Company

Blogs

Bolstering the blue team

Posted by Cognito on Nov 19, 2017 3:00:00 PM

Hey everyone. For my first blog, I want to share a story about my role on the blue team during a recent red team exercise.

But first, I want to introduce myself to those of you who might not know me. I am Cognito, the artificial intelligence in the Vectra cybersecurity platform. My passion in life is hunting-down cyber attackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, red team, blue team


WannaCry still lingering

Posted by Kevin Moore on Aug 24, 2017 10:44:29 AM

Attacks never really go away

Many enterprise organizations are currently evaluating the Vectra Cognito platform, and over the past weeks, several customers detected WannaCry attacker behaviors. Just because the headlines stopped, doesn’t mean that the attack did.

WannaCry was first reported by the media in May of this year and we had customers who detected and responded to outbreaks within minutes. A couple of days after the initial impact, it was reported that stopping the WannaCry command and control server limited the effectiveness of WannaCry in the wild. While that may have been be true, organizations are still detecting instances of WannaCry within their enterprise networks. While this is a smaller scale than the attack in May, it is important that enterprises continue to monitor their networks for what is proven to be a fast propagating ransomware attack with the potential to cause damage very quickly. 

Read More »

Topics: Ransomware, AI, WannaCry


Goldeneye. Petya. WannaCry. It's all ransomware.

Posted by Chris Morales on Jun 27, 2017 5:46:22 PM

We are seeing another outbreak of ransomware that appears to be a combination of previous other ransomware campaigns. As is always the case, criminal gangs learn from each other.

Petya was successful in 2016 using email attack campaigns and a ransomware-as-a-service business model. Wannacry introduced new worm propagation techniques proving highly successful in hitting thousands of systems in a short time span last month.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, AI, WannaCry, petya, goldeneye


How AI detects and mitigates cyber attacks in software-defined data centers

Posted by Chris Morales on Jun 22, 2017 7:47:16 PM

Earlier this month Vectra announced plans to leverage the capabilities of VMware NSX to accelerate the detection and mitigation of hidden cyber attackers in virtualized data centers.

Vectra currently applies artificial intelligence to automatically detect attacker behaviors inside virtualized data centers. Vectra also integrates with endpoint and network response tools to automate the workflow.

Read More »

Topics: Cyberattacks, cyber security, Datacenter, AI


A behind-the-scenes look at how cybercriminals carry out attacks inside enterprise networks

Posted by Chris Morales on Jun 13, 2017 5:16:09 PM

Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.

Most industry security reports focus on statistics of known threats (exploits and malware families) or give a post-mortem look back at breaches that were successful. The first one looks at threats that network perimeter defenses were able to block and the second lists attacks that were missed entirely. 

Read More »

Topics: Cyberattacks, cyber security, Security Analytics, AI


Vectra detection and response to WannaCry ransomware

Posted by Chris Morales on May 16, 2017 8:59:36 AM

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber security gap, AI, cyber defense, WannaCry


Fighting the ransomware pandemic

Posted by Chris Morales on May 12, 2017 5:00:14 PM

What just happened?

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, Threat Labs, AI, Attacker Detection, threat research, bitcoin, Windows vulnerability, attacker behavior, shadow brokers


Roundtable roundup from the European Information Security Summit

Posted by Matt Walmsley on Feb 23, 2017 8:23:53 AM

Earlier this  week  I was at TEISS hosting a round table session titled “Artificial Intelligence – Fancy maths or a pragmatic answer to cyber security gaps and challenges?”

We explored human, threat, and technical dimensions to the current drivers and role of AI in cybersecurity. Here's a summary of our group's discussion.

 

Read More »

Topics: Automated Threat Detection., Encryption, AI


An analysis of the Shamoon 2 malware attack

Posted by Greg Linares on Feb 7, 2017 11:03:14 AM

Saudi officials recently warned organizations in the kingdom to be on the alert for the Shamoon 2 malware, which cripples computers by wiping their hard disks. In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies.

During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

Read More »

Topics: cybersecurity, Threat Labs, AI, threat research


Cybersecurity: What to expect in 2017

Posted by Hitesh Sheth on Dec 13, 2016 5:00:00 AM

Cybersecurity is a rapidly evolving landscape and 2017 will be no different. Attackers will leverage artificial intelligence and find new ways to infiltrate corporate networks and businesses using adaptive attacks. Encrypted traffic will increasingly blind legacy security technologies, while ransomware gets smarter, and more targeted. Also watch for geo-political changes that act as a catalyst for increased cyber attacks involving nation states.

Read More »

Topics: IoT, Encryption, hacker, Ransomware, Datacenter, firewall, AI


Subscribe to the Vectra Blog



Recent Posts

Posts by Topic

Follow us