“Without knowledge, action is useless, and knowledge without action is futile.”-Abu Bakr
The cybersecurity gap is real. The oft-cited 2016 Mandiant M-Trends report pegs the average dwell time of ongoing, active attacks at 146 days, with most attacks still being discovered by outsiders.
We need to do better, and doing better starts with better knowledge. Vectra is focused on identifying attacker behaviors in real-time, using raw packets as the source of truth. We are continuously hunting and identifying the foundational actions that attackers must perform to maintain persistence within the network, find key assets, and steal them.
The result is new knowledge with the potential to root out and stop attacks before they do real damage. But knowledge without action is futile.
Security analysts today are buried in alerts, often struggling to find the signal among the noise. Adding yet another source of alerts can do more harm than good. Which is why our UX design focuses on how to improve the day-to-day life of the security analyst.
This aspiration pervades our product design: From the way we automatically score host threat levels based on attacker behaviors over time; to providing the most relevant and actionable detection information for security analysts; to the labels and tags that organize information and facilitate follow-up.
As a result, we’re excited to announce our new technology partner program.
Our customers are forward-thinkers, deploying rich ecosystems of advanced security technology. These inaugural partnerships enable customers to get more from existing and new security investments. They also accelerate knowledge to action by enhancing context gleaned from existing security sensors and by streamlining response through integration with existing security workflows and enforcement points.
Endpoint security solutions complement Vectra by providing rich contextual data about hosts that exhibit attacker behaviors on the network to help validate and assess threats.
This contextual data includes OS and browser information, process names and ids, history of host-based threat behaviors, and even the users and processes that generated suspicious traffic. In addition, security teams are able to act immediately to isolate a host or kill a malicious process.
“Vectra shares Carbon Black’s commitment to collective defense and delivering open, integrated solutions that enable our joint customers to make their organizations more secure while maximizing their technology investments,” said Tom Barsi, senior vice president of business development for Carbon Black. “This integration enables security teams to incorporate endpoint data for better analytics-driven threat detection, which is critical when defending against organized, relentless adversaries.”
Vectra empowers industry-leading SIEMs by providing detection and insight into threats that are invisible to traditional security solutions. Vectra provides insight into all phases of a cyber attack, including unknown malware and attack tools, attacks that hide in common apps and encrypted traffic, as well as signs of internal reconnaissance, lateral movement or data exfiltration.
Network packet brokers augment Vectra by aggregating network traffic from network taps or SPAN ports for inspection and analysis as well as filtering unneeded traffic. They also increase operational efficiency by load-balancing traffic, dynamically tightening filters and redirecting traffic to ensure high availability.
“Gigamon is dedicated to working with security vendors to help our mutual customers get the most effective performance from the technology investments they make,” said Phil Griston, director of alliances and business development for Gigamon. “We’re delighted to partner with Vectra Networks to ensure their solutions get the most efficient access to traffic from across the network.”
Vectra and next-generation firewalls create a formidable threat mitigation force. Vectra identifies infected hosts and, based on detection types or threat levels, can automatically blocklist the host at the firewall to stop communication with command-and-control servers and prevent data exfiltration.
Virtual sensors extend Vectra threat intelligence to any corner of the network, including remote sites and internal segments that contain critical assets. By passively monitoring network traffic for malicious attack behaviors, virtual sensors enable IT security teams to quickly mitigate threats and prevent data loss and easily adapt to network changes.
For more information on the new Vectra technology partner program, and to access solution briefs for each partnership, please visit http://www.vectranetworks.com/partners_technology/.
Kevin Kennedy is vice president of product management at Vectra. Before Vectra, he was vice president of product management at Agari Data, which builds data-driven security solutions that eliminate email as a channel for cyberattacks. Prior to Agari, Kevin was senior director of security product management at Juniper, where he spearheaded the company’s continued innovation in data center security. Kevin was also director of product management at Cisco IronPort Systems, where he led the highest-growth business in the Cisco security portfolio, growing bookings by 400 percent in three years. Kevin earned his BSE in computer engineering at the University of Michigan.