Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). I’m pretty ecstatic about that.
Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS. This convergence occurred as the security industry focused more on preventing external threat actors.
However, Gartner points out that “Initial one-time block/allow security assessments for access and protection are flawed, leaving the enterprise open to zero-day and targeted attacks, credential theft, and insider threats.”[i]
It’s time to put detections first
In today’s threat landscape, where high-profile breaches are frequently reported in the news, it’s clear that prevention techniques have been insufficient and there is a need to put internal detection first again.
From the start, Vectra recognized that detecting cyberthreats required understanding the way attacks really work and the actions attackers perform to succeed. We knew that today’s sophisticated attackers are armed with the same tools used by system administrators and they don’t have to use malware or exploits.
Detection systems must adapt to the complex environments that the enterprise is today with an ever-expanding attack surface. Devices are mobile, IoT is growing exponentially, servers are now workloads moving fluidly between the virtual data center and the cloud, and security analysts have an increasingly difficult time with asset management and knowing where data resides.
Most importantly, detection systems cannot be complex like traditional IDS, which requires many physical sensors and constant upkeep and tuning. To be effective, detection systems must be easy to deploy, manage and use. They should not require a full-time expert to stay operational.
Additionally, detection should not be relegated only to the perimeter. Detection is required deep inside the network to identify every critical phase of a cyberattack, such as internal reconnaissance and lateral movement.
To ensure signals of real attacks don’t get lost in large volumes of noise created by a detection system, a method of noise reduction and risk prioritization is required to quickly turn the attention of security analysts to threats that pose the biggest risk.
The Cognito™ automated threat detection and response platform from Vectra is based on the direct analysis of network traffic to reveal the fundamental behaviors at the heart of cyberattacks.
By combining data science, machine learning and behavioral analysis, Cognito identifies what the attacker is doing without relying on traditional malware signatures and reputation lists. Analytics reveal malicious behaviors, independent of applications and even when traffic is encrypted. This approach reveals the key actions that an attacker must perform to succeed.
As Gartner states in the IDPS Magic Quadrant, “The evolution of IDS to using advanced analytics like machine learning is well-suited to the types of telemetry these technologies generate, and proves to add a different way of detecting malicious or unwanted behavior within an environment.”[ii]
Cognito applies algorithmic models directly to network traffic to reveal underlying attack behaviors and then enriches that data with secondary sources such as logs and threat intelligence data to accelerate the detection and response process for security analysts – automatically.
We are honored that Gartner has positioned Vectra as a visionary in the 2018 Gartner IDPS Magic Quadrant. To learn more, click here or download the 2018 Gartner IDPS Magic Quadrant report.
[i] Use a CARTA Strategic Approach to Embrace Digital Business Opportunities in an Era of Advanced Threats, by Neil MacDonald and Felix Gaehtgens, Gartner, 22 May 2017, ID G00332400, https://www.gartner.com/document/3723818
[ii] Gartner, Inc., IDPS Magic Quadrant, Craig Lawson, January 10, 2018
Chris Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.