Media Coverage - 2022

Vectra VP of Marketing Mike Banic predicts data science and machine learning will become the focus of the fight on cyber-attacks, cyber security will get social, and new entrants will continue to disrupt the cyber security market.

Our roundup of intriguing new products from companies such as Dell, CloudBerry and Vectra (See Slide 16).

Real-time cyber-attack detector Vectra Networks has introduced a real-time detection platform for insider and targeted threats.

Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure and extortion is probably the most impactful to a company out of the previous breaches this year.

Vectra Networks has released an updated real-time detection platform – X-series platform – aimed for insider and targeted threats detection.

Regardless of how well we secure our assets from outside parties, we ultimately need to give access to our employees, contractors and partners in order for them to do their jobs. Misuse of this privileged access, whether through data theft or damage, is an unfortunate, yet inherent risk of doing business for most organizations.

Vectra Networks announced release of a real-time detection platform to protect organizations and government agencies from insider and target threats.

The Vectra X-series platform is designed to detect sophisticated threats by using a combination of security research, data science and machine learning. According to the company, the product is capable of detecting attacks on all operating systems, applications and devices regardless of the method and location of the initial delivery.

Vectra Networks has released its updated X-series platform, the first real-time detection solution designed to discover insider and targeted threats. The new platform promises to help organizations gain instant visibility into potential threats by leveraging a combination of dynamic community threat analysis and real-time detection of cyberattacks.

CEO Hitesh Sheth tells Bloomberg TV's Pimm Fox how Community Threat Analysis dynamically creates a clear picture of typical network access through the entire corporate network, identifying anomalies and flagging unauthorized access to documents, data and intellectual property, making it an effective way of recognizing insider attacks.

Frank Ohlhorst details how data breaches happen and what Vectra’s X-series security appliances can do to detect and prevent them.

“We've gone from an environment where people were essentially stationary with fixed computing assets to one where everything is porous and people are mobile and applications and data and information are all in the cloud,” says Hitesh Sheth, president and CEO for Vectra Networks.

The systems of entertainment giant Sony have been hacked once again, and although the full extent of the breach is not yet known, the incident will likely be added to the list of most damaging cyberattacks.

Vectra Networks' X-series of appliances combine advanced analytics with AI to identify threats in real time.

Ten percent of hosts experience at least one or more cyberattacks that bypass enterprise security perimeter defenses, according to a new study by security solution provider Vectra Networks.

The new "C" version of the NotCompatible malware that targets Android devices is very difficult to stop – but it's not that hard to avoid.

A report by data security company Vectra Networks looks at how cybercriminals bypass perimeter defenses, andwhat they do inside a network once they have gained access.

When it comes to the darkhotel issue and the fast-evolving threat landscape, "what the malware is doing" is more important than "what the malware is."

There's speculation that China might be behind a months-long hack attack that breached USPS servers, compromising personal data of workers and customers.

An attack happens and he or she is able to squeeze by the perimeter defense; that is just the beginning for an assault on a network, a new report shows.

Vectra Networks collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses, and what attackers do once inside networks.

Mobile technologies can be a boon to productivity, but they also introduce cyber-security vulnerabilities that technologists and insurers are laboring to protect.

Got malware? More than likely you do, but don't panic: The bulk of infections can be traced to standard botnet activity like spamming and click-fraud rather than data theft, a new study of real-world breaches has found.

Highly organized, sophisticated and successful cyber attacks continue to assail organizations and while most are opportunistic, a higher than expected percentage are targeted, according to results from a recent study.

This is the first report, using real-world data from the Vectra X-series platforms currently in production networks, that reveals what attackers do within a network once they evade perimeter defenses.

In 2015, there were few hotter areas in Silicon Valley than cybersecurity, and Vectra ranked in the top 10 of that competitive group.

Cyber attackers are slipping through perimeter defenses and hiding in the shadows and dark corners of networks.

Gerard Bauer, vice president of EMEA sales at Vectra, shares his security predictions for 2016.

Sanrio says the loophole that provided an attack entry method potentially allowing cyber criminals to bypass traditional security defences in order to enter and exploit internal systems with the appearance of a legitimate user, has been closed and data is now safe.

New technologies, such as machine learning, have evolved to help organizations improve their response to modern attacks. Although the financial industry has been using machine learning since the 1970s to detect fraudulent behavior, use of machine learning in the information security sector is a recent phenomenon.

In this eighth annual VMblog.com series exclusive, virtualization and cloud executives share their predictions for 2016.

Higher education is a key target for cyber attacks because of the open networks common on college and university campuses. Thousands of students and faculty wander on and off the network with their own devices, bringing viruses and malware to the wider community and creating nightmares for security teams.

In 2016, what organisations need are tools that identify the activities of the attacker inside a network before a data breach occurs, with a focus on how to quickly intervene, minimise the time they are exposed and reduce the impact of cyberthreats.

Hernan Londono, associate CIO at Barry University in Miami, talks about embracing campus mobility and BYOD, and explains why a strong Advanced Persistent Threat (APT) defense is vital to protecting the university's network from mobile devices that it doesn't own or manage.

A SANS Institute report, backed with findings from Vectra, explains how an automated threat detection system that combines behavioral analysis, data science and machine learning can help organizations meet Critical Security Control (CSC) mandates.

Automated network threat detection tools that use data science, machine learning and behavioral analysis work with perimeter security to help organizations meet security goals defined in the CIS Critical Security Controls recommendations and protect against attackers, according to a new report from the SANS Institute.

Despite being vulnerable to cyberattacks, many universities still have insufficient threat management defenses. Attackers can easily evade perimeter security defenses and spy, spread and steal for the better part of a year, undetected. In the process, they'll take vital research data, personal info and financial records from campus community members.

The core view of most of the experts we spoke to was that, while it is not clear if there is a higher number of CISOs now, these individuals are definitely gaining a stronger position within the business.

VTech hackers purportedly made off with millions of pieces of customer information and have now been revealed to have stolen photos and private chat histories, too. VTech sold an app called Kid Connect that lets parents use their smartphones to talk to their kids through their VTech devices.

Officials from Vectra Networks and Barry University in Miami discuss insufficient cyber attack defenses at many colleges, despite existing vulnerabilities. They also discuss new defense-in-depth models that quickly pinpoint and mitigate threats in progress and share security strategies that enable mobility as well as open and collaborative learning.

What steps can be taken to detect and block exploits that take advantage of software vulnerabilities? And how can security teams better understand the behaviour of legitimate software components? Preventing the exploitation of software vulnerabilities is desirable but their detection is a must for organisations and their security teams.

VTech, maker of electronic toys for kids, said that 5 million of its customer accounts were leaked in a data breach that accessed user names, birthdays and passwords but not their credit card or personally identifiable information. Company officials noted that the breach was mounted by an "unauthorized party."

Ransomware is targeting enterprise networks with a vengeance. In addition to user hard drives, it's been increasingly successful at encrypting file-shares and network drives. Consequently, ransomware has evolved from a mere nuisance to a potentially debilitating attack that holds critical business assets and intellectual property hostage.

Vectra advanced persistent threat (APT) security software was chosen by the Computer Technology Review editorial panel based on rigorous judging criteria that included product innovation, functionality and affordability.

However, the most dangerous threat to data, user and system security is not the known known, but rather the unknown unknowns – the threats that have yet to be captured in the wild and mapped. We don’t know if they exist, we don’t have visibility into what they do, and there’s no way signatures can catch them.

The oil and gas industry is caught in a slump, with prices going up and down and profits in decline. But it faces another major problem that's gotten less attention: Cyber attacks could threaten industry stability and worker safety.

Government Security News is pleased to announce that Vectra has been named a finalist in its seventh annual Homeland Security Awards for Best Threat Intelligence Solution.

Unlike vendors that attempt to make every piece of malware sound like the end of the world, it is important to show IT security teams which threats actually pose the greatest risks to the university.

Most security solutions have one at-bat, yet attackers can typically survive undetected in a network for around 225 days, says Vectra’s Mike Banic. “Every network has likely been hacked, but they just don’t know it yet,” he says.

Vice president of marketing Mike Banic shares the company's latest developments and discusses its recent advancements in the real-time detection of in-progress cyber attacks that spread inside networks.

"The CISO usually becomes the person who drives both the strategy and the budget," says Vectra CEO Hitesh Sheth. "They usually have a team." It's often seen in the Fortune 50 companies that "the CISO is still heavily involved, but the board is involved as well. It has become a regular topic among the board of directors."

Alex Waterman, senior director of product management at Vectra, predicts that cybercriminals will step up their efforts to corral legions of unprotected IoT devices to mount even more sophisticated attacks. Also, the attack tools published by the Shadow Brokers hacking group will be used against the data center’s vulnerable physical infrastructure.

The challenge of detecting attack behaviors in network traffic is immense. Finding correlations across protocols without intrusive deep packets inspection requires analyzing thousands of correlations between metadata from internal and external network traffic. A few companies are using AI technology to tackle this challenge, including Vectra.

Most organizations continue to struggle with malware-based intrusions, according to this column written by Vectra CSO Günter Ollmann. Despite the deployment of policies, user education, enforcement chokepoints, data inspection, and regular assessments of defenses, malware remains the primary method of breaching the corporate network.

"Just as hacking, cybersecurity and email breaches have been core to the election process, they will continue to grow and affect the U.S. government," says Vectra CSO Günter Ollmann. "Hence, in Trump's presidency, the U.S. government and agencies will have their hands forced in dealing with this invasive hacking epidemic.

“It’s troubling that the breach was discovered only after receiving complaints from customers that scammers were fishing for their bank account details," says Vectra CTO Oliver Tavakoli. "With the availability of real-time detection methods today that identify what’s happening at any given moment, this lack of awareness is shocking."

The accuracy of polling results failed miserably in the 2016 election. From a data science perspective, what are the lessons learned from the big data polling blunders in election predictions? The lesson is all about using the right data for the problem at hand, and not about questioning if the data is right. The same applies for cybersecurity.

Vectra CTO Oliver Tavakoli explains to SC Magazine that the variety, volume and velocity inherent in big data makes it difficult to ensure integrity of all of the data. To combat this challenge, Tavakoli encourages organizations to always pay attention to where the data is coming from and to encrypt the data.

Traditionelle IT-Sicherheitslösungen gelangen an ihre Grenzen und können keinen ausreichenden Schutz mehr bieten. Im Zuge dieser Entwicklung setzt sich die künstliche Intelligenz (KI) als neuartiger Sicherheitsansatz immer weiter durch. Oliver Tavakoli, CTO bei Vectra berichtet in einem aktuellen Beitrag auf VDI Nachrichten, worin die Vorteile des maschinellen Lernens liegen.

A global shortage of expertise lies at the heart of the infosec world’s ability to respond to attacks and has considerable effect on vendors and consumers alike. Vectra CSO Günter Ollmann explains why unfilled jobs are the biggest threat to the cybersecurity industry, and identifies three ways to approach the problem.

Every new technology that guards against cyberattacks forces hackers to evolve. Automated attacks are now capable of learning to use an application and carrying out its basic functions. For example, Wade Williamson, director of threat research at Vectra, says banking malware can transfer money belonging to a compromised account.

"You should keep Internet-enabled devices – like video cameras—on a separate network from the primary business network that deals with customer financial transactions, like point of sale systems, intellectual property, or any form of regulated data," said Chris Morales, head of security analytics at Vectra.

Vectra CSO Günter Ollmann chastises "the person who holds open a secure door for a slow moving 'employee' without checking for a badge. One of the easiest ways to infiltrate a secure building or data center is to appear encumbered (e.g., having both hands full with boxes) and wait for an authorized person to open the door for you."

Vectra CSO Günter Ollmann weighs in on the most vital areas of focus for new CSOs during their first weeks on the job and shares advice for prioritizing problem areas. Ollmann also shares two different yet critically important perspectives on security – vendor and non-vendor – and what to take care of on day one.

One of the biggest reasons we now have the Mirai botnet is that "the (IoT) manufacturers are trying to save money and reduce the time to market, and only after the product has been proven to be popular do they go back and add security to it," Vectra CSO Günter Ollmann tells the International Business Times.

“Whether it’s freedom fighters or terrorists, the cyber-domain is an important theatre for propagating a cause," says Vectra CSO Günter Ollmann. "Tools that target the opposition and gather valuable intelligence are in play by small and large groups around the world. Cyber warfare isn’t just the domain of large nation-state actors.”

Researchers at Vectra Networks have been monitoring the group for the past two years and determined that its operations focus on Middle Eastern political issues. The threat actor has been dubbed “Moonlight” based on the name of a command-and-control (C&C) domain used in the attacks.

Moonlight group is likely to be involved in cyberespionage, warns Vectra Networks. “They put effort into crafting the emails, the websites, the documents they've created, putting a fair amount of energy into it. But beyond that the underlying tech is off the shelf," says Vectra CTO Oliver Tavakoli, emphasizing how attackers don't need sophisticated hacking skills.

Identified by Vectra Networks, this particular campaign used spear-phishing emails and social media lures to trick targets into installing the H-Worm malware. H-Worm creates a backdoor that can be used to further compromise targets with a remote access Trojan called njRat.

A hacking group is running a wide ranging cyber-espionage campaign against targets in the Middle East. Security firm Vectra Networks says it has identified over 200 samples of malware generated by the group over the last two years. The assaults are not technically sophisticated but nonetheless tricky in their use of social engineering tactics.

Your router, home Wi-Fi, refrigerator and webcams could be part of an international army of zombie attackers. “A newly installed Wi-Fi home router is likely to be compromised within weeks if the default passwords are not changed – or within a few hours if you live in a more densely populated metropolitan area,” says Vectra CSO Günter Ollmann.

Das berichtet Gérard Bauer, Vice President EMEA bei Vectra Networks, auf Funkschau.de. Der Experte gibt Einblick, wie sich Cyber-Kriminelle Zugang zu Unternehmensnetzwerken verschaffen und wie sich Firmen vor hochprofesionellen Ransomware-Angriffen schützen können.

Vectra CEO Hitesh Sheth offers career advice about breaking into the tech industry: “Don’t play it safe. The tech industry is very unique with lots of opportunity for someone just starting their career. Take risks. Look for startups that can drive exponential change and not just ones that seem to be the 'coolest.'”

"If these gadgets are not regularly updated to address vulnerabilities, then they are left open to exploitation," says Vectra EMEA Director Matt Walmsley. "There's now a lot of pressure on the manufacturers to raise their game and support the embedded software side of things as long and as vigorously as, say, a PC operating system vendor does.”

"Under the forthcoming EU General Data Protection Regulation (GDPR), the fines could have been much higher – up to 4 percent of worldwide turnover. In the case of TalkTalk, that could have been £72 million based on 2015 turnover,"Vectra CSO Günter Ollmann says. "In that respect, the company has got off lightly.”

Vectra CEO Hitesh Sheth talks with Bloomberg Markets about the crucial role that artificial intelligence will play in detecting and responding to cyberattackers in 2018. It will be an AI war, with nation-state hackers and organized cybercriminals using their AI threat arsenal to attack organizations who use AI as a defensive weapon.

AI is the inevitable next phase in cybersecurity. What is avoidable, however, is security burnout. By implementing key business and professional-growth programs – and augmenting the work of security analysts with AI – organizations can greatly reduce the security burnout rate while nurturing and developing future security analysts.

When WannaCry was first detected, we saw similarities in the code used for that ransomware attack with previous attacks attributed to North Korea, like the Sony hack. North Korea has been targeting banks directly with banking malware while using ransomware against other organizations to acquire a large volume of Bitcoin.

AI propose désormais de plus en plus de fonctionnalités de sécurité, en commençant par la possibilité d'automatiser le traitement de ces volumes de données, alertes, gérables et intégrant des algorithmes d'apprentissage automatique détectant le comportement agresseur, explique Christophe Jolly, directeur France chez Vectra.

Vectra is hunting for channel partners in the UK after trebling its revenue in Q3, says Matt Walmsley, head of EMEA marketing. Vectra revenue jumped 294 percent in the third quarter this year, which Walmsley said was driven by a need for enterprises to address the detection gap that allows cybercriminals to easily breach networks.

In his latest installment in the CSO “Thinking Security” column, Vectra CTO Oliver Tavakoli explores the benefits of running red team exercises. Red team exercises enable organizations to understand how to respond when dealing with real-world advanced attacks and adapt to respond quickly to these threats.

The security operations center at Texas A&M serves 11 universities and seven state agencies. But with just seven full-time analysts and a risk-rich environment of 174,000 students and faculty, triaging security events was overwhelming, but with the help of Vectra Cognito, and it now takes 10-20 minutes to resolve an incident, on average.

"The IoT and IT/OT convergence is accelerated by the speed of business and the implementation of AI to drive decisions in ICS environments," says Chris Morales, Vectra head of security analytics. "In addition, more ICS devices are running commercial operating systems, exposing ICS systems to a wider swath of known vulnerabilities."

"To gain access to the industrial control systems, the threat actor infected an SIS engineering workstation on what is supposed to be an isolated network," says Chris Morales, Vectra head of security analytics. "An infected laptop can be brought in by a contractor, connect to the network and spread to the controlled ICS environment."

People who use Google, Apple, Facebook and Microsoft trust that their communication is secure because of the use of HTTPS, says Chris Morales, Vectra head of security analytics. But entities can manipulate the border gateway protocol to perform man-in-the-middle attacks and manipulate TLS/SSL encryption to eavesdrop on users.

“The motivation of the attacker is always financial or competitive gain or theft of intellectual property,” says Chris Morales, Vectra head of security analytics. “The constantly changing landscape makes it nearly impossible to track cyberespionage organizations without a team of researchers focused on attribution.”

Keyloggers are an important weapon in the arsenal of cyberattackers, says Chris Morales, Vectra head of security analytics. "They're often used in the recon phase of targeted attacks to steal user credentials and other sensitive information that are used to compromise user accounts. Keyboard loggers are hard to spot with consumer anti-virus."

"Data exfiltration from cloud-based storage will accelerate," says Vectra CTO Oliver Tavakoli. "This will occur at the cross-section of IaaS and PaaS. And organizations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat."

"Why would a hardware vendor install this kind of software on their computers?" asks Chris Morales, head of security analytics at Vectra. "The key logger was a software development or test tool that should have been removed before the code was released. Any attacker could easily monitor everything a user does on their system.”

"This NiceHash attack is reminiscent of the Carbanak heist in which the sophisticated attackers used the bank's own tools to steal their money," said Chris Morales, head of security analytics at Vectra. Morales says the most important security controls monitor internal traffic for the misuse of administrative credentials and administrative protocols.

“If you are risk averse, transfer deposits made to your bitcoin wallet to a hard currency account with a bank,” says Matt Walmsley, Vectra EMEA director. However, he added, "Many exchanges may limit the amount you can transfer in one instance and you may not be able to empty your account, so buyers beware.”

"Consumers have no security controls to monitor botnet activity on their personal networks," Chris Morales, head of security analytics at Vectra, tells CSO magazine. "Security teams prioritize attacks targeting their own resources rather than attacks emanating from their network to external targets.”

"Exfiltration of data from cloud-based storage will accelerate," says Matt Walmsley, Vectra EMEA director. "Infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) attacks will see massive tranches of data from organizations being taken from the cloud, without IT/security team even knowing."

Die Coop-Gruppe nutzt die auf KI basierende Cognito-Plattform von Vectra zur Erkennung von Cyberbedrohungen. Mit 2.476 Filialen und mehr als 85.000 Mitarbeitern ist Coop einer der größten Einzel- und Großhändler in der Schweiz.

Cognito de Vectra utilise AI pour analyser le comportement des hôtes, puis s'appuie sur des algorithmes d'apprentissage automatique pour détecter les cyberattaques cachées dans les réseaux, notamment pendant les phases de reconnaissance interne, de mouvement latéral et d'extraction de données.

"We're now at a time where artificial intelligence needs to be introduced to identify and respond to threats automatically and in real-time, a task that humans alone are simply incapable of performing at adequate scale and speed," says Matt Walmsley, Vectra EMEA director.

“On ne consulte pas le contenu d'une boîte mail, mais le comportement du trafic sur un appareil et s'il s'agit ou non d'une tentative d'attaque," précise Chris Morales, responsable security analytics de Vectra. “On peut même constater des attaques sur un réseau crypté."

Vectra intègre l'intelligence des menaces et les flux d'indicateurs de compromis (IoC) dans sa plateforme Cognito. La plateforme détecte également les activités de découverte d'attaquants ciblant les services Active Directory via LDAP et Kerberos.

Chris Morales, head of security analytics at Vectra, notes that the challenge is that traditional security and methods for internal data centers don't have the same visibility in cloud environments. "Companies like Uber who rely on cloud infrastructure need a security strategy with processes and tools that provide visibility into cloud attacks."

"Normal security tools and methods built for internal data centers do not have the same visibility in cloud environments where your systems and data are sharing a neighborhood (the internet and cloud apps) with millions and millions of other people, both good and bad," says Chris Morales, Vectra head of security analytics.

"We will see an increase in the use of deep learning, such as recursive neural nets, that enable algorithms to continuously learn and evolve," says Chris Morales, head of security analytics at Vectra. "2019 will see deep learning become the best practice for detecting cyberattacks."

"Geopolitische Spannungen und Handelskriege werden das Wachstum der kommerziellen Cyberspionage vorantreiben," sagt Gerard Bauer, Vizepräsident der EMEA-Region von Vectra. "Diese Angriffe werden von vielen Opferunternehmen nicht erkannt, da sie keine versteckten Bedrohungen in Netzwerken erkennen können."

The problem wasn't that the data centers lacked the authentication or encryption tools. "The controls existed but were not implemented and used equally and regularly," Chris Morales, head of security analytics at Vectra, says.

The Vectra Cognito platform incorporates artificial intelligence (AI), deep machine learning and traffic monitoring into a tool that is able to detect threats that other programs miss, even if they are already entrenched inside a protected network.

Chris Morales, head of security analytics at Vectra, says the biggest risk posed by mobile devices in a corporate network is malicious apps gaining access to enterprise data. Make sure mobile devices do not share network connectivity with critical infrastructure or systems with sensitive information.

Für Gérard Bauer, Vizepräsident von EMEA bei Vectra, zeigt der Erfolg alter Malware eines der grundlegenden Probleme vieler IT-Sicherheitslösungen, die immer noch auf klassischen Cybersecurity-Konzepten beruhen.

"VirusTotal provides value only if you have the necessary staff to extract value from it," says Oliver Tavakoli, chief technology officer at Vectra. "This is reflective of the fact that the VirusTotal data repository is of most value to large and expert IT security teams."

"Dieser Cyberangriff ist eine Form der Spionage von Nationalstaaten", sagt Gerard Bauer, Vizepräsident von EMEA bei Vectra. "Der einzige Unterschied ist jetzt, dass es im Cyberspace passiert, anstatt in ein Gebäude einzubrechen und physische Dokumente zu stehlen."

Vectra’s artificial intelligence-based platforms detected “a higher-than-normal rate of malicious internal reconnaissance behaviors” from attackers inside of manufacturers’ systems and that this “indicates that attackers are mapping-out manufacturing networks in search of critical assets to steal or damage.”

"Hacks are getting bigger because the volume of data generated on the Internet every single day is so large," says Chris Morales, head of security analytics at Vectra. "Just like a user employs a search engine to get information, a cyber spy will search massive online databases for information."

"Prevention will never be 100%," says Chris Morales, head of security analytics at Vectra. "That is unrealistic. The report states the breach was entirely preventable. I don't believe that is true. It is the same notion as building a wall would stop the drug trade. The criminal build tunnels instead."

“Cryptomining efforts are popular across higher education," according to a study published in March from Vectra. Vectra reported that 85% of cryptocurrency mining instances happened in higher education between August 2017 and January 2018, compared to just three percent in the technology sector.

"We can improve our ability to detect and respond to breaches by looking for the type of behaviors an attacker performs," says Chris Morales, head of security analytics at Vectra. "The most critical threat behaviors should be correlated with compromised hosts in real time before they become a problem."

“It is a classic ‘could have, should have’ scenario,” says Chris Morales, head of security analytics at Vectra. “As long as a motive exists, attackers will continuously attempt to compromise networks until they succeed. The failure comes down to people and process, not necessarily technology."

Für Gérard Bauer, Vizepräsident von EMEA bei Vectra, zeigt der Erfolg der "alten" Emotet-Malware eines der grundlegenden Probleme vieler IT-Sicherheitslösungen, die immer noch auf klassischen Cyber-Sicherheitskonzepten basieren.

"Zero days are saved for the most critical needs," says Chris Morales, head of security analytics at Vectra. Most attackers don’t like to waste this type of knowledge when they can simply convince a user to give them access to their system instead."

“Gaming has always been an arena for hacking and attacks,” says Chris Morales, head of security analytics at Vectra. “In today's competitive and financially lucrative gaming world, that means bypassing developer controls to gain a competitive advantage or disrupt other players.”

“Enterprises are unable to spot worm reconnaissance and lateral movement behaviors," says Matt Walmsley, EMEA director at Vectra. "Security analysts can't operate at the speed and scale required to manually identify the threat and close down their lines of communication and movement."

"Disposer de systèmes qui surveillent le comportement d'exfiltration plutôt que d'essayer d'inspecter les charges utiles de données peut être un moyen de relever ce défi," déclare Gregory Cardiet de Vectra. "La détection de ces comportements à un stade précoce est essentielle."

"La réponse aux incidents prend trop de temps et, dans de nombreux cas, les équipes de sécurité tentent de comprendre ce qui s'est passé et comment l'empêcher de se reproduire plutôt que de détecter et d'intervenir tôt dans le cycle de l'attaque pour éviter le vol et les dommages," a déclaré Gregory Cardiet. un expert en cybersécurité chez Vectra.

To detect cyberthreats, their AI software sifts through massive stores of computer network data. Wall Street analysts are eyeballing and a handful of other private firms. With AI tools, the new AI companies are taking customers away from cybersecurity industry incumbents, analysts say.

"Was die Datenschutzverletzung selbst anbelangt, war die Exfiltration der Daten innerhalb der Verschlüsselung möglicherweise ein Versuch, Sicherheitskontrollen wie Systeme zum Schutz vor Datenverlust zu umgehen", sagt Gerard Bauer, Vizepräsident der EMEA.

"Les attaquants avancent lentement et par étapes pour obtenir des privilèges et adopter une variété de comportements avant d’accéder aux données souhaitées, de les exfiltrer," explique Gregory Cardiet, expert en cybersécurité chez Vectra. "La détection de ces comportements à un stade précoce est essentielle."

"Si les dates sont vraies, entre la date de détection initiale ou le 8 septembre 2018 et la divulgation publique de la faute, l'exigence de notification GDPR de 72 heures était très loin d'être respectée," déclare Gregory Cardiet, expert en cybersécurité chez Vectra.

Incident response continues to take too long as security teams try to figure out what happened and how do we stop it happening again, says Chris Morales, head of security analytics at Vectra. "It's important to spot and close down an attacker earlier in its lifecycle to minimize or stop a breach from occurring."

“Think carefully about the VPN provider you use. Many of the free VPN providers are in the business of monetizing your personal data to pay for their services," says Chris Morales, the head of security analytics at Vectra.

A Vectra 2019 Spotlight Report on Healthcare found ransomware attacks are becoming less prevalent as cyber criminals look to new ways of attacking a system.

Vectra AI - Raised $100M from a Series E round on June 10th.

How would the world's most generous elf operate in a world of zero-trust security? A group of cybersecurity experts lets us know.

A zero-trust architecture fundamentally distrusts all entities in a network and does not allow any access to resources until an entity has been authenticated and authorized to use that specific resource, i.e. trusted.

According to ESG research, 36% of organizations are actively integrating disparate security analytics and operations tools in pursuit of a more cohesive security technology architecture.

Vectra closed a $100 million round led by TCV, bringing the company’s overall haul to $222.5 million since being founded nine years ago.

The frantic pace at which the adoption of artificial intelligence (AI) has grown in recent years is starting to have transformative effects in many areas.

Findings from the Vectra 2018 Security Spotlight Report on the financial service sector identified vulnerabilities posed to financial services organizations by attackers using hidden tunnels to surreptitiously access and steal data.

AI is augmenting security analysts and also making a considerable contribution to bridging the cyber skills and resource gap by allowing less experienced analysts to enter the profession and achieve more, more quickly.

Vectra’s Cognito platform uses AI to detect cyber attacks in real-time. Combining human intelligence, data science, and machine learning, Cognito automates tasks that are normally done by security analysts and greatly reduces the work that’s required to carry out threat investigations.

Network security vendor Vectra tapped former Telstra channel exec Dee Clinton as its Asia-Pacifc channel chief.

The use of AI in cybersecurity not only expands the scope of what a single security expert is able to monitor, but importantly, it also enables the discovery of attacks that would have otherwise been undetectable by a human.

In mergers and acquisitions, cyber risk management should not be confined to a paragraph of the contract announcing the devaluation of the company absorbed, if there is an attack.

Matt Walmsley, a director at cybersecurity and artificial intelligence firm Vectra, told Newsweek password integrity "seems to be a significant factor in this disturbing case."

Matt Walmsley, Head of EMEA Marketing at Vectra, says extortion is a well-established approach for cyber criminals and is used through tactics that include threatening denial of service, doxing, and ransomware.

After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations.

Recent research conducted by Vectra sought to quantify the threat, finding that nine out of ten organizations have experienced some form of malicious RDP behavior.

‘Remote Access Trojans (RATs) are an insidious set of attacker tools that invade our systems, data and privacy. With so much legitimate remote access happening across our networks and hosts, there’s plenty of opportunity for RATs to operate undiscovered as they hide in plain sight.

“Public vulnerability disclosure should be a basic practice for every company, not just government agencies,” Chris Morales, head of security analytics at Vectra.

The Cognito Privileged Access Analytics module has also been deployed to monitor the actions of privileged accounts.

If you've never heard of a third-party website, avoid signing up for it, said Chris Morales, head of security analytics at Vectra.

KTVU's Alex Savidge spoke to Chris Morales, head of security analytics at San Jose based Vectra about online safety tips this holiday shopping season.

The eyeglass lens specialist decided to rely on Vectra's solution to gain global visibility into its information system, with a view to setting up a global security operational center.

ED&F Man selected the Cognito network detection and response platform from Vectra to expose attackers hidden inside its network, spot privilege misuse and perform conclusive incident investigations.

Managing access control and data permissions is difficult without a proper understanding of the who, what, and where of data access models. To truly understand data flow and access, organizations need to observe privilege based on real world activity and assess the access that does occur. This would allow an organization to differentiate between what should and should not occur.

La France a mis en place un protocole sécuritaire très strict afin d’acheminer et stocker ces vaccins en France, alors que la menace qui plane sur ces antidotes au coronavirus est protéiforme.

Researchers at the security firm CyberMDX have uncovered two significant vulnerabilities in certain Dell Wyse thin client devices that, if exploited, could enable threat actors to remotely run malicious code and access files on affected devices.

The SolarWinds hack, which is reportedly being link to Russia, is shaping up to be the biggest cyber-attack this year. The attack targeted the US government, its agencies and several other private companies. It was first discovered by cybersecurity firm FireEye, and since then more developments are being reported each day.

United States officials have blamed Russian hackers for recent breaches at federal agencies, companies, and high-profile cybersecurity vendor FireEye, with the malicious activity appearing to come from highly skilled attackers. "Attackers could also set up automated workflows to consolidate all the activities and run them autonomously while quietly exfiltrating data," Vectra's Matt Walmsley shares.

While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry – and all of the threats and dangers that exist within it – is all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. Hashed Out reached out to many IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a comprehensive list of the “best cyber security books.”

Vectra AI has formed a new partnership with Baidam Solutions. This partnership provides First Nations’ people with scholarships, a full education and technical skills to combat the rise in cyberattacks against businesses, government and infrastructure.

Solutions Review’s NDR Vendors to Watch is an annual listing of solution providers we believe are worth monitoring. Companies are commonly included if they demonstrate a product roadmap aligning with our meta-analysis of the marketplace. Other criteria include recent and significant funding, talent acquisition, a disruptive or innovative new technology or product, or inclusion in a major analyst publication.

A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes  its use of a default password (“SolarWinds123”) that gave attackers an open door into its software-updating mechanism; and, SolarWinds’ deep visibility into customer networks.

Vectra's Matt Walmsley comments on the recent SolarWinds breach, discussing how security teams need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it, and from where.

The recent supply chain attack, which has affected around 18,000 SolarWinds Orion customers, is thought to have been executed by a sophisticated nation-state threat actor. Vectra's Matt Walmsley says that IT administrators and security teams have access to highly privileged credentials as part of their legitimate work. Attacking the digital supply chain of their software tools is an attempt to gain penetration and persistence right at the heart of their operations, gain privileged access and to provide springboard out across their digital hybrid-cloud enterprise.

A number of key US government departments have been hacked, with concern that the attack has allowed a foreign power to monitor American government communication.

For many businesses, recovery from the pandemic fallout hinges in part on employees working safely and virus-free outside their homes. That leaves organizations facing the very real possibility that they will serve as both trackers and guardians of health data to ensure the safety of employees.

SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. John Mancini, senior product manager at Vectra, said that a core point of the DHS’ guidance for remediating the SolarWinds hack is to analyze for any listed indicators of compromise and then “identify potential behaviors in metadata that may be related to the compromise.”

Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.

With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.

In what may well turn out to be one of the most significant supply-chain attacks in recent years, a likely nation-state backed group compromised systems at SolarWinds and inserted malware into updates of the company's widely used Orion network management products that were released between March and June 2020. Matt Walmsley, EMEA director at Vectra, says the attackers likely manipulated Security Assertion Mark-up Language (SAML) authentication tokens used in Single Sign On to try and escalate privileges in the early stages of the campaign.

The US Department of Homeland Security was the third federal department to be targeted in a major cyberattack, US media reported Monday, a day after Washington revealed the hack which may have been coordinated by a foreign government.

Business Times

L’Agence de cybersécurité et de sécurité des infrastructures (CISA) du gouvernement américain a publié une directive d’urgence appelant « toutes les agences fédérales américaines à examiner leurs réseaux à la recherche d’indicateurs de compromission et à déconnecter ou éteindre immédiatement les produits SolarWinds Orion ».

SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June. The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers' computer systems.

Oliver Tavakoli, our CTO, shares his thoughts on the upcoming cybersecurity trends to watch.

After a major data breach, do criminals actually have your password even if it has been encrypted? Companies have various ways of encrypting passwords. There are also techniques called salting and hashing. The upshot is, the average user will not take the time to find out how the affected company does their encrypting—or hashing or salting for that matter.

Chris Fisher, Vectra's director of security engineering APJ, shares that as our reliance on technology grows exponentially, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers.

The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards.

There was a lot to learn from breaches, vulnerabilities, and attacks this year.

A local electric cooperative serving western Colorado's Montrose and Delta counties, says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years' worth of historic data.

The world of cybersecurity changed for good on Dec. 13, 2020 as a result of the massive cyberattack on SolarWinds.

Experts give their take on the state of cybersecurity as we near the end of 2021.

Over the last year, ethical hackers have prevented more than US$27 billion in cybercrime, according to a report released Tuesday by a leading bug bounty platform.

New research that found some 80% of ethical hackers have recently identified a vulnerability they had not encountered before the pandemic.

Modern complexities of rogue devices, remote employees, and multi-cloud environments have brought previously unseen levels of unpredictability to the SOC.

A report on cloud adoption found cloud usage among respondents has grown to 90%, while 48% say they plan to migrate half or more of their apps to the cloud in 2022.

Here’s a look at the most disruptive security incidents associated with AWS misconfigurations and how businesses can prevent misconfigurations in the future.

The U.S. Department of State will create a Bureau of Cyberspace and Digital Policy, led by a Senate-confirmed ambassador-at-large, to advance its cybersecurity diplomacy efforts.

Since taking office in January, the Biden administration has made cybersecurity one of its top priorities.

The Russian-based cybercrime group responsible for the high-profile attack on software maker SolarWinds last year is continuing to take aim at the global supply chain, according to a warning issued by Microsoft this week.

As security teams start to fight back, attackers have only become more sophisticated.  Here are six key trends that your security team should be tracking to ensure that your organization remains cyber resilient.

Acer has confirmed that its servers in Taiwan have also been breached, after hackers themselves shared details about the incident with privacy watchdogs, Privacy Affairs.

The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.

A new bill introduced would require ransomware victims to disclose ransom payments within 48 hours of payment — including the amount of ransom demanded and paid the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.

A new report from Forrester Research indicates organizations should tread carefully between engagement, empathy and punishment because punishment has the tendency to reinforce employees’ negative perceptions and resentment of the security team.

No Internet-connected device appears to be safe from potentially being abused by a newly theorized form of distributed denial of service attack.

An Illinois man ran a successful computer takedown service until the feds stepped in.

In the sprawling IT landscapes of today, artificial intelligence (AI) will play a decisive role in this war against ransomware, giving organizations the best chance to defeat motivated attackers.

Vectra Technical Director to the CTO Office, Tim Wade explains how Resilience shifts the focus toward eliminating the probable impact of the full attack chain.

Vectra CEO, Hitesh Sheth explains how AI is the greatest ally when it comes to creating a secure future. AI can learn the differences between normal and malicious activity — independently, without requiring human input.

The security team at the Australian telco got its network detection response down from four hours down to one hour a day.

Organizations aren’t maintaining regular patching: With nearly half of all databases globally (46%) containing a vulnerability and the average number of Common Vulnerabilities and Exposures (CVEs) per database standing at 26, it’s clear that businesses are ignoring one of the basic tenets of data security which is to patch and update databases as soon and often as possible.

One out of every two on-premises databases globally has at least one vulnerability, finds a new study.