Vectra issued five U.S. patents for artificial intelligence that automates the hunt for cyber attacker behaviors
Vectra, the leader in automating the hunt for in-progress cyber attacks, today announced it has been issued five U.S. patents, numbers 9237164, 9407647, 9565208, 9602533 and 9628512, for advanced cyber security analytics capabilities automated by artificial intelligence (AI). These patents demonstrate the effectiveness of security research and data science collaborating to enhance visibility into attacker behavior.
The Vectra patented technology helps address critical issues in today’s fight against cyber attackers. Between the severe shortage of knowledgeable talent and the immense increase in cyber threats, shorthanded security teams are bombarded with endless, disparate alerts that take hours to investigate and prevent a rapid determination of severity or root cause. Vectra combines a number of patented machine learning (ML) and AI techniques to identify individual attacker behavior and to judge the severity of combinations of such behaviors.
One of the most difficult attacker behaviors to detect is malware that “phones home” to the attacker and enables him to take manual control over a compromised host. Security analysts have coined the term RAT (Remote Access Trojan) to describe malware that enables this functionality. However, any number of benign software packages used for remotely controlling a machine can also be used to accomplish the same goal. Vectra has been granted a patent for using innovative machine learning techniques to detect such behavior regardless of the malicious or benign software used to establish manual remote control of an internal host.
Another of the granted patents takes an innovative approach to correlating all attacker behaviors observed on a particular asset in an organization’s network and assigning threat and certainty scores to the observed timeline of attacker behaviors. With such insights, attacks can be stopped at the earliest signs of detection and before data is stolen.
“Timely detection of advanced attacks is key to neutralizing them before they do an organization substantial harm. Using ML and AI to find the individual steps of advanced attacks, correlating them on a machine across time and prioritizing the resulting narratives is key to making events actionable for security analysts,” said Oliver Tavakoli, chief technology officer of Vectra. “Finding the sometimes-tenuous connections across multiple machines which are part of a single attack campaign is the next AI frontier for reducing analysts’ alert fatigue and turning the tables on the attackers.”
Additional Patents Issued Advancing Visibility into Attacker Behavior
Fingerprinting Individual Behavior – Correlation efforts begin by fingerprinting each machine or workload in an organization’s network. These fingerprints allow identification of a host to which individual behaviors can be attributed. The collection of observed behaviors over time can then be scored based on the certainty of compromise and the extent of threat the set of behaviors signal.
Host Scoring & Correlation – Utilizing AI to identify individual attacker behaviors, such as External Remote Access, presents a major advancement, in terms of coverage and accuracy, over current techniques. Even as better coverage for detecting individual attacker behaviors become available, there is also an opportunity to apply machine learning to correlate these behaviors, creating from them a smaller number of individual host narratives and potential attack campaigns.
Vectra has 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence.
Vectra Networks is the leader in automating the hunt for in-progress cyber attacks. Using artificial intelligence, Vectra correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. In 2016, Vectra was named “Most Innovative Emerging Company” in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit https://vectra.ai
Vectra, the Vectra Networks logo and ‘Security that thinks’ are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.
LEWIS Global Communications, PR for Vectra firstname.lastname@example.org (781) 418-2400
Vectra research reveals 90% of surveyed organizations exhibit a form of malicious Remote Desktop Protocol (RDP) behaviors
Vectra expands operations in the Middle East to address the growing demand for network detection and response in the cloud
Vectra introduces the industry’s first privilege-aware network detection and response solution to strengthen the enforcement of zero trust