Company

Blogs

Bolstering the blue team

Posted by Cognito on Nov 19, 2017 3:00:00 PM

Hey everyone. For my first blog, I want to share a story about my role on the blue team during a recent red team exercise.

But first, I want to introduce myself to those of you who might not know me. I am Cognito, the artificial intelligence in the Vectra cybersecurity platform. My passion in life is hunting-down cyber attackers – whether they’re hiding in data centers and cloud workloads or user and IoT devices.

Read More »

Topics: Cyberattacks, IoT, network security, cybersecurity, Data Center, cloud, AI, Threat Detection, red team, blue team


The good, the bad and the anomaly

Posted by Hitesh Sheth on Nov 8, 2017 10:57:20 AM

This blog was originally published on LinkedIn.

The security industry is rampant with vendors peddling anomaly detection as the cure all for cyber attacks. This is grossly misleading.

The problem is that anomaly detection over-generalizes: All normal behavior is good; all anomalous behavior is bad – without considering gradations and context. With anomaly detection, the distinction between user behaviors and attacker behaviors is nebulous, even though they are fundamentally different.

Read More »

Topics: cyber security, network security, artificial intelligence, Threat Detection, anomaly detection


Fatal SIEM flaw: No body, no murder

Posted by Mike Banic, VP of Marketing on Nov 7, 2017 9:43:07 AM

Over lunch last week, a customer who recently deploy our Cognito™ platform told me that his SIEM sales person said “We can do what Vectra does with our analytics package. I simply looked at him and said, “No body, no murder – no they can’t.”

He was puzzled, so I explained. 

Read More »

Topics: Cyberattacks, network security, cybersecurity, logs, security analyst, siems


Better together: Tight integration between endpoint and network security can stop attacks faster

Posted by Kevin Kennedy on Sep 20, 2017 11:03:56 AM

Many security teams are overwhelmed with the scale and ferociousness of digital threats. Threats are sneakier and more damaging, and security operations centers (SOCs) are being worn down investigating and stomping out incidents.

Read More »

Topics: Cyberattacks, cyber security, network security, endpoint, security operation centers


Why it's okay to be underwhelmed by Cisco ETA

Posted by Oliver Tavakoli, CTO, Vectra Networks on Jun 26, 2017 3:59:54 PM

Cisco recently announced the term “intent-based networking” in a press release that pushes the idea that networks need to be more intuitive. One element of that intuition is for networks to be more secure without requiring a lot of heavy lifting by local network security professionals. And a featured part of that strategy is Cisco ETA: 

"Cisco's Encrypted Traffic Analytics solves a network security challenge previously thought to be unsolvable," said David Goeckeler, senior vice president and general manager of networking and security. "ETA uses Cisco's Talos cyber intelligence to detect known attack signatures even in encrypted traffic, helping to ensure security while maintaining privacy."

Read More »

Topics: machine learning, network security, external remote access


Don't blow your IT security budget on flow analysis

Posted by Hitesh Sheth on Apr 10, 2017 9:23:04 AM

This blog was originally published on LinkedIn.

Vendors who are trapped in a time warp often tout traffic flow analysis as a great way to detect and analyze behavior anomalies inside networks. I have a problem with that because it’s decades-old technology dressed in a new suit. 

Read More »

Topics: cyber security, network security, artificial intelligence


What’s an adaptive security architecture and why do you need it?

Posted by Mike Banic, VP of Marketing on Feb 1, 2017 5:13:09 PM

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls.

But as we now know, and industry research firms have stated, they aren’t enough to adequately deal with today’s threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

Read More »

Topics: Cyberattacks, network security, cybersecurity, security architecture, gartner


Accelerating action: New technology partnerships help customers bridge the cybersecurity gap

Posted by Kevin Kennedy on Aug 4, 2016 8:00:00 AM


“Without knowledge, action is useless, and knowledge without action is futile.”  -Abu Bakr

Read More »

Topics: network security, cybersecurity


Time to update how we manage and address malware infections

Posted by Mike Banic, VP of Marketing on Jun 28, 2016 9:00:00 AM

Network-based malware detection addresses increasing complexity in the malware ecosystem but doesn’t make attribution a key priority.

Conventional wisdom about malware infection paints a picture that hapless users click on something they shouldn’t, that in turn takes their Web browsers to a drive-by-download website. It then exploits a vulnerability to install a botnet agent that eventually steals all their personal data and uploads it to cybercriminals in another country.

That conventional wisdom isn’t completely wrong, but it needs some serious updating. Today’s malware infections are more typically multi-stage events, wherein a user visits a favorite website with a banner advertisement supplied by a third-party ad network that was supplied by an affiliate ad network.

Read More »

Topics: Cyberattacks, network security, cybersecurity


Apple vs. the FBI: Some points to consider

Posted by Günter Ollmann on Feb 17, 2016 4:30:00 PM

In light of Apple’s response to the FBI’s request to gain access to San Bernardino shooter Syed Farook’s iPhone, I thought I would share some of my thoughts on this. It appears that there is some confusion in the connection of this request from the FBI with the bigger government debate on providing backdoors and encryption.

Let me attempt to break this down a little in the hopes of clearing some of that confusion:

  • Apple has positioned the request from the FBI to be a request to install a “backdoor” in their product. This is not correct. The FBI request is pretty specific and is not asking for a universal key or backdoor to Apple products.
  • The FBI request should be interpreted as a lawful request to Apple to help construct a forensics recovery tool for a specific product with a unique serial number.
  • The phone in question is an Apple 5C, and the method of access requested by the FBI is actually an exploitation of a security vulnerability in this (older) product. The vulnerability does not exist in the current generation of Apple iPhones. 
Read More »

Topics: Cyberattacks, network security, cybersecurity


Subscribe to the Vectra Blog



Recent Posts

Posts by Topic

Follow us