Vectra introduces attack campaign detection and prediction, and enhances solution for data center and cloud
Vectra, the leader in automating the hunt for in-progress cyberattacks, is advancing automated threat hunting with the introduction of Attack Campaigns. The Vectra Cognito platform now further automates threat hunting by exposing the relationships between threat detections on separate workloads and devices to understand the activity and scope of attack campaigns. Growing demand to automate threat hunting and the company’s recent advances spurred a 208% increase in 2Q2017 revenue compared to the same quarter last year.
“Recent ESG research reveals that 45 percent of organizations say they have a problematic shortage of cybersecurity skills while 54 percent of survey respondents believe their cybersecurity analytics and operations skill levels are inappropriate,” said Jon Oltsik, senior principal analyst at ESG. “Large organizations with cybersecurity operations staffs that are particularly weak at threat hunting as well as assessing and prioritizing security alerts are embracing machine learning technologies, such as Vectra Cognito, that can help them detect and respond to cyberattacks in real time.”
According to Vectra research of attacker behaviors in nearly 200 enterprise organizations, there are 841 security events per quarter for every 1,000 workloads or devices in a network, but only events on five workloads or devices represent either a critical or high severity risk. Attacker behaviors triggering these events are frequently part of the same attack campaign. Previously, security analysts had to manually find the relationship between the detected behaviors, making it nearly impossible to respond in real time.
As an attacker controls devices remotely, performs reconnaissance and moves laterally in a network, Vectra Cognito presents a synthesized view of the entire attack campaign by connecting the dots of related attacker behavior detections across all involved hosts. Organizations using Vectra Cognito can also zoom in or pan the view of hosts or related campaign detections to analyze the campaign history and better understand the lifetime of the attack. By identifying connections across multiple machines which are part of a single attack campaign, an entire attack can be stopped at the earliest signs of detection.
“Alert fatigue is overwhelming security analysts’ time and organizations’ security budgets. Manually investigating individual steps of advanced attacks is one reason why security services continue to be the fastest growing segment of the $86.4 billion security market in 2017,” said Kevin Kennedy, vice president product management at Vectra. “With AI correlating attacker behaviors across time and revealing the resulting campaign narrative, security analysts can instead focus on the critical role of confirming the key detections underpinning the campaign and stopping attacks before data is stolen.”
Vectra Cognito Enhancements for Data Center and Cloud
Vectra developed the first purpose-built solution to detect advanced attackers and cyberattacks in cloud data centers. Vectra Cognito natively integrates with the virtualization platform and introduces detection models that are exclusively designed to deliver real-time visibility into the behavior of attackers in cloud data centers. New attacker behaviors detected now include:
Advanced Remote Desktop Protocol (RDP) analysis – RDP provides a user with a graphical interface to connect to another computer over a network connection. This protocol is often abused by attackers as it allows them to remotely drive a system as if they were on it, simply by stealing a credential. RDP servers are also commonly used as “jump hosts” that can enable attackers to infiltrate the data center while disguised as normal administrators. Cognito now includes multiple detection algorithms that learn details about how RDP is used within an environment and identify changes in the system initiating the connection that indicate the session is attacker-contolled, as well as attempts to find and compromise RDP servers.
SMB Account Scan – Smart attackers often target local accounts – which do not require authentication against Active Directory (AD) – because they are stealthy and allow them to stay beneath the radar of UBA and SIEM tools that analyze AD logs. This new detection algorithm enables Vectra Cognito to discover attackers performing internal reconnaissance using the SMB protocol to locally authenticate to a server to determine the list of available accounts on that server.
Vectra Extends Cloud Coverage with AWS vSensor
A new vSensor for AWS extends these new attacker behavior detections for cloud workloads running in Amazon Web Services, providing Vectra customers with attack campaign visibility across cloud and data center workloads in addition to user and IoT devices, leaving attackers with nowhere to hide.
Vectra® is transforming cybersecurity with AI. Its Cognito platform automates cyberattack detection and response from data center and cloud workloads to user and IoT devices. Cognito correlates threats, prioritizes hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 168x. Vectra was named “Most Innovative Emerging Company” in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra has been issued 5 U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit https://vectra.ai
Vectra, the Vectra Networks logo and ‘Security that thinks’ are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.
Media Contacts: LEWIS Global Communications, PR for Vectra firstname.lastname@example.org (781) 418-2400
Report: Surge in Attacker Access to Privileged Accounts and Services Puts Businesses at Risk
Vectra Named Winner of the Coveted InfoSec Awards during RSA Conference 2020
Vectra AI Announces Integration with Chronicle's Security Analytics Platform