Blog

Giving incident responders deeper context about what happened

Posted by Cognito on Jun 4, 2018 9:54:43 AM

If you’re joining me for the first time, I want to introduce myself. I am Cognito, the AI cybersecurity platform from Vectra. My passion is hunting-down cyberattackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you’re an analyst, you probably have some incredible skills but are being held back by tedious, manual work.

Read More »

Topics: Malware Attacks, Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection


The alarming surge in cryptocurrency mining on college campuses

Posted by Chris Morales on Mar 29, 2018 12:01:00 AM

While ransomware attacks like NotPetya and WannaCry were making headlines (and money) in 2017, cryptocurrency mining was quietly gaining strength as the heir apparent when it comes to opportunistic behaviors for monetary gain.

Read More »

Topics: Cyberattacks, cybersecurity, bitcoin, cryptojacking, cryptocurrency


Attackers can use your admin tools to spy, spread, and steal

Posted by Cognito on Jan 26, 2018 10:32:23 AM

In my last blog, I spoke about a financial customer performing pen testing and how I helped the blue team detect the red team as it carried-out an attack. I’m back again today with another story from the trenches.

This time, I’ve been working with a customer in the manufacturing sector who recently deployed me. As before, this customer prefers to remain anonymous to keep cybercriminals in the dark about their newly developed security capabilities. To stay on top of their game, they routinely run red team exercises.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, attacker behavior, red team, blue team


The imminent threat against industrial control systems

Posted by Chris Morales on Nov 30, 2017 10:03:34 AM

The United States has not been the victim of a paralyzing cyber-attack on critical infrastructure like the one that occurred in the Ukraine in 2015. That attack disabled the Ukrainian power grid, leaving more than 700,000 people helpless.

But the United States has had its share of smaller attacks against critical infrastructure. Most of these attacks targeted industrial control systems (ICS) and the engineering personnel who have privileged access.

Read More »

Topics: Cyberattacks, IoT, cybersecurity, industrial control systems, critical infrastructure


Bolstering the blue team

Posted by Cognito on Nov 19, 2017 3:00:00 PM

Hey everyone. For my first blog, I want to share a story about my role on the blue team during a recent red team exercise.

But first, I want to introduce myself to those of you who might not know me. I am Cognito, the artificial intelligence in the Vectra cybersecurity platform. My passion in life is hunting-down cyber attackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, red team, blue team


Fatal SIEM flaw: No body, no murder

Posted by Mike Banic, VP of Marketing on Nov 7, 2017 9:43:07 AM

Over lunch last week, a customer who recently deploy our Cognito™ platform told me that his SIEM sales person said “We can do what Vectra does with our analytics package. I simply looked at him and said, “No body, no murder – no they can’t.”

He was puzzled, so I explained. 

Read More »

Topics: Cyberattacks, network security, cybersecurity, logs, security analyst, siems


Better together: Tight integration between endpoint and network security can stop attacks faster

Posted by Kevin Kennedy on Sep 20, 2017 11:03:56 AM

Many security teams are overwhelmed with the scale and ferociousness of digital threats. Threats are sneakier and more damaging, and security operations centers (SOCs) are being worn down investigating and stomping out incidents.

Read More »

Topics: Cyberattacks, cyber security, network security, endpoint, security operation centers


Goldeneye. Petya. WannaCry. It's all ransomware.

Posted by Chris Morales on Jun 27, 2017 5:46:22 PM

We are seeing another outbreak of ransomware that appears to be a combination of previous other ransomware campaigns. As is always the case, criminal gangs learn from each other.

Petya was successful in 2016 using email attack campaigns and a ransomware-as-a-service business model. Wannacry introduced new worm propagation techniques proving highly successful in hitting thousands of systems in a short time span last month.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, AI, WannaCry, petya, goldeneye


How AI detects and mitigates cyber attacks in software-defined data centers

Posted by Chris Morales on Jun 22, 2017 7:47:16 PM

Earlier this month Vectra announced plans to leverage the capabilities of VMware NSX to accelerate the detection and mitigation of hidden cyber attackers in virtualized data centers.

Vectra currently applies artificial intelligence to automatically detect attacker behaviors inside virtualized data centers. Vectra also integrates with endpoint and network response tools to automate the workflow.

Read More »

Topics: Cyberattacks, cyber security, Datacenter, AI


A behind-the-scenes look at how cybercriminals carry out attacks inside enterprise networks

Posted by Chris Morales on Jun 13, 2017 5:16:09 PM

Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.

Most industry security reports focus on statistics of known threats (exploits and malware families) or give a post-mortem look back at breaches that were successful. The first one looks at threats that network perimeter defenses were able to block and the second lists attacks that were missed entirely. 

Read More »

Topics: Cyberattacks, cyber security, Security Analytics, AI


Vectra detection and response to WannaCry ransomware

Posted by Chris Morales on May 16, 2017 8:59:36 AM

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber security gap, AI, cyber defense, WannaCry


Fighting the ransomware pandemic

Posted by Chris Morales on May 12, 2017 5:00:14 PM

What just happened?

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, Threat Labs, AI, Attacker Detection, threat research, bitcoin, Windows vulnerability, attacker behavior, shadow brokers


How to win the cybersecurity battle in healthcare

Posted by Chris Morales on May 3, 2017 6:11:22 PM

Risky business

There is some startling data in the 2017 Verizon Data Breach Investigation Report. What stood out to me as most concerning is that more breaches occurred in healthcare this year than last year. After reviewing the report, I see three key trends.

  1. The real threat is already inside healthcare networks in the form of privileged access misuse
  2. When healthcare organizations are hit from the outside, it is usually ransomware extorting them for money
  3. The growth in healthcare IoT is overwhelming and dangerous
Read More »

Topics: Cyberattacks, artificial intelligence


The existential threat of IP theft

Posted by Kevin Kennedy on Apr 19, 2017 5:41:26 PM

Confusion reigns on the origin of the term "bullseye." Some say it started when English archers showed off their accuracy by shooting arrows through the empty eye socket of a bull skull. Others contend it was a reference to a blemish in the center of a glass window pane.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber defense, intellectual property


Stealthy ransomware: Extortion evolves

Posted by Kevin Kennedy on Mar 29, 2017 11:22:31 AM

It seems like a new variant or victim of ransomware is in the news every day. It’s newsworthy because it works so well and causes widespread destruction.

So when the recent wave of stories hit about PetrWrap, a variation of the widely known Petya ransomware strain, it was easy to miss the significance. The “no-honor-among-thieves” narrative crowded out its true importance.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber defense


Don't let your cybersecurity vendor leave you vulnerable

Posted by Chris Morales on Mar 23, 2017 12:57:20 PM

The U.S. Computer Emergency Readiness Team (US-Cert) issued a warning last week stating HTTPS interception weakens TLS security. As the use of encryption for privacy has increased, the security industry has responded by intercepting and decrypting SSL sessions to perform deep-packet inspection (DPI).

Read More »

Topics: Cyberattacks, SSL Encryption, cyber security, security architecture


The love-hate relationship with SIEMs

Posted by Hitesh Sheth on Mar 7, 2017 12:00:14 PM

This blog was originally published on LinkedIn.

To know SIEM is to love it. And hate it.

Security information and event management (SIEM) is a ubiquitous cybersecurity tool. It’s used by probably every security analyst who works in a security operations center (SOC).

Read More »

Topics: Cyberattacks, cyber security, SIEM


What’s an adaptive security architecture and why do you need it?

Posted by Mike Banic, VP of Marketing on Feb 1, 2017 5:13:09 PM

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls.

But as we now know, and industry research firms have stated, they aren’t enough to adequately deal with today’s threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

Read More »

Topics: Cyberattacks, network security, cybersecurity, security architecture, gartner


Bringing attack detections to the data center

Posted by Wade Williamson on Sep 12, 2016 11:59:00 PM

In extending the Vectra cybersecurity platform to enterprise data centers and public clouds, we wanted to do more than simply port the existing product into a virtualized environment. So, Vectra security researchers, data scientists, and developers started with a fresh sheet of paper to address the real-world challenges and threats that are unique to the enterprise data centers and clouds.

 

Visibility and intelligence that spans the enterprise

First, it was important to remember that the data center can be both integrally connected, yet in some ways separated from the physical enterprise. For example, attacks can spread from the campus environment to the data center environment, and security teams absolutely need to know how these events are connected. On the other hand, 80% of data center traffic never leaves the data center, making it invisible to traditional security controls.

Read More »

Topics: Cyberattacks, cybersecurity, Data Center


Time to update how we manage and address malware infections

Posted by Mike Banic, VP of Marketing on Jun 28, 2016 9:00:00 AM

Network-based malware detection addresses increasing complexity in the malware ecosystem but doesn’t make attribution a key priority.

Conventional wisdom about malware infection paints a picture that hapless users click on something they shouldn’t, that in turn takes their Web browsers to a drive-by-download website. It then exploits a vulnerability to install a botnet agent that eventually steals all their personal data and uploads it to cybercriminals in another country.

That conventional wisdom isn’t completely wrong, but it needs some serious updating. Today’s malware infections are more typically multi-stage events, wherein a user visits a favorite website with a banner advertisement supplied by a third-party ad network that was supplied by an affiliate ad network.

Read More »

Topics: Cyberattacks, network security, cybersecurity


Apple vs. the FBI: Some points to consider

Posted by Günter Ollmann on Feb 17, 2016 4:30:00 PM

In light of Apple’s response to the FBI’s request to gain access to San Bernardino shooter Syed Farook’s iPhone, I thought I would share some of my thoughts on this. It appears that there is some confusion in the connection of this request from the FBI with the bigger government debate on providing backdoors and encryption.

Let me attempt to break this down a little in the hopes of clearing some of that confusion:

  • Apple has positioned the request from the FBI to be a request to install a “backdoor” in their product. This is not correct. The FBI request is pretty specific and is not asking for a universal key or backdoor to Apple products.
  • The FBI request should be interpreted as a lawful request to Apple to help construct a forensics recovery tool for a specific product with a unique serial number.
  • The phone in question is an Apple 5C, and the method of access requested by the FBI is actually an exploitation of a security vulnerability in this (older) product. The vulnerability does not exist in the current generation of Apple iPhones. 
Read More »

Topics: Cyberattacks, network security, cybersecurity


The Chocolate Sprinkles of InfoSec

Posted by Günter Ollmann on Feb 2, 2016 10:30:33 AM

In the rapidly expanding world of threat intelligence, avalanches of static lists combine with cascades of streaming data to be molded by evermore sophisticated analytics engines the output of which are finally presented in a dazzling array of eye-candy graphs and interactive displays. 

For many of those charged with securing their corporate systems and online presence, the pressure continues to grow for them to figure out some way to incorporate this glitzy wealth of intelligence into tangible and actionable knowledge. 

Read More »

Topics: Cyberattacks, IDS, network security, cybersecurity


Who is watching your security technology?

Posted by Günter Ollmann on Jan 28, 2016 12:00:00 PM

It seems that this last holiday season didn’t bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance.

It’s not the first time that products from major security vendors have been found wanting. 

It feels as though some vendor’s host-based security defenses fail on a monthly basis, while network defense appliances fail less frequently – maybe twice per year. At least that’s what a general perusal of press coverage may lead you to believe. However, the reality is quite different. Most security vendors fix and patch security weaknesses on a monthly basis. Generally, the issues are ones that they themselves have identified (through internal SDL processes or the use of third-party code reviews and assessment) or they are issues identified by customers. And, every so often, critical security flaws will be “dropped” on the vendor by an independent researcher or security company that need to be fixed quickly. 

Read More »

Topics: Cyberattacks, network security, cybersecurity


Blocking Shodan

Posted by Günter Ollmann on Jan 20, 2016 9:30:00 AM

The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren’t probing your network, then they’re diligently recording and cataloguing everything they’ve found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other.

Read More »

Topics: Cyberattacks, IoT, cybersecurity


Cybersecurity in 2016: A look ahead

Posted by Hitesh Sheth on Jan 6, 2016 8:58:31 AM

Cybersecurity is a rapidly evolving landscape and this new year will be no different. Attackers will come up with new ways to infiltrate corporate networks and businesses, security vendors will be tasked with staying ahead of them, and governments will talk a lot, yet do very little. Here are some of the ways we see the industry changing shape over the course of 2016: 

Sandboxing will lose its luster and join the ranks of anti-virus signatures.
Anti-malware sandboxing has generated high-flying IPOs and grown to over $1 billion in annual spend. But in 2016, it’ll plummet back to Earth, as organizations realize that malware evades sandboxes as easily as anti-virus signatures. 
Read More »

Topics: Cyberattacks, cybersecurity


A revolutionary new approach to detecting malicious covert communications

Posted by Wade Williamson on Oct 28, 2015 9:42:05 AM

Today’s cyber attackers are patient, as they infiltrate and steadily persist within an organization’s network over time. These long-term attacks require ongoing communication to orchestrate the various phases of attack.

By understanding how attackers conceal their communications, we can rob attackers of the persistence and coordination that makes modern attacks so successful.

Read More »

Topics: Cyberattacks, Covert Communications


The industry needs a real alternative to signatures

Posted by Wade Williamson on Sep 9, 2015 10:20:00 AM

For years, security professionals have become increasingly aware of the limitations of signatures. And yet for all this awareness, the industry is still focused on making signatures faster instead of addressing the fundamental problem.

Threat feeds deliver signatures faster and faster and malware sandboxes generate new signatures for newly discovered malware. Nonetheless, attackers continue to evade them and are wining at an ever-increasing rate.

Read More »

Topics: Cyberattacks, Signatures


Is your thermostat spying? Cyberthreats and the Internet of Things

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Jul 13, 2015 10:22:27 AM

The Internet of Things (IoT) is beginning to have a huge impact on our daily lives, and it will grow by orders of magnitude. However, the multitude of IoT devices with zero, limited or outdated security could produce disastrous results. It will be a formidable task to secure every small IoT device or toy. Security solutions that watch device behavior and identify anomalies might be our only hope.

The IoT is on the rise...

The genesis of IoT goes back to the early ’90s when PARC chief scientist Mark Weiser came up with the vision of Ubiquitous Computing and Calm Technology. In this vision, computing becomes “your quiet, invisible servant” and disappears from conscious actions and the environment of the user.

Read More »

Topics: Cyberattacks


Think outside the sandbox

Posted by Jerish Parapurath on Jul 8, 2015 2:31:12 PM

As cyber attacks increase in frequency and complexity, organizations continue to invest in prevention-centric technologies to secure their network perimeter. However, prevention-centric technologies are less than prefect. They protect networks from known threats using a combination of security rules, signatures and reputation lists.

A critical component of today’s network perimeter security is the file-based sandboxThey were created to analyze suspicious files on isolated hosts – many with different operating systems – in a contained environment.

Read More »

Topics: Malware Attacks, Cyberattacks, Automated Breach Detection


What cyber threats are lurking about in your network?

Posted by Wade Williamson on Jun 23, 2015 5:00:00 AM

Today, Vectra Networks published its second edition Post-Intrusion Report that offers a first-hand look at modern threats that get past perimeter security and spread inside the network.

In the latest report, we analyzed behaviors and techniques across the entire lifecycle of real-world cyber attacks. We also looked back and saw alarming changes in the threat landscape and observed emerging trends in attack techniques.

Read More »

Topics: Cyberattacks, Post Breach Detection, Tor, cyber security


Duqu: The Sequel

Posted by Wade Williamson on Jun 12, 2015 12:54:00 PM

Doqu_2.0_Wade_Williamson_Blog_Image_Recently, Kasperky Labs disclosed that it was the victim of a sophisticated cyber attack, which they have named Duqu 2.0. The team at Kaspersky Labs has published a detailed analysis of Duqu 2.0 and it’s definitely worth a read.

The original Duqu threat actor was a family of malware that most researchers believe was created by a nation-state and it’s related to the infamous Stuxnet worm. While Stuxnet was used to damage centrifuges used to enrich uranium, the original Duqu appeared more intent on surveillance and collecting information within a compromised network.

Read More »

Topics: Cyberattacks, cyber security


Cyber Attackers Are Digital Termites

Posted by Mike Banic, VP of Marketing on Mar 1, 2015 9:00:00 AM

Each of the publicized breaches over the past 15 months have been followed by the same question: “How did these attackers go undetected for several weeks or months?” The 80 million Americans covered by Anthem, whose personally identifiable information (PII) was stolen, are now asking this very question.

Let me liken this attack to a recent experience in my own life. After finding a small pile of what looked like sawdust on our hardwood floor of our guest room, it was like the “oh-crap” moment a CXO experiences when a 3-letter agency informs them that their organization’s crown jewels have been discovered in Kazakhstan. “Oh crap, we have termites.” Just like Sony Entertainment called in the FBI or Anthem called in a forensics agency, we called the termite guy.

Read More »

Topics: Cyberattacks


The Carbanak APT - Redefining Banking Malware

Posted by Wade Williamson on Feb 19, 2015 3:00:00 PM

Recent research from Kaspersky has revealed a massive criminal campaign that was able to infiltrate more than 100 different banks and steal upwards of $1 billion from the affected institutions. Kaspersky dubbed this operation the Carbanak APT due to a connection between the malware used in the attacks and the now infamous Carberp banking botnet.

Read More »

Topics: Malware Attacks, Cyberattacks, Finance


The Anthem Breach and Security Going Forward

Posted by Wade Williamson on Feb 6, 2015 3:52:00 PM


Yesterday Anthem became the latest company to suffer a massive, high-profile data breach that almost certainly will become the largest data breach to date in the healthcare industry. Attackers were able to infiltrate the network and steal personal information for over 80 million customers. The stolen data included a variety of Personally Identifiable Information (PII) including Social Security numbers, contact details as well as employment and income information.

This is a particularly dangerous combination of data that is worth significantly more on the black market than stolen credit card numbers. Unlike a credit card, which can be easily cancelled and replaced, a full identity can be used for long-term fraud such as taking out loans in the victim’s name. Employment information is particularly sought after when selling an identity. The one silver lining is that it does not appear that medical records and other Personal Health Information (PHI) were exposed in the breach.

Read More »

Topics: Targeted Attacks, Cyberattacks


Morgan Stanley Meets the Insider Threat

Posted by Wade Williamson on Jan 6, 2015 1:58:00 PM

Earlier today news broke that financial services firm Morgan Stanley had experienced an insider breach, which resulted in customer data being posted online. The breach was initially detected when data related to a portion of the firm’s wealth management clients was observed on Pastebin. Pastebin is a popular site for sharing text-based data, and while it is widely used for sharing code between developers, it has also long been a thriving marketplace for advertising and selling stolen data for everything from compromised user accounts, cracked passwords, credit card numbers, and in this case account data.

Read More »

Topics: Cyberattacks, Insider Threats


Applying Vectra to the Regin Malware

Posted by Wade Williamson on Dec 3, 2014 7:20:18 AM

Researchers at Symantec have recently disclosed the presence of a highly sophisticated malware platform known as ‘Regin’. This new strain of malware instantly joins Stuxnet, Flame, and Duqu on the list of some of the most advanced malware ever seen. And like the other members of this elite state-sponsored fraternity, Regin malware appears to be purpose-built for espionage with the ability to quietly infect, spread, and persist within a target network for long periods of time.

Read More »

Topics: Malware Attacks, Cyberattacks, Nation-State Attacks


Vectra detections will enable Juniper to block cyberattacks via API

Posted by Mike Banic, VP of Marketing on Sep 9, 2014 11:37:00 AM

Vectra detections will enable Juniper to block cyberattacks via API
Today, Vectra Networks participated in Juniper Networks announcement on the expansion of Spotlight Secure threat intelligence platform. Part of the technology expansion includes an open API that enables the Vectra X-series to communicate detection of in-progress cyber attacks to Juniper’s Spotlight Secure platform.

The integration enabled by this open API delivers three important benefits:

  • The ability to block the attack;
  • A single pane of glass; and
  • The flexibility and choice to deploy best-of-breed solutions
Read More »

Topics: Cyberattacks


Subscribe to the Vectra Blog



Recent Posts

Posts by Topic

Follow us