As our customer base has grown, the variety of opinions about what constitutes a threat has grown with it. This variety creates challenges for products like ours, which strive to supply the right epiphanies with little or no configuration required by our customers.
One example of this comes up when we’ve detected what we call “external remote access” behavior in the network. This detection algorithm basically detects remote control of a host inside an organization’s network by an entity outside (in this context, “outside” means not connected via VPN) the network on a connection that has been initiated by the internal host.
An example of this would be a desktop sharing application such as GoToMyPC where an employee decides to make her desktop accessible via her smartphone while she is out of the office. Scarier examples include Remote Access Tools (RATs) such as Poison Ivy, DarkComet or Blackshades that provide the same functionality, but are more highly correlated with targeted attacks.
The presence of external remote access detections in a customer’s networks usually leads to a discussion that places the customer in one of the following two categories:
Threat scoring is an extremely malleable idea. When rational customers don’t agree on the importance of detecting something as potentially dangerous as allowing a connection from the outside into the core of their campus networks, it’s clear that the threat is in the eye of the beholder.
Oliver Tavakoli is chief technology officer at Vectra. Oliver is a technologist who has alternated between working for large and small companies throughout his 25-year career – he is clearly doing the latter right now. Prior to joining Vectra, Oliver spent more than seven years at Juniper as chief technical officer for the security business. Oliver joined Juniper as a result of its acquisition of Funk Software, where he was CTO and better known as developer #1 for Steel-Belted Radius. Prior to joining Funk Software, Oliver co-founded Trilogy Inc. and prior to that, he did stints at Novell, Fluent Machines and IBM. Oliver received an MS in mathematics and a BA in mathematics and computer science from the University of Tennessee.