While ransomware attacks like NotPetya and WannaCry were making headlines (and money) in 2017, cryptocurrency mining was quietly gaining strength as the heir apparent when it comes to opportunistic behaviors for monetary gain.
Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). I’m pretty ecstatic about that.
Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS. This convergence occurred as the security industry focused more on preventing external threat actors.
Traffic sent to and from major internet sites was briefly rerouted to an ISP in Russia by an unknown party. The likely precursor of an attack, researchers describe the Dec. 13 event as suspicious and intentional.
According to BGPMON, which detected the event, starting at 04:43 (UTC) 80 prefixes normally announced by several organizations were detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.
The United States has not been the victim of a paralyzing cyber-attack on critical infrastructure like the one that occurred in the Ukraine in 2015. That attack disabled the Ukrainian power grid, leaving more than 700,000 people helpless.
But the United States has had its share of smaller attacks against critical infrastructure. Most of these attacks targeted industrial control systems (ICS) and the engineering personnel who have privileged access.
As enterprises migrate to the cloud, strong perimeter defenses are not enough to stop cyber attackers from infiltrating the network. Together, Gigamon and Vectra enable organizations to gain network visibility and automate threat management - providing continuous monitoring of network traffic to pinpoint cyber attacks that evaded perimeter defenses.
Chris Morales, Head of Security Analytics at Vectra joins us to discuss what challenges he sees customers facing when moving to Amazon Web Services (AWS) and how Gigamon and Vectra can help them.
In the fight against cyber-attacks, time is money. According to the Ponemon institute, the average cost of a data breach is $3.62 million. Reducing the time to detect and time contain an incident can significantly mitigate the cost of a breach, and possibly prevent it.
Maturity level and effectiveness are two of the most important measurements of SOC performance. Maturity reflects an enterprise’s development level regarding its approach to managing cybersecurity risk, including risk and threat awareness, repeatability, and adaptiveness. Effectiveness is a measurement of the SOC’s ability to detect and respond to an incident as it happens.
We conducted a survey.
We are seeing another outbreak of ransomware that appears to be a combination of previous other ransomware campaigns. As is always the case, criminal gangs learn from each other.
Petya was successful in 2016 using email attack campaigns and a ransomware-as-a-service business model. Wannacry introduced new worm propagation techniques proving highly successful in hitting thousands of systems in a short time span last month.
Earlier this month Vectra announced plans to leverage the capabilities of VMware NSX to accelerate the detection and mitigation of hidden cyber attackers in virtualized data centers.
Vectra currently applies artificial intelligence to automatically detect attacker behaviors inside virtualized data centers. Vectra also integrates with endpoint and network response tools to automate the workflow.
Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.
Most industry security reports focus on statistics of known threats (exploits and malware families) or give a post-mortem look back at breaches that were successful. The first one looks at threats that network perimeter defenses were able to block and the second lists attacks that were missed entirely.
Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.
WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.