Vectra AI and Keysight: Eliminate the blind spots attackers use to hide


Learn all about our partnership.

Download Integration Brief

The Keysight Network Visibility Architecture and the Vectra AI Platform eliminate blind spots that allow attackers to hide.

Keysight’s Vision series of Network Packet Brokers (NPBs) passively sends traffic from multiple network access points – like SPANs, taps and virtual taps (vTaps) – to the Vectra AI Platform for inspection and analysis.

The Vectra AI Platform collects the right network and cloud metadata and augments it with machine learning to detect all phases of persistent stealthy attacks. That includes hidden command-and-control communications, internal reconnaissance, botnet monetization, lateral movement and data exfiltration. By removing duplicate packets and other unwanted data, Keysight packet brokers equip the Vectra AI Platform with reliable real-time data and enhance throughput capacity.

Key benefits of the Keysight and Vectra AI integration:

Combining Keysight’s automation capabilities with the Vectra AI Platform with Attack Signal Intelligence speeds threat detection and the right response. Seamless integration achieves complete visibility into traffic from anywhere in the network or cloud so 100% of traffic can be inspected and analyzed.

By providing complete visibility into cyber threats, Keysight and Vectra AI solutions work together to deliver:

Why integrate Keysight with Vectra AI?

  • Simplified deployment – Leverage joint solutions in any network environment with Keysight’s intuitive GUI enabling drag-and-drop virtual connections between SPANs/taps and the Vectra AI Platform
  • Rapid scale – Add 1-, 10-, 40-, or 100-gigabit ports as needed; dynamically adjust filters to meet bandwidth requirements
  • Maximum efficiency – Filter and remove unneeded traffic so the Vectra AI Platform always operates at full efficiency
  • Higher utilization – Load-balance traffic across multiple ports
  • Real visibility into virtual risk – Gain visibility into potential threats hidden in east-west traffic across your virtual environments

Intelligent visibility complements AI

The Vectra AI Platform is based on a simple principle for finding all hidden cyberthreats: Use an authoritative source of data and seek out the fundamental threat behaviors that cybercriminals can’t avoid when they carry out an attack. Keysight’s intelligent visibility solutions ensure delivery of reliable data from those authoritative sources.

Equipped with the right input from every network and cloud source, the Vectra AI network detection and response platform delivers high-fidelity security metadata – knowledge of what’s happening in every conversation – enriched with context specific to security applications, such as the names of hosts, existence of beacons and the privilege level of accounts.

The Vectra AI Platform efficiently analyzes data at scale. Instead of traditional payload inspection, a combination of AI, machine learning and behavioral traffic analysis exposes attacker behaviors — even in encrypted traffic — as they spy, drop malware, and move laterally to steal in the network and cloud.

How it works:

Keysight integration with Vectra AI

Keysight directs traffic to the Vectra AI Platform and Vectra X-series appliances. Intelligent visibility provides fast, easy access to all required traffic anywhere in your hybrid environment— networks and data centers, or public clouds.

Aggregating traffic from multiple SPANs, taps and vTaps achieves efficient access to asymmetric traffic across large heterogeneous networks. Traffic that does not require analysis can be filtered out by Keysight NPBs to prevent unnecessary consumption of Vectra AI resources.

Traffic from network access points can be shared with multiple monitoring solutions to avoid common SPAN/tap shortages that happen when multiple tools need data from the same access point. For insight into cloud environments, Keysight’s CloudLens solution gathers traffic from public clouds.