Company

Blogs

Attackers can use your admin tools to spy, spread, and steal

Posted by Cognito on Jan 26, 2018 10:32:23 AM

In my last blog, I spoke about a financial customer performing pen testing and how I helped the blue team detect the red team as it carried-out an attack. I’m back again today with another story from the trenches.

This time, I’ve been working with a customer in the manufacturing sector who recently deployed me. As before, this customer prefers to remain anonymous to keep cybercriminals in the dark about their newly developed security capabilities. To stay on top of their game, they routinely run red team exercises.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, attacker behavior, red team, blue team


Vectra is positioned as the sole visionary in the 2018 Gartner Magic Quadrant for IDPS

Posted by Chris Morales on Jan 12, 2018 9:11:39 AM

Vectra® was recently positioned as the sole Visionary in the Gartner 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS). I’m pretty ecstatic about that.                                                                                                 

Over the years, intrusion detection systems (IDS) have converged with intrusion prevention systems (IPS) and the two are now known collectively as IDPS. This convergence occurred as the security industry focused more on preventing external threat actors.

Read More »

Topics: cybersecurity, gartner, AI, security operations centers, network traffic, Intrusion detection prevention systems, IDPS


BGP hijackers: “This traffic is going to Russia!”

Posted by Chris Morales on Dec 14, 2017 2:11:27 PM

Traffic sent to and from major internet sites was briefly rerouted to an ISP in Russia by an unknown party. The likely precursor of an attack, researchers describe the Dec. 13 event as suspicious and intentional.

According to BGPMON, which detected the event, starting at 04:43 (UTC) 80 prefixes normally announced by several organizations were detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

Read More »

Topics: cybersecurity, Encryption, internet traffic, tls, BGP hijack, russia, HTTPS, network traffic, espionage, ssl, BGP


The imminent threat against industrial control systems

Posted by Chris Morales on Nov 30, 2017 10:03:34 AM

The United States has not been the victim of a paralyzing cyber-attack on critical infrastructure like the one that occurred in the Ukraine in 2015. That attack disabled the Ukrainian power grid, leaving more than 700,000 people helpless.

But the United States has had its share of smaller attacks against critical infrastructure. Most of these attacks targeted industrial control systems (ICS) and the engineering personnel who have privileged access.

Read More »

Topics: Cyberattacks, IoT, cybersecurity, industrial control systems, critical infrastructure


Bolstering the blue team

Posted by Cognito on Nov 19, 2017 3:00:00 PM

Hey everyone. For my first blog, I want to share a story about my role on the blue team during a recent red team exercise.

But first, I want to introduce myself to those of you who might not know me. I am Cognito, the artificial intelligence in the Vectra cybersecurity platform. My passion in life is hunting-down cyber attackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, red team, blue team


Fatal SIEM flaw: No body, no murder

Posted by Mike Banic, VP of Marketing on Nov 7, 2017 9:43:07 AM

Over lunch last week, a customer who recently deploy our Cognito™ platform told me that his SIEM sales person said “We can do what Vectra does with our analytics package. I simply looked at him and said, “No body, no murder – no they can’t.”

He was puzzled, so I explained. 

Read More »

Topics: Cyberattacks, network security, cybersecurity, logs, security analyst, siems


Security that thinks is now thinking deeply

Posted by Jacob Sendowski on Apr 26, 2017 8:05:42 AM

Whether the task is driving a nail, fastening a screw, or detecting a hidden HTTP tunnel, it pays to have the right tool for the job. The wrong tool can increase the time to accomplish a task, waste valuable resources, or worse. Leveraging the power of machine learning is no different.

Vectra has adopted the philosophy of implementing the most optimal machine learning tool for each attacker behavior detection algorithm. Each method has its own strengths.

Read More »

Topics: machine learning, cybersecurity, deep learning


An analysis of the Shamoon 2 malware attack

Posted by Greg Linares on Feb 7, 2017 11:03:14 AM

Saudi officials recently warned organizations in the kingdom to be on the alert for the Shamoon 2 malware, which cripples computers by wiping their hard disks. In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies.

During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

Read More »

Topics: cybersecurity, Threat Labs, AI, threat research


What’s an adaptive security architecture and why do you need it?

Posted by Mike Banic, VP of Marketing on Feb 1, 2017 5:13:09 PM

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls.

But as we now know, and industry research firms have stated, they aren’t enough to adequately deal with today’s threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

Read More »

Topics: Cyberattacks, network security, cybersecurity, security architecture, gartner


Our focus on Russian hacking obscures the real problem

Posted by Hitesh Sheth on Jan 18, 2017 4:25:34 PM

This blog was originally published on The Hill.

If I didn’t deal daily with the mechanics of cybersecurity, I might be captivated by Washington’s focus on whether the Russians penetrated the Democratic National Committee and why they did it. As a citizen, I follow politics and geopolitics, too.

But here’s what bothers me:

The hacking tools identified by the FBI and Department of Homeland Security are freely available on the internet. The Russians can use them. So can the Iranians, the Chinese, the North Koreans and any other nation-state which wants to penetrate the networks that serve our political parties and government. There is nothing special or even uniquely “Russian” about them. And they often work.

I am not surprised that such common tools are employed against us. We should expect it. In the cybersecurity business we know the focus should be on our ineffective defense, rather than on finding the guilty country.

Whoever got inside the DNC networks had seven months to plumb about, pilfer embarrassing material, package it for shipping and make off with it, all without detection. The DNC had no way to detect the penetration while it was happening.

Why not? After all, the technology to spot and interrupt hacking while it is in progress exists. We can literally watch hackers and their tools move around inside our networks, probing our vulnerabilities, locating our most sensitive data and setting up private tunnels to take it out of our systems. 

Read More »

Topics: cyber security, cybersecurity, hacker, hacking, cyber defense


Subscribe to the Vectra Blog



Recent Posts

Posts by Topic

see all

Follow us