Introducing new Vectra AI Platform coverage for Copilot and Microsoft Azure
Protect yourself this holiday season from malicious websites. Learn how hackers deceive shoppers and how to stay secure online.
Learn how Vectra AI enhances threat detection in Microsoft Azure, overcoming challenges native tools miss for better threat detection and response.
Discover how Vectra AI strengthens Microsoft hybrid and multi-cloud defenses, filling gaps in native security tools to combat evolving cyber threats.
Discover why the NIST Zero Trust Architecture no longer requires decryption and how Vectra’s NDR solution enhances security.
As our reliance on technology grows, so does the need for robust cybersecurity to protect users and keep data and business operations safe.
The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.
With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.
Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.
Discover how the new security insights feature in the Vectra Cognito network detection and response platform eliminates the need for analysts to pivot between tools and provides additional insights related to attacker detections.
Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.
Most solutions today provide siloed views of an account, making it impossible to track attack progression across the cloud and network-except ours. We're excited to release a unified view of an account, one that tracks attacker behaviors across network and cloud.
With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.
Vectra CTO Oliver Tavakoli looks back on a disruptive 2020 and shares his view of what 2021 holds for security practices.
Learn why we are celebrating our placement in the Deloitte Fast 500 list as an achievement and testament to a customer-first approach rather than a numbers goal.
Learn how Vectra protects users and data beyond the traditional network by detecting malicious intent and tracking and stopping attackers who move between cloud, hybrid, and enterprise-ultimately reducing the risk of breach.
Discover how ransomware has evolved into targeted, double extortion attacks and learn proactive defense strategies to protect your organization.
The goal of an efficient incident response process is to free-up security analyst's time to focus on higher value work that requires critical thinking. Learn how automation can be applied to a detection and response process.
Learn from Principle Research Analyst, Eric Hanselman, from 451 Research how the combination of the right data and the right analytics can help security teams to secure what is an important resource for the modern enterprise.
Learn why Network Detection and Response (NDR) is crucial for implementing the NIST Zero Trust Architecture with Vectra AI.
When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. Discover a fundamental approach being advocated by a growing number of healthcare security professionals.
Vectra announces the expansion of the partnership with Splunk as a launch partner for Splunk Mission Control, a cloud-based and future-ready unified security operations platform.
Attackers areusing legitimate toolsbuiltintoMicrosoft Office 365toperform reconnaissance, move laterally,and extend their attacks. OurSpotlightReport on Office 365 identifies whatthey're up to and where you should be looking.
Learn more about how Vectra's new Detect Lockdown feature, made possible by integrating with CrowdStrike Falcon Insight Endpoint Detection and Response (EDR), enables you to automatically thwart cyberattackers on the device level.
Discover how maturity and capability can be defined and measured across the five stages of the maturity model based on the desired level of risk awareness.
Read the Office 365 Spotlight Report to learn about the primary cybersecurity threats that can lead to Office 365 takeovers and breaches.
We're excited to announce a partnership with Fortinet to integrate the Cognito Platform and FortiGate next-generation firewalls to detect, respond, and block cyberattacks in cloud, data center, IoT, and enterprise networks.
Asset management is one of the toughest challenges IT organizations can face. Discover why the ability to detect threats early on the network is better than ranking your critical systems.
A mature incident response process provides the benefit of faster response to reduce the amount of time an attacker has access to organization resources. Discover the metrics security teams can use to measure risk and mitigation.
Analyzing the psychology of an insider threat case is a complex task because there is little evidence and scant public data about threat incidents. Develop an improved understanding of the mind of malicious insiders with the multiple life-stage model.
Gregory Cardiet, technical leader for Vectra, shares his thoughts and experiences on why enterprises are increasingly integrating network detection and response (NDR) as a core element of their security operations visibility capabilities.
We're delighted to to announce a new integration between our Cognito platform for NDR and the cPacket Networks visibility solution. The combined techniques provide robust security-response capabilities that track the source, target, and method of attack.
Explore how Vectra AI's machine learning models detect ZeroLogon exploits without relying on signatures, providing comprehensive visibility and security.
Evaluating risk factors is the first step in implementing an effective insider threat program. Learn why implementing preventative solutions like network detection and response can minimize financial loss and risk of a breach.
Discover how Vectra AI improves cybersecurity during M&As by detecting inherited and insider threats across all attack stages.
Learn why the SOCvisibility triad is a better way to gain full visibility into threats and why Vectra is critical to help provide that visibility.
What danger do malicious and negligent insiders constitute and what kind of insider threats exist? Learn to spot the two types of insider threats.
With the advent of AI, managed security service providers (MSSPs) have a huge opportunity to improve 24x7 network threat detection, response and visibility while augmenting their understanding of security events.
The ultimate goal of most insider attacks is to steal data. Just one insider threat incident can cost your organization up to $3 million. Learn when disclosure is protected and how to stay ahead of malicious attacks in this blog.
Discover in this blog why many organizations are struggling with the burden of maintaining IDPS deployments and how security teams can instead concentrate on detecting and mitigating active threats inside the network with network detection and response.
See the certificates in your network that are actively in use, those that are about to expire and ones that have already expired in the new dashboard in Cognito Recall.
Learn how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply attackers moving around inside your deployments due to reliance on signatures and being deployed at the network perimeter.
Consider getting rid of IDPS and the noise it creates and check out detecting and stopping cyberattacks using NDR. Free-up your security analysts to focus on investigations and threat-hunting instead of tweaking signatures.
AI-based detections are great at identifying attacker behaviors while threat intelligence provides fast, labeled coverage of known threats. Adding threat intelligence extends the coverage of AI-based detections to give you the most durable coverage and early understanding of threats.
Discover step-by-step how Vectra AI identified early indicators of the Maze ransomware attack and prevented the encryption of the company files.
Learn why using AI models to look for the communication pattern of a RAT in network data, can help detect them in real-time with high-fidelity based on the behavior observed.
We need more than just APIs. When security vendors truly collaborate and integrate their tools, we enable our customer's security teams to further improve the agility, efficiency and efficacy of their security operations.
The newly announced Vectra services enable our customers to produce positive security outcomes, optimize security operations, and backup their teams when it matters most, with access to Vectra experts.
What the recent advanced threat actor 29 shows about the security limitations of indicator of compromise and how you can defend against privileged access attacks.
Battista Cagnoni explores how to mature your SOC with processes for reactive threat detection and proactive threat hunting.
Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. The recent Twitter Hack compromising several high-profile accounts becomes another stark example.
Our integration with Microsoft Defender ATP lets you perform Host Lockdown on Microsoft Defender ATP hosts.
At Vectra, our partners are integral to the way we go tomarket and we want to ensure you we are committed to the mutual success of our relationship.
Healthcare's shift to the cloud is not new. However,COVID-19 has accelerated the roadmap for cloud adoption leaving healthcare security teams in a reactive mode rather than staying proactive to head-off the spread of potential attacks.
Learn why Microsoft Power Automate is great for Office 365 users, but why it's terrifying for security professionals.
OAuth has become a critical standard for access delegation in apps. However, the increasing incidents involving malicious OAuth apps, particularly in platforms like Office 365, underscore a significant vulnerability. This vulnerability persists even with multi-factor authentication (MFA) measures in place.
The long-awaited Gartner Market Guide for Network Detection and Response (NDR) has been released and there are a few critically important things we believe you should note before diving into the document and the redefined category.
Vectra announces a partnership and deep product integration with Microsoft Defender for Endpoint (EDR) and Microsoft Azure Sentinel (SIEM) to further our extensive partner ecosystem and allow our customers to leverage the tools they already are using.
Vectra is pleased to announce the launch of two new training certification tracks for our partners. The VPSE certification is geared toward sales engineers, while our VSP certification focuses on positioning and selling Vectra Cognito.
Attack tools and techniques can change over time, but attack behaviours remain a stable indicator of attackers within the network. Using attack behaviour as a high-fidelity signal allows you to take action quickly to stop attacks or prevent further damage.
Explore the role of network metadata in enhancing cybersecurity, its benefits, and how Vectra AI's advanced solutions provide comprehensive visibility and threat detection.
Together, Vectra and Sentinel One lead to fast and well-coordinated responses across all resources, enhance the efficiency of security operations and reduce the dwell times that ultimately drive risk for the business.
Together, Cognito and Cybereason provides visibility into all enterprise environments, supporting hybrid, multi-cloud, or on-premises deployments with ease to combat against today's modern cyberattacks.
Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard.
Account Lockdown from Vectra allows for immediate, customizable account enforcement via Active Directory integration. You can now surgically freeze account access and avoid service disruption by disabling accounts rather than your network.
With increasingly sophisticated threats,cyber-risk is becoming an escalating concern for organizations around the world. Data breaches through Office 365 lead the pack as 40% of organizations suffer from account takeovers despite the rising adoption of incremental security approaches like multi-factor authentication.
Over the past decade, cyber operations have become intertwined with geopolitical conflict. In recent asymmetric campaigns, state-sponsored threat groups have mapped critical infrastructure, disrupted systems, held information hostage, and stolen state secrets as a form of warfare.
PAA enables SOC teams to monitor and defend against these types of attacks. In addition to our extensive models that detect command-and-control channels, this make the Cognito platform a powerful tool to combat evolving malware attacks against enterprises.
Vectra now integrates with Amazon Virtual Private Cloud (VPC) Ingress Routing and that our AI platform is currently available in the AWS Marketplace.
That's why we are happy to announce the integration of Vectra Cognito automated threat detection and response platform with the Swimlane security orchestration, automation and response (SOAR) platform.
The integration of the Cognito network detection and response platform with the Forescout device visibility and control platform provides inside-the-network threat detection and response, a critical layer of defense in today's security infrastructure.
The integration between the Cognito automated network detection and response platform and Check Point Next Generation Firewalls empowers security staff to quickly expose hidden attacker behaviors, pinpoint specific hosts involved in a cyberattack and contain threats before data is lost.
Explore new NIST guidelines on Zero Trust Architecture and how Vectra enhances network visibility and security.
By analyzing data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report from Vectra, we determined that RDP abuse is extremely prevalent in the real world. 90% of the organizations where the Cognito platform is deployed exhibited some form of suspicious RDP behaviors from January-June 2019.
The combination of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM) allows security professionals to have coverage across threat vectors from cloud workloads to the enterprise.
Learn how Vectra AI strengthens zero trust security with continuous monitoring and real-time threat detection across hybrid and cloud environments.
Since the early days of Vectra, we've been focused primarily on host devices. After all, hosts are the entities that generate the network traffic the Cognito platform analyses in looking for attacker behaviors.
The rationale behind choosing a managed security services provider (MSSP) can be numerous, but one of the primary reasons is to overcome the cybersecurity skills shortage. Finding the right talent in cybersecurity and retaining skilled professionals once they've been trained is very difficult.
The time of separated networks-when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment-is long gone.
Modern ransomware has been heavily weaponized, has a sweeping blast radius and is a staple tool in the attacker's arsenal. In a call to arms, cloud and enterprise organizations everywhere are scrambling to detect and respond early to ransomware attacks.
Earlier this month, the Gartner Market Guide for Intrusion Detection and Prevention Systems that describes the market definition and direction of requirements that buyers should look for in their IDPS solution as well as the top use-cases that drive IDPS today.
In a previous blog, we spoke about the importance of security enrichments in your network metadata. These serve as the foundation for threat hunters and analysts to test and query against hypotheses during an investigative process.
There are multiple phases in an active cyberattack and each is a perilous link in a complex kill-chain that gives criminals the opportunity to spy, spread and steal critical information in native and hybrid cloud workloads and user and IoT devices.
As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.
Today, I am thrilled to share the news that Vectra has completed a $100 million Series E funding round led by TCV, one of the largest growth equity firms backing private and public technology companies.
Vectra customers and security researchers respond to some of the world's most consequential threats. And they tell us there's a consistent set of questions they must answer when investigating any given attack scenario. Starting with an alert from Cognito Detect, another security tool, or their intuition, analysts will form a hypothesis as to what is occurring.
In a previous blog, we wrote about the benefits that come with Zeek-formatted metadata. This blog builds on that thread by discussing why our customers come to us as an enterprise solution to support their Zeek deployments.d
Although NDR and EDR can provide perspective on this, NDR is more critical because it provides perspective where EDR cannot. For example, exploits that operate at the BIOS level of a device can subvert EDR.
The collection and storage of network metadata strikes a balance that is just right for data lakes and SIEMs. Metadata enables security operations teams to craft queries that interrogate the data and lead to deeper investigations.
When considering how to equip your security teams to identify lateral movement behaviors, we encourage the evaluation of the efficacy of your processes and tools to identify and quickly respond to the top 5 lateral movement behaviors that we commonly observe.
There is a new breed of SIEM-less security architecture that allows companies to leverage intelligent people with general IT experience to become the next-generation of security analysts.
Imagine having a security tool that thinks the way you teach it to think, that takes action when and how you have trained it to act. No more adapting your work habits to generic rules written by a third party and wondering how to fill in security gaps that the rules did not tell you about.
In just the last few years, numerous studies have been published and institutes inaugurated that are dedicated to studying which jobs of the future will remain in the hands of humans, and which will be doled out to the machines.
The United States has not been hit by a paralyzing cyberattack on critical infrastructure like the one that sidelined Ukraine in 2015. That attack disabled Ukraine's power grid, leaving more than 700,000 people in the dark.
Microsoft unveiled the Azure Virtual Network TAP, and Vectra announced its first-mover advantage as a development partner and the demonstration of its Cognito platform operating in Azure hybrid cloud environments.
The use of AI in cybersecurity not only expands the scope of what a single security expert is able to monitor, but importantly, it also enables the discovery of attacks that would have otherwise been undetectable by a human. Just as it was nearly inevitable that AI would be used for defensive purposes, it is undeniable that AI systems will soon be put to use for attack purposes.
In the last blog post, we alluded to the No-Free-Lunch (NFL) theorems for search and optimization. While NFL theorems are criminally misunderstood and misrepresented in the service of crude generalizations intended to make a point, I intend to deploy a crude NFL generalization to make just such a point.
Recently, Vectra published the 2018 Black Hat Edition of the Attacker Behavior Industry Report, which covers the period from January through June 2018. While there are plenty of threat-research reports out there, this one offers unique insights about real-world cyberattacker behaviors found in cloud, data center and enterprise networks.
Despite the recent explosion in machine learning and artificial intelligence (AI) research, there is no singular method or algorithm that works best in all cases. In fact, this notion has been formalized and shown mathematically in a result known as the No Free Lunch theorem (Wolpert and Macready 1997).
Recently, we made an alarming discovery: hackers are using hidden tunnels to break into and steal from financial services firms! Clearly, this is serious business if it involves bad guys targeting massive amounts of money and private information. But what exactly are we dealing with? Let's dig into what hidden tunnels are and how I find them to uncover the answer.
Deep learning refers to a family of machine learning algorithms that can be used for supervised, unsupervised and reinforcement learning. These algorithms are becoming popular after many years in the wilderness. The name comes from the realization that the addition of increasing numbers of layers typically in a neural network enables a model to learn increasingly complex representations of the data.
Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you're an analyst, you probably have some incredible skills but are being held back by tedious, manual work.
There are numerous techniques for creating algorithms that are capable of learning and adapting over time. Broadly speaking, we can organize these algorithms into one of three categories-supervised, unsupervised, and reinforcement learning.
"The original question "Can machines think?' I believe to be too meaningless to deserve discussion. Nevertheless, I believe that at the end of the century, the use of words and general educated opinion will have altered so much that one will be able to speak of machines thinking without expecting to be contradicted." - Alan Turing