Welcome to the Vectra Blog

When a physical threat presents itself, most people will implement protection mechanisms. When warned of an impending hurricane, people will naturally board up their property and take cover. This behavior is conditioned, but why doesn't that conditioning extend to enterprise security programs?

With KPMG's guidance and Vectra's technology, organizations can achieve greater visibility into their security posture, reduce risk and reassure the protection of their critical data.

In this blog, we'll examine known threats aimed at hybrid cloud environments and where you might be able to catch them before they become an issue.

Through harnessing Vectra's Security AI-driven Attack Signal Intelligence (ASI) for cloud, SecOps teams can continuously monitor and uncover sophisticated threats across their SaaS and cloud environments in real-time.

2022 brought a surplus of geopolitical drama and the world's first full-on cyberwar. What comes next? Here's an educated estimate.

Explore key cybersecurity predictions for 2023, including talent recruitment, nation-state threats, software labeling trends, and quantum computing challenges.

Modern cyber threats are increasingly evasive and difficult to detect. Vectra offers a new AI-driven solution: Attack Signal Intelligence.

When we enter our names, addresses, phone numbers, emails and credit card info - personally identifiable information (PII) - whose job is it to make sure that the information remains safe and not in the wrong hands? The retailer? The consumer?

Ransomware is a common type of cyber attack that may target individuals and businesses alike. Device users of any kind must be aware of the different types of ransomware attacks and how to prevent them.

Cyberattacks are still on the rise. Learn more about the problem of preventive cybersecurity and what needs to be changed.

On November 1st 2022, after teasing the main show the week before, OpenSSL released their advisory describing two risks to OpenSSL 3.0.0 - 3.0.6. This was originally teased as a Critical level alert, which would have been the first Critical since 2015, however this was downgraded to a High owing to what OpenSSL describe as "mitigating factors".

Vectra SaaS CTO, Aaron Turner shares how to fix overwhelming security alerts that can cause your SOC team to miss critical threats. See how.

Cyber threat actors come in a variety of forms. Though they result in unwanted damage, their tactics, goals, and methods of attack differ. Avoiding being a victim begins with understanding the types of cybercriminals, their behaviors, goals, and motivations.

Last week I attended the Gartner Security and Risk Summit in London. The theme of the summit was Accelerating the Evolution of Security: Reframe and Simplify. From the very first keynote, Gartner laid down the gauntlet. "Change is needed and we must stop doing what we have always done and start learning from our mistakes." It is this very sentiment that set the tone for the show.

Native integration delivers Vectra's patented Security AI to CrowdStrike XDR, so joint customers can find attacker behaviors across public cloud, SaaS, identity, and networks from a single interface.

In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in. Attackers do not require elevated permissions to read these files, which exposes this concern to any attack that provides malicious actors with local or remote system access.

What value is there in detecting malicious actors if the detection isn't noticed? Vectra makes sure that your security operations see everything, and our updated Splunk Integration is the latest offering to help you do this.

A major apprenticeship program from the US government could fill vacant cybersecurity jobs - and we're here for it.

An influential industry analyst now declares NDR has reached the Hype Cycle's "Slope of Enlightenment." Vectra had confidence all along

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

We at Vectra think that SOC teams need to focus on 3 challenges to stay ahead of cyberattacks. Coverage, Clarity Control

Discover how Vectra AI aligns with the NIST Framework to enhance your cybersecurity strategy.

If you ask security analysts to describe the biggest pain points in their role, you will no doubt get a diverse set of answers. One thing that they will almost certainly have in common is the challenge of dealing with alert fatigue.

Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) that recommends proper configuration and monitoring of PowerShell to address the recurrence of the scripting language's use in cyberattacks.

How to move cybersecurity forward? At the core of this discussion, we always find the same core values. We at Vectra live up to the 9 C's.

Most marketing messages are a cocktail of sober reality and hyperbole. Of course, the proportions may vary from season to season, from one company to the next, but hype continues to be a perpetual factor in the cybersecurity world. At Vectra, however, we are firm believers in sober reality.

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them.

Vectra's latest report on cybersecurity shows: Traditional approaches won't work anymore. Key findings are listed here.

In order to help security teams validate the effectiveness of their Azure AD security controls and stop future attacks, the Vectra platform continuously monitors user activity and reveals instances of users bypassing multi-factor authentication (MFA) and other preventative controls.

Regardless of discipline, cybersecurity professionals deal with mounting pressure each day to make the right decisions and strategically play the right hand to keep their organisations a step or two ahead of cybercriminals. It can be stressful.

The Vectra Masked CISO series gives security leaders a forum for discussing the biggest issues in security and advising their peers on how to overcome them.

We have never seen a full-on cyber conflict rage across the world's digital systems, but if the situation in Ukraine leads to such a thing, CIOs and CISOs will find themselves on the front lines. With escalation patterns uncertain and no "rules of the road" governing cyberwar, any organization risks becoming a casualty. Already, CIOs and CISOs are seeing their roles evolve and enlarge. Vectra AI CRO Willem Hendrickx discusses their transformational hour

What If there was a Supply Chain Compromise of an IDP? The recent security incident at Okta represents yet another perspective on supply chain compromises. This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.

The cloud is complex. AWS alone has over 200 services (and quickly growing). Securely configuring even a small set of these services to operate at the scale of modern organizations today creates a variety of challenges.

It's only human to focus on external threats to your well-being. This often applies to organizations and their approaches to security as well; which is why so much energy is typically put into perimeter security. Yet, this approach is antithetical to the zero-trust methodology: Organizations must also pay attention to internal-to-internal and internal-to-external traffic just as much as traffic coming in.

I want Vectra to be known also for its values, for its vision, for its people and attitude, and for its passion for making the world a safer and fairer place. In short, for our culture.

Updated perspective on cyberthreats as a result of ongoing Ukrainian/Russian conflict, including specific custom recall queries, and aggregation of common Russian state actor TTPs.

As the new reality ofthe continual dangers of cyberwar gradually sets in, organizations globally are working to harden their defenses. Most cyber-attacks are blocked by preventative safeguards. Highly motivated attackers, however, tend to find ways to get through those defenses.

While this wiper malware is new, it reuses much of the playbook employed by Russian state actors and ransomware gangs - fighting back requires us to sharpen the tools we already have.

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022.

The role of the CISO has never been clearly defined, and every CISO works differently.They are under a lot of pressure, and this leads to regular rotation of roles. The Masked CISO explains how this could be stopped if CISOs were given more autonomy and responsibility.

New Vectra CRO wants to achieve aggressive growth and continued global expansion for Vectra's leading network detection and response platform.

Dive into the intricacies of AI in cybersecurity with Vectra AI's 'Not All AI is Created Equal'. Learn about the distinction between security-led and math-led AI approaches, and discover how Vectra's unique, data-driven strategy offers superior threat detection and response capabilities, setting a new standard in AI-driven cybersecurity solutions.

Explore the real impact of AI and ML in cybersecurity with Vectra AI's blog 'The Great AI/ML Debate'. Uncover the truth behind the buzzwords and learn how AI-driven solutions can effectively counter modern security threats, including ransomware attacks.

Software attacks with an extortionist background are unfortunately becoming the norm for many companies. But what if automated anti ransomware tools could unmask malware at an early stage and combat them effectively - even before they can cause harm?<br>

As we saw with the Log4J vulnerability, cybercriminals only need a single opening to infiltrate your environment. And while another vulnerability can't be prevented, there's still a lot that can be done to make sure you're ready for the next one.

With ransomware on the rise, prevention isn’t enough. An “assume compromise” approach with advanced detection is essential. Learn why a UK insurer chose Ve

A threat-led approach is key to an organisation's security strategy. CISOs should measure security based on their ability to discover if they've been breached, mean time to breach when testing security, or the mean time to detect unknown threats.

Every year the world of cybersecurity encounters new challenges and obstacles for organisations to overcome, but 2021 managed to be an exceptionally dangerous year. So how will the lessons learnt from 2021 shape the cybersecurity landscape? Here are four areas of cybersecurity that will evolve in 2022.

Threat actors can use the Log4J vulnerability as a platform for launching attacks, but what does this mean for cloud environments? Find out exactly how attackers are exploiting this vulnerability and what this could mean for your organization.

Agile has its uses. It's increasingly being adopted as a technology wide operating model-to drive transformation everywhere, from helpdesks to datacenters. But is it always appropriate?

A few days after the Log4Shell vulnerability was discovered, we now have more observations about how the exploit is being leveraged. Here's what we know, today.

Explore the impact of the Log4j zero-day vulnerability (CVE-2021-44228), methods of detection, and the latest exploitation attempts by threat actors.

Exclusive cybersecurity research presented in a new report, details how hundreds of security leaders are addressing today's complex cyberthreats in their organisations.

Vectra has been recognized as a DeloitteTechnology Fast 500™ award winner - a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America.

Hear what Tallink, the largest shipping company operating in the Baltic Sea, says are the most valuable capabilities in an NDR solution and what you need to know when selecting one for your environment.

"Do your part" is the theme of this year's Cybersecurity Awareness Month. See what you can do right now so cyberattacks don't become a problem in your Microsoft cloud environment.

Many organizations these days face incident response challenges. Get insight about the common challenges in this area, and what your organization can do to resolve them.

Discover four key ways AI can enhance SOC efficiency by improving alert accuracy, optimizing investigations, automating threat hunting, and prioritizing high-risk threats.

Vectra Detect cybersecurity solution is purpose-built to detect and stop ransomware attacks. The agentless and AI-driven Cognito Platform sees and stops ransomware before it can encrypt files and exfiltrate data by automatically detecting attacker behavior.

Stopping ransomware requires a new way of thinking. See why you can't only rely on legacy tools to keep your organization safe, but rather how you can leverage AI to detect when this invasive threat enters your cloud.

Identify five key areas exposing your AWS deployments to security threats, including common misconfigurations, increased access risks, informal sign-offs, high-risk services, and regional investigation challenges.

Hear cloud security experts from Splunk and Vectra explain how digital transformation has drastically changed security and why organizations need to adapt.

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

As organizations continue to build on AWS with no sign of slowing down, it's important to know where the security blind spots are and how to address them.

The State of Security Report: PaaS and IaaS takes a close look at how organizations are addressing security in AWS and the challenges they face.

Discover how Microsoft and Vectra partner to deliver Zero Trust security solutions, focusing on key principles: verify explicitly, use least privileged access, and assume breach.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit gaps in IT security policies and procedures to disrupt critical healthcare-delivery processes.

After obsessing for years over pushing the limits with AI to detect cyberattacker behavior, Vectra is proud to hold the most patents referenced in MITRE D3FEND.

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you're only as secure as your provider.

Vectra is key contributor to new CEPS Report on the Technology, Governance and Policy Challenges of AI and Cybersecurity and supports Vectra's mission to make the world a safer and fairer place.

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

The rapid shift to cloud-everything left users and apps vulnerable to security threats across all environments. Andras Cser from Forrester joined Joe Malenfant and Gokul Rajagopalan from Vectra to discuss cloud trends among organizations.

Vectra is honored to be named Cloud Security/SaaS Disruptor Company of the Year with a Gold Globee® Award in the Annual 2021 Awards.

As SOC 1.0 remains the norm for many organizations, this way of doing things does have its challenges. See why more organizations are updating their approach in an effort to spot attacks faster while benefiting from a cost savings.

DarkSide ransomware as a service (RaaS) group provided hackers with a convenient way to extort money from organizations after access was gained. Here are five things you need to know about this prominent cybercriminal group.

Vectra introduces Detect for AWS, solving threat detection and response for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) environments.

What makes threat detection so challenging? We answer that question and provide the expert insight around our latest Spotlight Report-Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365.

As cloud adoption continues to accelerate, the evolution of the next generation of modern attacks will traverse through and towards an enterprise's cloud control plane. Learn why this risk should not be underestimated.

Supply chain attacks represent an appealing opportunity for attackers. See why this type of attack is gaining in popularity and what defenders need to know to keep their organization safe.

In our latest Spotlight Report, see how the Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behavior that is abnormal or unsafe across their environments.

We're excited to announce a new integration with Zscaler! Find out how this integration with Cognito Detect provides end-to-end access visibility and protection for remote workers and business-critical applications.

Just a week after the Colonial Pipeline was shut down due to ransomware-attackers are at it again. It's now being reported that Ireland's health service shut down its IT systems and a company in Germany had to fork out a $4.4 million ransom on the same day.

Cyberattacks are hitting the headlines around the world and there seems to be no end to the noise the attacks are making. We dive into what an organisation should do to stay breached.

Vectra Cognito Azure AD Privilege Anomaly Detection identifies account takeovers in Azure AD, alerting teams to prevent attacks on mission-critical apps.

Every year, this global retail giant in the beauty industry failed to pass red team exercises-until they deployed Vectra. Get the full story on how they use the Cognito platform to pass Red Team testing and ensure the overall security of its data.

Network and endpoint defense technologies will have to either rapidly update signatures or use other investigative ways to detect command and control (C2). Uncover how threat actors evade security tools to execute C2 techniques to learn about what you should look for.

We're excited to announce extended EDR native integration support in the Cognito platform! Find out how you can benefit from these simple, seamless integrations for comprehensive coverage across the enterprise, IoT devices, hybrid cloud, and cloud environments.

For us as Vectra, equality and inclusivity are key components of our culture. This International Women's Day, we want to celebrate the women in cybersecurity and highlight the opportunities available in the industry.

Find out how Vectra's native integrations with Microsoft and AWS enable security teams to automatically contain events directly from the Cognito platform.

Vectra is honored to receive recognition from CRN by honoring the Vectra Partner Program with its prestigious 5-Star Partner Program Rating. We couldn't be more thrilled about this award and our amazing partner community.

Account takeovers targeting Office 365 are rising. Discover IT leaders’ top concerns about Office 365 security and cloud data protection.

Speed is a key ingredient to successful containment but switching between security solutions find the host or policy you want and applying it all takes time. Vectra enables security teams to enforce directly in the platform, saving valuable time for security operations.

Despite 71% of organizations suffering malicious SaaS account takeover, 90% are still accelerating cloud adoption. Surprising? Maybe not - read on as this blog distills the takeaways from mid-sized and large Office 365 enterprises.

We're excited to announce that Detect and Recall have successfully achieved SOC 2 Type 2 compliance. Find out how this milestone further ensures the security and confidentiality of our customers' and partners' data.

Announcing extended coverage of Vectra in your entire AWS cloud footprint using the new AWS traffic mirroring capabilities on EC2 instances based on the popular Xen platform.

The Hafnium campaign is targeting Microsoft Exchange Servers by leveraging several zero-day exploits and allows attackers to bypass authentication, including MFA to access e-mail accounts. Read more about hot to detect and stop the attack with Vectra Cognito.

Discover three essential guideposts for enhancing organizational security, focusing on strategic planning, resilience, and risk quantification.

Vectra researchers dissect the SolarWinds supply chain attack, tracking backdoor to persistent access in data centers and cloud, with a focus on Office 365

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.