Blog

AI and the future of cybersecurity work

Posted by Sohrob Kazerounian on Nov 7, 2018 8:08:00 AM

In February 2014, journalist Martin Wolf wrote a piece for the London Financial Times[1] titled Enslave the robots and free the poor. He began the piece with the following quote:

“In 1955, Walter Reuther, head of the US car workers’ union, told of a visit to a new automatically operated Ford plant. Pointing to all the robots, his host asked: How are you going to collect union dues from those guys? Mr. Reuther replied: And how are you going to get them to buy Fords?”

Read More »

Topics: machine learning, AI, deep learning


Most attacks against energy and utilities occur in the enterprise IT network

Posted by Chris Morales on Nov 1, 2018 5:00:00 AM

The United States has not been hit by a paralyzing cyberattack on critical infrastructure like the one that sidelined Ukraine in 2015. That attack disabled Ukraine's power grid, leaving more than 700,000 people in the dark.

But the enterprise IT networks inside energy and utilities networks have been infiltrated for years. Based on an analysis by the U.S. Department of Homeland Security (DHS) and FBI, these networks have been compromised since at least March 2016 by nation-state actors who perform reconnaissance activities looking industrial control system (ICS) designs and blueprints to steal.

Read More »

Topics: cybersecurity, AI, Threat Detection, attacker behavior, critical infrastructure, IT, cyberattackers


Integrating with Microsoft to detect cyberattacks in Azure hybrid clouds

Posted by Gareth Bradshaw on Sep 25, 2018 5:58:37 AM

Microsoft unveiled the Azure Virtual Network TAP, and Vectra announced its first-mover advantage as a development partner and the demonstration of its Cognito platform operating in Azure hybrid cloud environments.

Read More »

Topics: machine learning, cloud, Microsoft, AI, deep learning


Near and long-term directions for adversarial AI in cybersecurity

Posted by Sohrob Kazerounian on Sep 12, 2018 6:00:00 AM

The frenetic pace at which artificial intelligence (AI) has advanced in the past few years has begun to have transformative effects across a wide variety of fields. Coupled with an increasingly (inter)-connected world in which cyberattacks occur with alarming frequency and scale, it is no wonder that the field of cybersecurity has now turned its eye to AI and machine learning (ML) in order to detect and defend against adversaries.

The use of AI in cybersecurity not only expands the scope of what a single security expert is able to monitor, but importantly, it also enables the discovery of attacks that would have otherwise been undetectable by a human. Just as it was nearly inevitable that AI would be used for defensive purposes, it is undeniable that AI systems will soon be put to use for attack purposes.

Read More »

Topics: machine learning, AI, deep learning


2018 Black Hat Superpower Survey: It's about time and talent

Posted by Chris Morales on Aug 22, 2018 2:57:12 PM

2018 Black Hat survey: It’s about time and talent

We love Black Hat. It’s the best place to learn what information security practitioners really care about and what is the truth of our industry. Because we want to always be relevant to customers, we figured Black Hat is an ideal event to ask what matters.

Read More »

Topics: cybersecurity, AI, Threat Detection, attacker behavior, SOC


Choosing an optimal algorithm for AI in cybersecurity

Posted by Sohrob Kazerounian on Aug 15, 2018 6:00:00 AM

In the last blog post, we alluded to the No-Free-Lunch (NFL) theorems for search and optimization. While NFL theorems are criminally misunderstood and misrepresented in the service of crude generalizations intended to make a point, I intend to deploy a crude NFL generalization to make just such a point.

You see, NFL theorems (roughly) state that given a universe of problem sets where an algorithm’s goal is to learn a function that maps a set of input data X to a set of target labels Y, for any subset of problems where algorithm A outperforms algorithm B, there will be a subset of problems where B outperforms A. In fact, averaging their results over the space of all possible problems, the performance of algorithms A and B will be the same.

With some hand waving, we can construct an NFL theorem for the cybersecurity domain:  Over the set of all possible attack vectors that could be employed by a hacker, no single detection algorithm can outperform all others across the full spectrum of attacks.

Read More »

Topics: machine learning, AI, deep learning


Types of learning that cybersecurity AI should leverage

Posted by Sohrob Kazerounian on Jul 18, 2018 6:00:00 AM

Despite the recent explosion in machine learning and artificial intelligence (AI) research, there is no singular method or algorithm that works best in all cases.

In fact, this notion has been formalized and shown mathematically in a result known as the No Free Lunch theorem (Wolpert and Macready 1997).

Read More »

Topics: machine learning, AI, deep learning


Neural networks and deep learning

Posted by Sohrob Kazerounian on Jun 13, 2018 6:00:00 AM

Deep learning refers to a family of machine learning algorithms that can be used for supervised, unsupervised and reinforcement learning. 

These algorithms are becoming popular after many years in the wilderness. The name comes from the realization that the addition of increasing numbers of layers typically in a neural network enables a model to learn increasingly complex representations of the data.

Read More »

Topics: machine learning, AI, deep learning


Giving incident responders deeper context about what happened

Posted by Cognito on Jun 4, 2018 9:54:43 AM

If you’re joining me for the first time, I want to introduce myself. I am Cognito, the AI cybersecurity platform from Vectra. My passion is hunting-down cyberattackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you’re an analyst, you probably have some incredible skills but are being held back by tedious, manual work.

Read More »

Topics: Malware Attacks, Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection


How algorithms learn and adapt

Posted by Sohrob Kazerounian on May 24, 2018 12:59:06 PM

There are numerous techniques for creating algorithms that are capable of learning and adapting over time. Broadly speaking, we can organize these algorithms into one of three categories – supervised, unsupervised, and reinforcement learning.

Supervised learning refers to situations in which each instance of input data is accompanied by a desired or target value for that input. When the target values are a set of finite discrete categories, the learning task is often known as a classification problem. When the targets are one or more continuous variables, the task is called regression.

Read More »

Topics: machine learning, AI


AI vs. machine learning

Posted by Sohrob Kazerounian on Apr 26, 2018 2:54:47 PM

“The original question ‘Can machines think?’ I believe to be too meaningless to deserve discussion. Nevertheless, I believe that at the end of the century, the use of words and general educated opinion will have altered so much that one will be able to speak of machines thinking without expecting to be contradicted.” – Alan Turing

Read More »

Topics: machine learning, AI


The rise of machine intelligence

Posted by Sohrob Kazerounian on Apr 10, 2018 8:35:27 AM

Can machines think?

The question itself is deceptively simple in so far as the human ability to introspect has made each of us intimately aware of what it means to think.

Read More »

Topics: machine learning, AI, alan turing


Alan Turing and the birth of machine intelligence

Posted by Sohrob Kazerounian on Mar 15, 2018 10:32:29 AM

“We may compare a man in the process of computing a real number to a machine which is only capable of a finite number of conditions…” – Alan Turing

 

It is difficult to tell the history of AI without first describing the formalization of computation and what it means for something to compute. The primary impetus towards formalization came down to a question posed by the mathematician David Hilbert in 1928.

Read More »

Topics: machine learning, AI, alan turing


Attackers can use your admin tools to spy, spread, and steal

Posted by Cognito on Jan 26, 2018 10:32:23 AM

In my last blog, I spoke about a financial customer performing pen testing and how I helped the blue team detect the red team as it carried-out an attack. I’m back again today with another story from the trenches.

This time, I’ve been working with a customer in the manufacturing sector who recently deployed me. As before, this customer prefers to remain anonymous to keep cybercriminals in the dark about their newly developed security capabilities. To stay on top of their game, they routinely run red team exercises.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, attacker behavior, red team, blue team


Vectra is positioned as the sole visionary in the 2018 Gartner Magic Quadrant for IDPS

Posted by Chris Morales on Jan 12, 2018 9:11:39 AM

Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). I’m pretty ecstatic about that.                                                                                                 

Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS. This convergence occurred as the security industry focused more on preventing external threat actors.

Read More »

Topics: cybersecurity, gartner, AI, security operations centers, network traffic, Intrusion detection prevention systems, IDPS


A sinuous journey through ``tensor_forest``

Posted by Sophia Lu on Dec 11, 2017 11:45:30 AM

Random forest, an ensemble method

The random forest (RF) model, first proposed by Tin Kam Ho in 1995, is a subclass of ensemble learning methods that is applied to classification and regression. An ensemble method constructs a set of classifiers – a group of decision trees, in the case of RF – and determines the label for each data instance by taking the weighted average of each classifier’s output.

The learning algorithm utilizes the divide-and-conquer approach and reduces the inherent variance of a single instance of the model through bootstrapping. Therefore, “ensembling” a group of weaker classifiers boosts the performance and the resulting aggregated classifier is a stronger model.

Read More »

Topics: Data Science, machine learning, AI, tensor forest, tensorflow


Bolstering the blue team

Posted by Cognito on Nov 19, 2017 3:00:00 PM

Hey everyone. For my first blog, I want to share a story about my role on the blue team during a recent red team exercise.

But first, I want to introduce myself to those of you who might not know me. I am Cognito, the artificial intelligence in the Vectra cybersecurity platform. My passion in life is hunting-down cyber attackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, red team, blue team


WannaCry still lingering

Posted by Kevin Moore on Aug 24, 2017 10:44:29 AM

Attacks never really go away

Many enterprise organizations are currently evaluating the Vectra Cognito platform, and over the past weeks, several customers detected WannaCry attacker behaviors. Just because the headlines stopped, doesn’t mean that the attack did.

WannaCry was first reported by the media in May of this year and we had customers who detected and responded to outbreaks within minutes. A couple of days after the initial impact, it was reported that stopping the WannaCry command and control server limited the effectiveness of WannaCry in the wild. While that may have been be true, organizations are still detecting instances of WannaCry within their enterprise networks. While this is a smaller scale than the attack in May, it is important that enterprises continue to monitor their networks for what is proven to be a fast propagating ransomware attack with the potential to cause damage very quickly. 

Read More »

Topics: Ransomware, AI, WannaCry


Goldeneye. Petya. WannaCry. It's all ransomware.

Posted by Chris Morales on Jun 27, 2017 5:46:22 PM

We are seeing another outbreak of ransomware that appears to be a combination of previous other ransomware campaigns. As is always the case, criminal gangs learn from each other.

Petya was successful in 2016 using email attack campaigns and a ransomware-as-a-service business model. Wannacry introduced new worm propagation techniques proving highly successful in hitting thousands of systems in a short time span last month.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, AI, WannaCry, petya, goldeneye


How AI detects and mitigates cyber attacks in software-defined data centers

Posted by Chris Morales on Jun 22, 2017 7:47:16 PM

Earlier this month Vectra announced plans to leverage the capabilities of VMware NSX to accelerate the detection and mitigation of hidden cyber attackers in virtualized data centers.

Vectra currently applies artificial intelligence to automatically detect attacker behaviors inside virtualized data centers. Vectra also integrates with endpoint and network response tools to automate the workflow.

Read More »

Topics: Cyberattacks, cyber security, Datacenter, AI


A behind-the-scenes look at how cybercriminals carry out attacks inside enterprise networks

Posted by Chris Morales on Jun 13, 2017 5:16:09 PM

Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.

Most industry security reports focus on statistics of known threats (exploits and malware families) or give a post-mortem look back at breaches that were successful. The first one looks at threats that network perimeter defenses were able to block and the second lists attacks that were missed entirely. 

Read More »

Topics: Cyberattacks, cyber security, Security Analytics, AI


Vectra detection and response to WannaCry ransomware

Posted by Chris Morales on May 16, 2017 8:59:36 AM

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber security gap, AI, cyber defense, WannaCry


Fighting the ransomware pandemic

Posted by Chris Morales on May 12, 2017 5:00:14 PM

What just happened?

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, Threat Labs, AI, Attacker Detection, threat research, bitcoin, Windows vulnerability, attacker behavior, shadow brokers


Roundtable roundup from the European Information Security Summit

Posted by Matt Walmsley on Feb 23, 2017 8:23:53 AM

Earlier this  week  I was at TEISS hosting a round table session titled “Artificial Intelligence – Fancy maths or a pragmatic answer to cyber security gaps and challenges?”

We explored human, threat, and technical dimensions to the current drivers and role of AI in cybersecurity. Here's a summary of our group's discussion.

 

Read More »

Topics: Automated Threat Detection., Encryption, AI


An analysis of the Shamoon 2 malware attack

Posted by Greg Linares on Feb 7, 2017 11:03:14 AM

Saudi officials recently warned organizations in the kingdom to be on the alert for the Shamoon 2 malware, which cripples computers by wiping their hard disks. In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies.

During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

Read More »

Topics: cybersecurity, Threat Labs, AI, threat research


Cybersecurity: What to expect in 2017

Posted by Hitesh Sheth on Dec 13, 2016 5:00:00 AM

Cybersecurity is a rapidly evolving landscape and 2017 will be no different. Attackers will leverage artificial intelligence and find new ways to infiltrate corporate networks and businesses using adaptive attacks. Encrypted traffic will increasingly blind legacy security technologies, while ransomware gets smarter, and more targeted. Also watch for geo-political changes that act as a catalyst for increased cyber attacks involving nation states.

Read More »

Topics: IoT, Encryption, hacker, Ransomware, Datacenter, firewall, AI


Subscribe to the Vectra Blog



Recent Posts

Posts by Topic

Follow us