Cyber security information center

Time to update how we manage and address malware infections

Posted by Mike Banic, VP of Marketing, Vectra Networks on Jun 28, 2016 9:00:00 AM

Network-based malware detection addresses increasing complexity in the malware ecosystem but doesn’t make attribution a key priority.

Conventional wisdom about malware infection paints a picture that hapless users click on something they shouldn’t, that in turn takes their Web browsers to a drive-by-download website. It then exploits a vulnerability to install a botnet agent that eventually steals all their personal data and uploads it to cybercriminals in another country.

That conventional wisdom isn’t completely wrong, but it needs some serious updating. Today’s malware infections are more typically multi-stage events, wherein a user visits a favorite website with a banner advertisement supplied by a third-party ad network that was supplied by an affiliate ad network.

Read More »

Topics: Cyberattacks, network security, cybersecurity


Ransomware, encryption and machine learning – Three key takeaways from Infosecurity 2016

Posted by Matt Walmsley on Jun 15, 2016 3:00:25 AM

Ransomware, encryption and machine learning – Three key takeaways from Infosecurity 2016

Last week was a long one. Vectra participated for the first time at Infosecurity Europe in London. Now that my feet have recovered from our very busy booth I thought I shared a few of the recurring themes I noticed at the show.

Ransomware. Definitely the threat de rigueur with vendors coming at the problem from various angles, including DNS management and client based solutions. Vectra was part of the buzz too, offering a network-centric approach with our newly announced ransomware file activity detection.

Read More »

Topics: machine learning, Encryption, Ransomware


Ransomware lessons from Julius Caesar

Posted by Jacob Sendowski on Jun 6, 2016 11:59:00 PM

In his youth, Julius Caesar was taken hostage by Sicilian pirates and held for a ransom of 20 talents of silver (about 0.5 tons). He managed to convince the pirates that he was more important than that and encouraged them to demand 50 talents of silver instead.

They obliged and in doing so bought into a view of Caesar as superior to them. Caesar exploited this to good effect: he acted as the leader of the pirates, he practiced combat exercises with them and even read them poetry.

Eventually, Caesar’s associates returned with the silver and he was let go. He vowed to return to collect his money and kill the pirates and he went to great lengths to make good on his promise.

Caesar kept his cool, survived the hostage situation, and recovered his belongings because he had a plan and a strategy.

Read More »

Topics: cybersecurity, Ransomware


DPI goes blind as encryption adoption increases

Posted by Günter Ollmann on Jun 1, 2016 10:49:05 AM

Governments and businesses that have traditionally relied upon deep packet inspection (DPI) or content-level inspection technologies to identify threats or control access across the perimeter of their networks are at the cusp of a dramatic and non-reversible sea change. Month on month organizations have observed the silent shift to encrypted communications, and with that, their visibility and control of network traffic has incrementally diminished.
 
As the encryption of North-South corporate network traffic reaches levels of 60% or more in most environments, organizations are finding themselves in the uncomfortable position of having to plan for the abandonment of the DPI-based perimeter defenses they’ve depended upon for a decade and a half. It would seem that IDS, IPS, DLP, and ADS are rapidly turning dark.
Read More »

Topics: cybersecurity, Deep Packet Inspection


Introducing the Spring 2016 Post-Intrusion Report

Posted by Wade Williamson on Apr 20, 2016 5:00:00 AM

 
Insights from inside the kill chain

Detection_Overview.pngThis week we are proud to announce the release of the third edition of the Vectra Post-Intrusion Report. And while there are plenty of reports from security vendors out there, this one provides something that is unique.

Read More »

Canary in the ransomware mine

Posted by Günter Ollmann on Mar 30, 2016 2:06:10 PM

 

A quick no-frills solution to ransomware inside the enterprise

Ransomware is clearly the scourge of 2016. Every week there is a new and notable enterprise-level outbreak of this insidious class of malware – crippling and extorting an ever widening array of organizations.

For a threat that is overwhelmingly not targeted, it seems to be hitting large and small businesses with great success.

The malware infection can come through the front door of a failed “defense-in-depth” strategy or the side door of a mobile device latched to the corporate network on a Monday morning.

Read More »

Topics: cybersecurity, Ransomware


Plan on losing visibility of your network traffic: Steps to take control

Posted by Günter Ollmann on Mar 8, 2016 11:49:57 AM

The ongoing Apple versus the FBI debate has me thinking more about the implications of encryption. Whether or not national governments around the globe choose to go down the path of further regulating encryption key lengths, requiring backdoors to encryption algorithms, mandating key escrow for law enforcement purposes, or generally weakening the implementations of encrypted communications and data storage in consumer technologies, the use of encryption will increase – and in parallel – network visibility of threats will decrease.

Read More »

Topics: Malware Attacks, SSL Encryption


Apple vs. the FBI: Some points to consider

Posted by Günter Ollmann on Feb 17, 2016 4:30:00 PM

In light of Apple’s response to the FBI’s request to gain access to San Bernardino shooter Syed Farook’s iPhone, I thought I would share some of my thoughts on this. It appears that there is some confusion in the connection of this request from the FBI with the bigger government debate on providing backdoors and encryption.

Let me attempt to break this down a little in the hopes of clearing some of that confusion:

  • Apple has positioned the request from the FBI to be a request to install a “backdoor” in their product. This is not correct. The FBI request is pretty specific and is not asking for a universal key or backdoor to Apple products.
  • The FBI request should be interpreted as a lawful request to Apple to help construct a forensics recovery tool for a specific product with a unique serial number.
  • The phone in question is an Apple 5C, and the method of access requested by the FBI is actually an exploitation of a security vulnerability in this (older) product. The vulnerability does not exist in the current generation of Apple iPhones. 
Read More »

Topics: Cyberattacks, network security, cybersecurity


The Chocolate Sprinkles of InfoSec

Posted by Günter Ollmann on Feb 2, 2016 10:30:33 AM

In the rapidly expanding world of threat intelligence, avalanches of static lists combine with cascades of streaming data to be molded by evermore sophisticated analytics engines the output of which are finally presented in a dazzling array of eye-candy graphs and interactive displays. 

For many of those charged with securing their corporate systems and online presence, the pressure continues to grow for them to figure out some way to incorporate this glitzy wealth of intelligence into tangible and actionable knowledge. 

Read More »

Topics: Cyberattacks, IDS, network security, cybersecurity


Who is watching your security technology?

Posted by Günter Ollmann on Jan 28, 2016 12:00:00 PM

It seems that this last holiday season didn’t bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance.

It’s not the first time that products from major security vendors have been found wanting. 

It feels as though some vendor’s host-based security defenses fail on a monthly basis, while network defense appliances fail less frequently – maybe twice per year. At least that’s what a general perusal of press coverage may lead you to believe. However, the reality is quite different. Most security vendors fix and patch security weaknesses on a monthly basis. Generally, the issues are ones that they themselves have identified (through internal SDL processes or the use of third-party code reviews and assessment) or they are issues identified by customers. And, every so often, critical security flaws will be “dropped” on the vendor by an independent researcher or security company that need to be fixed quickly. 

Read More »

Topics: Cyberattacks, network security, cybersecurity