial customer performing pen testing and how I helped the blue team detect the red team as it carried-out an attack. I'm back again today with another story from the trenches.

Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS.

Cisco recently <a href="https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1854555" target="_blank">announced</a> the term "intent-based networking" in a press release that pushes the idea that networks need to be more intuitive. One element of that intuition is for networks to be more secure without requiring a lot of heavy lifting by local network security professionals.

Learn how Vectra AI detects and responds to WannaCry ransomware and its variants using behavioral analysis and continuous monitoring.

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

It seems like a new variant or victim of ransomware is in the news every day. It's newsworthy because it works so well and causes widespread destruction. So when the recent wave of stories hit about PetrWrap, a variation of the widely known Petya ransomware strain, it was easy to miss the significance. The "no-honor-among-thieves" narrative crowded out its true importance.

Integration decreases cost and increases effectiveness. For this reason, Vectra is adaptive by design. Everything we do considers how to help our customers be more efficient and faster at fighting attacks. Sometimes it involves determining where to deliver sophisticated threat intelligence beyond the Vectra. Working with Splunk is a great example of this integration.

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls. But as we now know, and industry research firms have stated, they aren't enough to adequately deal with today's threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

In the Information Security (InfoSec) community, AI is commonly seen as a savior-an application of technology that will allow businesses to more rapidly identify and mitigate threats, without having to add more humans. That human factor is commonly seen as a business inhibitor as the necessary skills and experience are both costly and difficult to obtain.

Security researchers with Vectra Threat Labs recently uncovered a critical vulnerability affecting all versions of <a href="https://www.vectra.ai/news/vectra-networks-discovers-critical-microsoft-windows-vulnerability-that-allows-printer-watering-hole-attacks-to-spread-malware">Microsoft Windows</a> reaching all the way back to Windows 95. The vulnerability allows an attacker to execute code at system level either over a local network or the Internet. As a result, attackers could use this vulnerability both to infect an end-user from the Internet, and then spread through the internal network.

Printers present an interesting case in the world of IoT (Internet of Things), as they are very powerful hardware compared to most IoT devices, yet are not typically thought of as a "real" computer by most administrators. In this case, we investigate how to use the special role that printers have within most networks to actually infect end-user devices and extend the footprint of their attack within the network.

Ransomware is clearly the scourge of 2016. Every week there is a new and notable enterprise-level outbreak of this insidious class of malware-crippling and extorting an ever widening array of organizations.

In light of Apple's response to the FBI's request to gain access to San Bernardino shooter Syed Farook's iPhone, it appears that there is some confusion in the connection of this request from the FBI with the bigger government debate on providing backdoors and encryption.

How do attackers hack webcams? Learn how webcams can be hacked using a backdoor and how to prevent attackers to exploit them.

The need to block threats within milliseconds locks IDS/IPS into using signatures for detections. While signatures can detect a wide variety of threats, they rely on the fast-pattern-matching of known threats.

Not all breaches come from external malicious actors. Learn all about insider threats, the common indicators and useful prevention strategies in our blog post.

While the insider threat in government agencies and big companies is a known problem with somewhat implemented mitigation strategies, less is known about the insider threat to critical US infrastructure, such as water purification or nuclear power plants.

On June 6th, Forbes reporter Kashmir Hill wrote about an NSF researcher who misused NSF-funded supercomputing resources to mine Bitcoin valued between $8,000 and $10,000. The article points to a student at London Imperial College and a researcher at Harvard University who are also alleged to have used their University's computers to mine a similar virtual currency called Dogecoin.

Explore the risks of the Heartbleed vulnerability within internal networks and how to mitigate these threats.