Wade Williamson

Recent Posts

Bringing attack detections to the data center

Posted by Wade Williamson on Sep 12, 2016 11:59:00 PM

In extending the Vectra cybersecurity platform to enterprise data centers and public clouds, we wanted to do more than simply port the existing product into a virtualized environment. So, Vectra security researchers, data scientists, and developers started with a fresh sheet of paper to address the real-world challenges and threats that are unique to the enterprise data centers and clouds.


Visibility and intelligence that spans the enterprise

First, it was important to remember that the data center can be both integrally connected, yet in some ways separated from the physical enterprise. For example, attacks can spread from the campus environment to the data center environment, and security teams absolutely need to know how these events are connected. On the other hand, 80% of data center traffic never leaves the data center, making it invisible to traditional security controls.

Read More »

Topics: Data Center, Cyberattacks, cybersecurity

The new vulnerability that creates a dangerous watering hole in your network

Posted by Wade Williamson on Jul 12, 2016 10:06:41 AM

Security researchers with Vectra Threat Labs recently uncovered a critical vulnerability affecting all versions of Microsoft Windows reaching all the way back to Windows 95. The vulnerability allows an attacker to execute code at system level either over a local network or the Internet. As a result, attackers could use this vulnerability both to infect an end-user from the Internet, and then spread through the internal network. 

Vectra and Microsoft collaborated during the investigation of this issue, and Microsoft has delivered a fix as part of Security Bulletin MS16-087, which is available here.

The vulnerabilities, CVE-2016-3238 (MS16-087), and CVE-2016-3239, stem from the way users connect to printers in the office and over the Internet. This vulnerability could enable a relatively unsophisticated attacker to incorporate IoT devices as part of an attack and quickly infiltrate and spread through a network without detection. While this blog provides an overview of the vulnerability, you can read the in-depth technical analysis here. In addition, a video summary of the vulnerability is available here

The vulnerability in question centers around the ways that network users find and use printers on a network. Needless to say, modern organizations often have many users, and likewise often have many different makes and models of printers. Users expect to connect to and use whatever printer is most convenient, and likewise, mobile users expect to be able to come in to the office and print.

Read More »

Topics: Microsoft, vulnerability, APT

Introducing the Spring 2016 Post-Intrusion Report

Posted by Wade Williamson on Apr 20, 2016 5:00:00 AM

Insights from inside the kill chain

Detection_Overview.pngThis week we are proud to announce the release of the third edition of the Vectra Post-Intrusion Report. And while there are plenty of reports from security vendors out there, this one provides something that is unique.

Read More »

Will IDS ever be able to detect intrusions again?

Posted by Wade Williamson on Nov 3, 2015 9:23:04 AM

IDS has been around for decades and has long been a cornerstone of network security. But over the years, IDS was gradually absorbed by IPS, and IDS simply became thought of as a deployment option of IPS.

However, this subservient role of IDS in relation to IPS introduces a subtle but important compromise – detection takes a backseat to prevention. Because IPS is deployed in-line with network traffic, performance concerns are paramount. Prevention cannot slow the speed or flow of business, and that meant detections must be near-instantaneous.

The need to block threats within milliseconds locks IDS/IPS into using signatures for detections. While signatures can detect a wide variety of threats, they rely on the fast-pattern-matching of known threats.

Read More »

Topics: IDS

A revolutionary new approach to detecting malicious covert communications

Posted by Wade Williamson on Oct 28, 2015 9:42:05 AM

Today’s cyber attackers are patient, as they infiltrate and steadily persist within an organization’s network over time. These long-term attacks require ongoing communication to orchestrate the various phases of attack.

By understanding how attackers conceal their communications, we can rob attackers of the persistence and coordination that makes modern attacks so successful.

Read More »

Topics: Cyberattacks, Covert Communications

The Impact of IoT on Your Attack Surface

Posted by Wade Williamson on Sep 29, 2015 8:12:00 AM

Researchers from Vectra Threat Labs recently performed an in-depth analysis of vulnerabilities found in a common Belkin wireless repeater. Today in an article on Dark Reading, Vectra CTO Oliver Tavakoli digs into why seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things (IoT). Read the full article here.

Of particular importance to security teams, IoT is not only bringing far more devices into the network, but they are also devices that very rarely get patches and updates. This means that vulnerabilities can be left unaddressed for months or even years.  Likewise, these devices are unlikely to be protected by signatures and will almost assuredly be unable to run client-based security.

Read More »

Topics: Vulnerabilities, IoT

The industry needs a real alternative to signatures

Posted by Wade Williamson on Sep 9, 2015 10:20:00 AM

For years, security professionals have become increasingly aware of the limitations of signatures. And yet for all this awareness, the industry is still focused on making signatures faster instead of addressing the fundamental problem.

Threat feeds deliver signatures faster and faster and malware sandboxes generate new signatures for newly discovered malware. Nonetheless, attackers continue to evade them and are wining at an ever-increasing rate.

Read More »

Topics: Cyberattacks, Signatures

What cyber threats are lurking about in your network?

Posted by Wade Williamson on Jun 23, 2015 5:00:00 AM

Today, Vectra Networks published its second edition Post-Intrusion Report that offers a first-hand look at modern threats that get past perimeter security and spread inside the network.

In the latest report, we analyzed behaviors and techniques across the entire lifecycle of real-world cyber attacks. We also looked back and saw alarming changes in the threat landscape and observed emerging trends in attack techniques.

Read More »

Topics: Cyberattacks, Post Breach Detection, Tor, cyber security

Duqu: The Sequel

Posted by Wade Williamson on Jun 12, 2015 12:54:00 PM

Doqu_2.0_Wade_Williamson_Blog_Image_Recently, Kasperky Labs disclosed that it was the victim of a sophisticated cyber attack, which they have named Duqu 2.0. The team at Kaspersky Labs has published a detailed analysis of Duqu 2.0 and it’s definitely worth a read.

The original Duqu threat actor was a family of malware that most researchers believe was created by a nation-state and it’s related to the infamous Stuxnet worm. While Stuxnet was used to damage centrifuges used to enrich uranium, the original Duqu appeared more intent on surveillance and collecting information within a compromised network.

Read More »

Topics: Cyberattacks, cyber security

Insider threats surge while budgets retreat

Posted by Wade Williamson on Jun 4, 2015 5:00:00 AM

The Information Security Community on LinkedIn recently completed a survey of more than 500 cybersecurity professionals on the topic of insider threats. This report reveals the real-world trends and challenges of combating insider threats from the viewpoint of the security professionals who do it every day.

Let’s take a look at some of these trends and what they may mean for information security.

Insider threats are on the rise, but budgets are not
Security teams have long been asked to do more with less, but this trend is particularly stark in the area of malicious insiders.

The study shows that 62% of respondents saw more insider threats over the past year, but only 34% expect to get more budget to address the problem. Underscoring this problem, 68% feel vulnerable and less than half feel they have appropriate control over insider threats.

Read More »

Topics: Insider Threats

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us