Introducing new Vectra AI Platform coverage for Copilot and Microsoft Azure

Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得

詳細を見る

Research & Insights

Expert insights from Vectra AI data scientists, product engineers and security researchers empower your SOC analysts to make faster, smarter decisions.

Up-level your SOC with insights from security experts at Vectra AI, based on real-world experiences defending hybrid enterprise environments.

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Resources

Breaking news and expert insights

Blue Team Workshops, on-demand webinars and global events near you

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

Research reports, attack anatomies, white papers, guides, datasheets and customer stories

Demo Videos & Tours

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Company

See why we’re the world leader in AI security

Request an intro with a Vectra AI security expert

Deployment guides, knowledge base, release notes and security announcements

Join the team behind the world’s first AI-based cybersecurity platform

Breaking news from Vectra AI

Expert insight from security researchers, data scientists and engineers

Don't let the Grinch Steal Your Passwords this Holiday Season

Protect yourself this holiday season from malicious websites. Learn how hackers deceive shoppers and how to stay secure online.

Back to all detections

Outbound DoS

Outbound DoS

Possible Root Causes

Example Scenarios

Business Impact

Steps to Investigate

MITRE ATT&CK Techniques

Related Detections

Detection overview

Triggers

An internal host appears to be taking part in a Denial- of-Service (DoS) campaign on an external IP address
The form of DoS detection has two types: “SYN Flood” and “Slowloris”

Possible Root Causes

The internal host is infected and has become part of a botnet and is being instructed by its bot herder to perform a DoS attack on an external system, which is a relatively common way for a botnet to make money
An internal host is misconfigured and continually, in high volume, tries to connect to an external IP address

Business Impact

Botnet activity presents several risks to the organization: (1) it creates noise which may hide more serious issues; (2) there is a chance your organization’s IP will end up on black lists; and (3) the compromised host can always be instructed to perform a direct attack on the organization
The sheer volume of flood attacks may materially affect the amount of bandwidth available for legitimate functions which need to access the Internet

Steps to Investigate

Explore if there is a legitimate reason for the host to be connecting to the suspected victim of the attack
Contact the user of the host to see whether they are trying to perform some unusual task which might trigger the DoS detection
Check the host for presence of malware that is participating in a DoS attack

Outbound DoS

Possible root causes

Malicious Detection

Benign Detection

Outbound DoS

Example scenarios

Outbound DoS

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

Outbound DoS

Steps to investigate

Outbound DoS

MITRE ATT&CK techniques covered

Network Denial Of Service

Outbound DoS

Related detections

No items found.

FAQs