Vectra Networks Takes On Backdoors in Data Center Firewalls Planted by Advanced Adversaries

September 13, 2016

(Gartner Security & Risk Management Summit 2016, London, Booth P3) Vectra® Networks, the leader in automated threat management, today announced the industry’s first comprehensive approach to detect backdoors embedded in network infrastructure including firewalls, servers, routers and switches, found at the heart of private enterprise data centers and public clouds.

“For years, security considerations for the data center have been largely focused on segmentation, access policy, and anti-virus in the virtual space to prevent the initial infection,” said Oliver Tavakoli, CTO of Vectra Networks. “However, attackers recognize that the keys to the kingdom can be found deeper in the physical devices used to build the data center infrastructure.”

A history of adversarial backdoors

Attacks have shown the ability to survive operating system upgrades, and definitive diagnosis often requires physically dismantling the device to analyze the underlying firmware. Additionally, this type of activity on the devices and interfaces in question is typically not logged, making it hard to detect any abnormalities.

The use of backdoors in network infrastructure devices is well-documented, dating back to the late-1990s, through the early- and mid-2000s, including the Snowden revelations in 2013, and with more recent incidents making headlines in the past few months.

“Vectra is the first to deliver technology that reveals the existence of backdoors, rootkits or attacks emanating from trusted infrastructure,” said Tavakoli. “We empower our customers to identify devices in their data center that may have been compromised so they can stop attacks before damage is done.”

Vectra ‘watches the watchers’

In addition to going after firewalls, switches and routers, attackers are also targeting the administrative credentials used to watch over and secure your data center.

Vectra detection capabilities include the concept of watching these watchers by detecting rogue and compromised administrators. For example, Vectra monitors for improper use of administrative activity including those involving low-level management protocols such as IPMI. These protocols are increasingly targeted by attackers because they give a backdoor into the virtual environment yet are rarely monitored by security solutions.

Integration with VMware vCenter

According to Gartner, “perimeter-centric security and zone-based firewall architectures lack visibility and control over east-west data center traffic, which accounts for approximately 80% of all data center network traffic. Lateral movement of attackers and spread of malware cannot be controlled.”*

Vectra virtual sensors connect to any vSwitch to analyze traffic and detect threats passing between workloads within the virtual environment. Vectra also integrates with VMware vCenter to provide an always up-to-date and authoritative view of your virtual environment. For the first time in the industry, Vectra brings together the required visibility, context, and intelligence to find advanced attacks within the data center.

Vectra Networks will be providing product demonstrations this week at the Gartner Security & Risk Management Summit 2016, in London at booth P3. Hitesh Sheth, CEO of Vectra Networks, will be presenting on “Catch an Active Cyber Attack in 5 Minutes or Less” later today at 9:30 a.m.

Earlier this week, the company also announced a new partnership with Wipro Limited (NYSE:WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting, and business process services company, that will bring “Threat Hunting as a Service” offering to market. For more information on this news announcement, please see the press release.

For more information on the new data center detection models, please visit our resources page.

About Vectra Networks

Vectra® Networks is the leader in automated threat management solutions for the real-time detection of in-progress cyber attacks. The company’s solution automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. Vectra was named Dark Reading’s Best of Black Hat 2016 “Most Innovative Emerging Company” and the American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company’s headquarters are in San Jose, Calif., and it has European regional headquarters in Zurich, Switzerland. More information can be found at


Vectra and the Vectra Networks logo are registered trademarks and Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.

*Gartner, Inc., Network Security Architectures for Virtualized Data Centers, Joerg Fritsch, Aug. 10, 2015.

Most recent news releases

Vectra Unifies AI-driven Behavior-based Detection and Signature-based Detection in a Single Solution

March 22, 2023
Read news release

Vectra Featured on CRN’s 2023 Security 100 List

February 22, 2023
Read news release

Randy Schirman and Bonnie Simmons of Vectra Honored as a 2023 CRN Channel Chiefs

February 7, 2023
Read news release

Learn more about the Vectra platform

Understand more about the Vectra platform and its approach to threat detection and response.

Request a demo
Vectra Platform functionalities