Blogs

Vectra detection and response to WannaCry ransomware

Posted by Chris Morales on May 16, 2017 8:59:36 AM

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber security gap, AI, cyber defense, WannaCry


Fighting the ransomware pandemic

Posted by Chris Morales on May 12, 2017 5:00:14 PM

What just happened?

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, Threat Labs, AI, Attacker Detection, threat research, bitcoin, Windows vulnerability, attacker behavior, shadow brokers


How to win the cybersecurity battle in healthcare

Posted by Chris Morales on May 3, 2017 6:11:22 PM

Risky business

There is some startling data in the 2017 Verizon Data Breach Investigation Report. What stood out to me as most concerning is that more breaches occurred in healthcare this year than last year. After reviewing the report, I see three key trends.

  1. The real threat is already inside healthcare networks in the form of privileged access misuse
  2. When healthcare organizations are hit from the outside, it is usually ransomware extorting them for money
  3. The growth in healthcare IoT is overwhelming and dangerous
Read More »

Topics: Cyberattacks, artificial intelligence


Security that thinks is now thinking deeply

Posted by Jacob Sendowski on Apr 26, 2017 8:05:42 AM

Whether the task is driving a nail, fastening a screw, or detecting a hidden HTTP tunnel, it pays to have the right tool for the job. The wrong tool can increase the time to accomplish a task, waste valuable resources, or worse. Leveraging the power of machine learning is no different.

Vectra has adopted the philosophy of implementing the most optimal machine learning tool for each attacker behavior detection algorithm. Each method has its own strengths.

Read More »

Topics: machine learning, cybersecurity, deep learning


The existential threat of IP theft

Posted by Kevin Kennedy on Apr 19, 2017 5:41:26 PM

Confusion reigns on the origin of the term "bullseye." Some say it started when English archers showed off their accuracy by shooting arrows through the empty eye socket of a bull skull. Others contend it was a reference to a blemish in the center of a glass window pane.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber defense, intellectual property


Don't blow your IT security budget on flow analysis

Posted by Hitesh Sheth on Apr 10, 2017 9:23:04 AM

This blog was originally published on LinkedIn.

Vendors who are trapped in a time warp often tout traffic flow analysis as a great way to detect and analyze behavior anomalies inside networks. I have a problem with that because it’s decades-old technology dressed in a new suit. 

Read More »

Topics: cyber security, network security, artificial intelligence


AI: Is science fiction on a collision course with science fact?

Posted by Chris Morales on Mar 30, 2017 3:48:43 PM

Sometimes science fiction becomes less fantastic over time than the actual reality. Take the film Ghost in the Shell, for example, which hits the big screen this week. It’s an adaptation of the fictional 28-year-old cult classic Japanese manga about human and machine augmentation.

Read More »

Topics: cyber security, machine learning, artificial intelligence


Stealthy ransomware: Extortion evolves

Posted by Kevin Kennedy on Mar 29, 2017 11:22:31 AM

It seems like a new variant or victim of ransomware is in the news every day. It’s newsworthy because it works so well and causes widespread destruction.

So when the recent wave of stories hit about PetrWrap, a variation of the widely known Petya ransomware strain, it was easy to miss the significance. The “no-honor-among-thieves” narrative crowded out its true importance.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber defense


Don't let your cybersecurity vendor leave you vulnerable

Posted by Chris Morales on Mar 23, 2017 12:57:20 PM

The U.S. Computer Emergency Readiness Team (US-Cert) issued a warning last week stating HTTPS interception weakens TLS security. As the use of encryption for privacy has increased, the security industry has responded by intercepting and decrypting SSL sessions to perform deep-packet inspection (DPI).

Read More »

Topics: Cyberattacks, SSL Encryption, cyber security, security architecture


The love-hate relationship with SIEMs

Posted by Hitesh Sheth on Mar 7, 2017 12:00:14 PM

This blog was originally published on LinkedIn.

To know SIEM is to love it. And hate it.

Security information and event management (SIEM) is a ubiquitous cybersecurity tool. It’s used by probably every security analyst who works in a security operations center (SOC).

Read More »

Topics: Cyberattacks, cyber security, SIEM


Subscribe to the Vectra Blog



Follow us