Introducing new Vectra AI Platform coverage for Copilot and Microsoft Azure

Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得

詳細を見る

Research & Insights

Expert insights from Vectra AI data scientists, product engineers and security researchers empower your SOC analysts to make faster, smarter decisions.

Up-level your SOC with insights from security experts at Vectra AI, based on real-world experiences defending hybrid enterprise environments.

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Resources

Breaking news and expert insights

Blue Team Workshops, on-demand webinars and global events near you

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

Research reports, attack anatomies, white papers, guides, datasheets and customer stories

Demo Videos & Tours

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Company

See why we’re the world leader in AI security

Request an intro with a Vectra AI security expert

Deployment guides, knowledge base, release notes and security announcements

Join the team behind the world’s first AI-based cybersecurity platform

Breaking news from Vectra AI

Expert insight from security researchers, data scientists and engineers

Don't let the Grinch Steal Your Passwords this Holiday Season

Protect yourself this holiday season from malicious websites. Learn how hackers deceive shoppers and how to stay secure online.

Back to all detections

Suspicious Relay

Suspicious Relay

Possible Root Causes

Example Scenarios

Business Impact

Steps to Investigate

MITRE ATT&CK Techniques

Related Detections

Detection overview

Triggers

This host appears to be acting as a relay for communication between an external system to another internal host—relays of this type involve a first (external) leg and a second (internal) leg
This host also has another active command and control detection

Possible Root Causes

A host is compromised and is being used to relay information to and from a host deeper inside the network
An internal host is hosting some form of approved proxy (e.g. SOCKS) to allow other internal hosts to communicate with the Internet through it

Business Impact

An infected host which is enabling another internal host to hide its communication with the Internet by acting as a relay represents a high risk as this may allow a host which normally is not allowed to communicate with the outside to do so
For hosts that have approved proxy software installed, ensure all the necessary security controls are in place to prevent unauthorized use

Steps to Verify

Determine whether this host should be providing relay services to other internal hosts; if not, this is likely malicious behavior
Look at the outside destination of the traffic and the payload of traffic, available in the PCAP, to determine what it being sent and where it is going; this will help further calibrate the risk

Suspicious Relay

Possible root causes

Malicious Detection

Benign Detection

Suspicious Relay

Example scenarios

Suspicious Relay

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

Suspicious Relay

Steps to investigate

Suspicious Relay

MITRE ATT&CK techniques covered

Proxy

Multi-Stage Channels

Suspicious Relay

Related detections

No items found.

FAQs