Oliver Tavakoli, CTO, Vectra Networks

Oliver Tavakoli is chief technology officer at Vectra. Oliver is a technologist who has alternated between working for large and small companies throughout his 25-year career – he is clearly doing the latter right now. Prior to joining Vectra, Oliver spent more than seven years at Juniper as chief technical officer for the security business. Oliver joined Juniper as a result of its acquisition of Funk Software, where he was CTO and better known as developer #1 for Steel-Belted Radius – you can ask him what product name came in second in the naming contest. Prior to joining Funk Software, Oliver co-founded Trilogy Inc. and prior to that, he did stints at Novell, Fluent Machines and IBM. Throughout his career, Oliver has annoyed colleagues by his insistence that words be spelled correctly.
Find me on:

Recent Posts

Why it's okay to be underwhelmed by Cisco ETA

Posted by Oliver Tavakoli, CTO, Vectra Networks on Jun 26, 2017 3:59:54 PM

Cisco recently announced the term “intent-based networking” in a press release that pushes the idea that networks need to be more intuitive. One element of that intuition is for networks to be more secure without requiring a lot of heavy lifting by local network security professionals. And a featured part of that strategy is Cisco ETA: 

"Cisco's Encrypted Traffic Analytics solves a network security challenge previously thought to be unsolvable," said David Goeckeler, senior vice president and general manager of networking and security. "ETA uses Cisco's Talos cyber intelligence to detect known attack signatures even in encrypted traffic, helping to ensure security while maintaining privacy."

Read More »

Topics: machine learning, network security, external remote access

Don't Shed Tears When Peeling the Onion Router

Posted by Oliver Tavakoli, CTO, Vectra Networks on Nov 11, 2014 12:27:06 PM

Periodically, articles are published highlighting the difficulty authorities have investigating illegal activity on the Internet when the perpetrators make use of the anonymity that Tor provides.

Last week saw another such article appear in The Wall Street Journal, highlighting an operation that took down more than four hundred Web sites accessible only via Tor, which are essentially Tor “services”, arrested 17 people and confiscated plenty of Bitcoins associated with running these web sites. These web sites are referred to as “darknet marketplaces” and basically connect purveyors of illegal goods (e.g., drugs, guns) and services (e.g., contract killings) with people seeking these things. An August article in Wired spent more time detailing how the FBI goes about fighting the demand side of the problem – by infecting machines belonging to potential seekers of such goods and services via drive-by-downloads.

Read More »

Topics: Targeted Attacks, Tor

Catch Attackers Attempting to Shellshock You

Posted by Oliver Tavakoli, CTO, Vectra Networks on Sep 29, 2014 10:48:00 AM

The recent discovery of Shellshock, the bash shell bug, has something in common with the discovery of Heartbleed earlier this year. Both vulnerabilities existed for many years before they were discovered – over two years for Heartbleed and over 22 years for Shellshock. Both affect a very large number of computer and communications systems. Both have induced a gut-wrenching panic.

There will always be two periods during which you are vulnerable to such exploits. The first is the period before the vulnerability is reported and may have been exploited by a few attackers. The second is the span of time between when the vulnerability is publicly reported and before you patch the affected systems. During this second period, every attacker imaginable will attempt to exploit the vulnerability. Predicting when new vulnerabilities will appear and what ways creative attackers will come up with to exploit them is generally a losing battle. That doesn’t mean there is nothing you can do to catch them.

Read More »

Topics: Heartbleed, Shellshock

Detecting Future Heartbleed Security Exploits

Posted by Oliver Tavakoli, CTO, Vectra Networks on Aug 22, 2014 2:47:00 PM

Reading Steve Ragan's write-up on the recent Community Health Systems breach in CSO online took me back to my blog post on Heartbleed from the Inside from May 1, 2014 that included this cautionary note.

"It's only a matter of time – actually, it's probably already happening – before we see targeted attacks that utilize Heartbleed as one of the weapons in the attackers' arsenal to acquire key account credentials and use those credentials to get to the crown jewels."

Read More »

Topics: Malware Attacks, Heartbleed

Art of Scoring Malware Detections – Friend or Foe?

Posted by Oliver Tavakoli, CTO, Vectra Networks on Aug 15, 2014 7:00:00 AM

As our customer base has grown, the variety of opinions about what constitutes a threat has grown with it. This variety creates challenges for products like ours, which strive to supply the right epiphanies with little or no configuration required by our customers.

One example of this comes up when we’ve detected what we call “external remote access” behavior in the network. This detection algorithm basically detects remote control of a host inside an organization’s network by an entity outside (in this context, “outside” means not connected via VPN) the network on a connection that has been initiated by the internal host.

Read More »

Topics: Malware Attacks

Heartbleed on the Inside

Posted by Oliver Tavakoli, CTO, Vectra Networks on May 1, 2014 5:00:00 PM

A lot has been said about the global impact of Heartbleed. First, we had all the descriptions of Heartbleed – my favorite one was on xkcd. Then we saw warnings that we would need to change our password on public websites. That was followed by a warning that, since the private keys of certificates could be retrieved by exploiting Heartbleed, we should change our passwords now, wait for Web sites to change their certificates and then change our passwords again.

What has received far less attention is the fact that many of our common enterprise products (e.g., routers, firewalls, web proxies) inside our infrastructure are also susceptible to Heartbleed. Bulletins from Cisco, Juniper Networks and Blue Coat indicate widespread use of OpenSSL, the software in which the Heartbleed bug exists, in these products. Even industrial control systems from companies like Siemens have this vulnerability, which Arik Hesseldahl wrote about recently on Re/ And, unlike public-facing web sites, many of which have already undergone updates to fix the bug, the availability and deployment of patches for all your infrastructure systems hits you in unexpected ways, including the need to upgrade to the newer versions of software than you are probably running, necessitating testing cycles before you can deploy it.

Read More »

Topics: Heartbleed

Divining Attacker Intent

Posted by Oliver Tavakoli, CTO, Vectra Networks on Apr 16, 2014 5:51:00 PM

In talking to customers, I am frequently reminded of the fact that people's understanding of how malware is built and delivered hasn't kept up with the changing landscape over the past few years. While most people expect actual targeted attacks to evolve through multiple stages, much of the run-of-the-mill botnet malware no longer infects a system in a single stage either.

Much of this multi-stage malware starts off with a small dropper that only represents the initial stage of an exploit. We’ve seen small droppers come bundled in Microsoft Word documents, PDF files and spreadsheets attached to emails or be retrieved when browsers access URLs – whether the user clicks on a link embedded in an email or visits a compromised web site.
Read More »

Topics: Targeted Attacks, Malware Attacks

Security Report Season: what malware does versus what it is.

Posted by Oliver Tavakoli, CTO, Vectra Networks on Apr 2, 2014 9:47:00 AM

The first quarter of every year in the security business brings every imaginable retrospective of all the bad things that happened the prior year. This year is no different. As I read this year's crop of reports (this required several cups of coffee), I was struck by the fact that much of the focus continues to be on malware families, which I call "the race to win the naming game," and the number of zero-day threats found.

The naming game is always an interesting one. It leads to names like Kelihos (aka Hlux), ZeroAccess (aka Sirefef), Zeus (aka Zbot) and the usual rogues' gallery of malware. While the desire to name things is all too human (after all, it helps us communicate about complex things with very little effort), when you juxtapose the number of malware variants against the desire to name them all, you can see that we're facing an uphill battle.
Read More »

Topics: Malware Attacks

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us