Blogs

Vectra detection and response to WannaCry ransomware

Posted by Chris Morales on May 16, 2017 8:59:36 AM

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber security gap, AI, cyber defense, WannaCry


Fighting the ransomware pandemic

Posted by Chris Morales on May 12, 2017 5:00:14 PM

What just happened?

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, Threat Labs, AI, Attacker Detection, threat research, bitcoin, Windows vulnerability, attacker behavior, shadow brokers


How to win the cybersecurity battle in healthcare

Posted by Chris Morales on May 3, 2017 6:11:22 PM

Risky business

There is some startling data in the 2017 Verizon Data Breach Investigation Report. What stood out to me as most concerning is that more breaches occurred in healthcare this year than last year. After reviewing the report, I see three key trends.

  1. The real threat is already inside healthcare networks in the form of privileged access misuse
  2. When healthcare organizations are hit from the outside, it is usually ransomware extorting them for money
  3. The growth in healthcare IoT is overwhelming and dangerous
Read More »

Topics: Cyberattacks, artificial intelligence


The existential threat of IP theft

Posted by Kevin Kennedy on Apr 19, 2017 5:41:26 PM

Confusion reigns on the origin of the term "bullseye." Some say it started when English archers showed off their accuracy by shooting arrows through the empty eye socket of a bull skull. Others contend it was a reference to a blemish in the center of a glass window pane.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber defense, intellectual property


Stealthy ransomware: Extortion evolves

Posted by Kevin Kennedy on Mar 29, 2017 11:22:31 AM

It seems like a new variant or victim of ransomware is in the news every day. It’s newsworthy because it works so well and causes widespread destruction.

So when the recent wave of stories hit about PetrWrap, a variation of the widely known Petya ransomware strain, it was easy to miss the significance. The “no-honor-among-thieves” narrative crowded out its true importance.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, cyber defense


Don't let your cybersecurity vendor leave you vulnerable

Posted by Chris Morales on Mar 23, 2017 12:57:20 PM

The U.S. Computer Emergency Readiness Team (US-Cert) issued a warning last week stating HTTPS interception weakens TLS security. As the use of encryption for privacy has increased, the security industry has responded by intercepting and decrypting SSL sessions to perform deep-packet inspection (DPI).

Read More »

Topics: Cyberattacks, SSL Encryption, cyber security, security architecture


The love-hate relationship with SIEMs

Posted by Hitesh Sheth on Mar 7, 2017 12:00:14 PM

This blog was originally published on LinkedIn.

To know SIEM is to love it. And hate it.

Security information and event management (SIEM) is a ubiquitous cybersecurity tool. It’s used by probably every security analyst who works in a security operations center (SOC).

Read More »

Topics: Cyberattacks, cyber security, SIEM


What’s an adaptive security architecture and why do you need it?

Posted by Mike Banic, VP of Marketing, Vectra Networks on Feb 1, 2017 5:13:09 PM

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls.

But as we now know, and industry research firms have stated, they aren’t enough to adequately deal with today’s threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

Read More »

Topics: Cyberattacks, network security, cybersecurity, security architecture, gartner


Bringing attack detections to the data center

Posted by Wade Williamson on Sep 12, 2016 11:59:00 PM

In extending the Vectra cybersecurity platform to enterprise data centers and public clouds, we wanted to do more than simply port the existing product into a virtualized environment. So, Vectra security researchers, data scientists, and developers started with a fresh sheet of paper to address the real-world challenges and threats that are unique to the enterprise data centers and clouds.

 

Visibility and intelligence that spans the enterprise

First, it was important to remember that the data center can be both integrally connected, yet in some ways separated from the physical enterprise. For example, attacks can spread from the campus environment to the data center environment, and security teams absolutely need to know how these events are connected. On the other hand, 80% of data center traffic never leaves the data center, making it invisible to traditional security controls.

Read More »

Topics: Cyberattacks, cybersecurity, Data Center


Time to update how we manage and address malware infections

Posted by Mike Banic, VP of Marketing, Vectra Networks on Jun 28, 2016 9:00:00 AM

Network-based malware detection addresses increasing complexity in the malware ecosystem but doesn’t make attribution a key priority.

Conventional wisdom about malware infection paints a picture that hapless users click on something they shouldn’t, that in turn takes their Web browsers to a drive-by-download website. It then exploits a vulnerability to install a botnet agent that eventually steals all their personal data and uploads it to cybercriminals in another country.

That conventional wisdom isn’t completely wrong, but it needs some serious updating. Today’s malware infections are more typically multi-stage events, wherein a user visits a favorite website with a banner advertisement supplied by a third-party ad network that was supplied by an affiliate ad network.

Read More »

Topics: Cyberattacks, network security, cybersecurity


Subscribe to the Vectra Blog



Follow us