Vectra Networks Takes On Backdoors in Data Center Firewalls Planted by Advanced Adversaries
(Gartner Security & Risk Management Summit 2016, London, Booth P3) Vectra® Networks, the leader in automated threat management, today announced the industry’s first comprehensive approach to detect backdoors embedded in network infrastructure including firewalls, servers, routers and switches, found at the heart of private enterprise data centers and public clouds.
“For years, security considerations for the data center have been largely focused on segmentation, access policy, and anti-virus in the virtual space to prevent the initial infection,” said Oliver Tavakoli, CTO of Vectra Networks. “However, attackers recognize that the keys to the kingdom can be found deeper in the physical devices used to build the data center infrastructure.”
Attacks have shown the ability to survive operating system upgrades, and definitive diagnosis often requires physically dismantling the device to analyze the underlying firmware. Additionally, this type of activity on the devices and interfaces in question is typically not logged, making it hard to detect any abnormalities.
The use of backdoors in network infrastructure devices is well-documented, dating back to the late-1990s, through the early- and mid-2000s, including the Snowden revelations in 2013, and with more recent incidents making headlines in the past few months.
“Vectra is the first to deliver technology that reveals the existence of backdoors, rootkits or attacks emanating from trusted infrastructure,” said Tavakoli. “We empower our customers to identify devices in their data center that may have been compromised so they can stop attacks before damage is done.”
In addition to going after firewalls, switches and routers, attackers are also targeting the administrative credentials used to watch over and secure your data center.
Vectra detection capabilities include the concept of watching these watchers by detecting rogue and compromised administrators. For example, Vectra monitors for improper use of administrative activity including those involving low-level management protocols such as IPMI. These protocols are increasingly targeted by attackers because they give a backdoor into the virtual environment yet are rarely monitored by security solutions.
According to Gartner, “perimeter-centric security and zone-based firewall architectures lack visibility and control over east-west data center traffic, which accounts for approximately 80% of all data center network traffic. Lateral movement of attackers and spread of malware cannot be controlled.”*
Vectra virtual sensors connect to any vSwitch to analyze traffic and detect threats passing between workloads within the virtual environment. Vectra also integrates with VMware vCenter to provide an always up-to-date and authoritative view of your virtual environment. For the first time in the industry, Vectra brings together the required visibility, context, and intelligence to find advanced attacks within the data center.
Vectra Networks will be providing product demonstrations this week at the Gartner Security & Risk Management Summit 2016, in London at booth P3. Hitesh Sheth, CEO of Vectra Networks, will be presenting on “Catch an Active Cyber Attack in 5 Minutes or Less” later today at 9:30 a.m.
Earlier this week, the company also announced a new partnership with Wipro Limited (NYSE:WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting, and business process services company, that will bring “Threat Hunting as a Service” offering to market. For more information on this news announcement, please see the press release.
For more information on the new data center detection models, please visit our resources page.
Vectra® Networks is the leader in automated threat management solutions for the real-time detection of in-progress cyber attacks. The company’s solution automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. Vectra was named Dark Reading’s Best of Black Hat 2016 “Most Innovative Emerging Company” and the American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company’s headquarters are in San Jose, Calif., and it has European regional headquarters in Zurich, Switzerland. More information can be found at www.vectranetworks.com.
Vectra and the Vectra Networks logo are registered trademarks and Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.
*Gartner, Inc., Network Security Architectures for Virtualized Data Centers, Joerg Fritsch, Aug. 10, 2015.
Report: A vulnerable attack surface exists in healthcare enterprise IT networks
Vectra named a Representative Vendor in the inaugural Gartner Market Guide for Network Traffic Analysis
Ardagh Group selects Vectra AI to acceleratethreat detection and investigation