Blogs

An analysis of the Shamoon 2 malware attack

Posted by Greg Linares on Feb 7, 2017 11:03:14 AM

Saudi officials recently warned organizations in the kingdom to be on the alert for the Shamoon 2 malware, which cripples computers by wiping their hard disks. In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies.

During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

Read More »

Topics: cybersecurity, Threat Labs, AI, threat research


What’s an adaptive security architecture and why do you need it?

Posted by Mike Banic, VP of Marketing, Vectra Networks on Feb 1, 2017 5:13:09 PM

As long as I can recall, enterprises have always relied on prevention and policy-based controls for security, deploying products such as antivirus software, IDS/IPS and firewalls.

But as we now know, and industry research firms have stated, they aren’t enough to adequately deal with today’s threat environment, which is flooded by a dizzy array of advanced and targeted attacks.

Read More »

Topics: Cyberattacks, network security, cybersecurity, security architecture, gartner


Our focus on Russian hacking obscures the real problem

Posted by Hitesh Sheth on Jan 18, 2017 4:25:34 PM

This blog was originally published on The Hill.

If I didn’t deal daily with the mechanics of cybersecurity, I might be captivated by Washington’s focus on whether the Russians penetrated the Democratic National Committee and why they did it. As a citizen, I follow politics and geopolitics, too.

But here’s what bothers me:

The hacking tools identified by the FBI and Department of Homeland Security are freely available on the internet. The Russians can use them. So can the Iranians, the Chinese, the North Koreans and any other nation-state which wants to penetrate the networks that serve our political parties and government. There is nothing special or even uniquely “Russian” about them. And they often work.

I am not surprised that such common tools are employed against us. We should expect it. In the cybersecurity business we know the focus should be on our ineffective defense, rather than on finding the guilty country.

Whoever got inside the DNC networks had seven months to plumb about, pilfer embarrassing material, package it for shipping and make off with it, all without detection. The DNC had no way to detect the penetration while it was happening.

Why not? After all, the technology to spot and interrupt hacking while it is in progress exists. We can literally watch hackers and their tools move around inside our networks, probing our vulnerabilities, locating our most sensitive data and setting up private tunnels to take it out of our systems. 

Read More »

Topics: cyber security, cybersecurity, hacker, hacking, cyber defense


Security automation isn't AI security

Posted by Günter Ollmann on Jan 17, 2017 2:11:52 PM

This blog was orignially published on ISACA Now.

In many spheres of employment, the application of Artificial Intelligence (AI) technology is creating a growing fear. Kevin Maney of Newsweek vividly summarized the pending transformation of employment and the concerns it raises in his recent article "How artificial intelligence and robots will radically transform the economy."

In the Information Security (InfoSec) community, AI is commonly seen as a savior – an application of technology that will allow businesses to more rapidly identify and mitigate threats, without having to add more humans. That human factor is commonly seen as a business inhibitor as the necessary skills and experience are both costly and difficult to obtain.

As a consequence, over the last few years, many vendors have re-engineered and re-branded their products as employing AI – both as a hat-tip to their customer’s growing frustrations that combating every new threat requires additional personnel to look after the tools and products being sold to them, and as a differentiator amongst “legacy” approaches to dealing with the threats that persist despite two decades of detection innovation.

The rebranding, remarketing, and inclusion of various data science buzzwords – machine intelligence, machine learning, big data, data lakes, unsupervised learning – into product sales pitches and collateral have made it appear that security automation is the same as AI security.

Read More »

Topics: cyber security, machine learning, cybersecurity, artificial intelligence, security automation


InfoSec skills shortage: The No. 1 threat to Internet security

Posted by Günter Ollmann on Nov 15, 2016 12:00:00 PM

When asked a poorly bounded question such as “What is the biggest threat to Internet security?”, the majority of quick-fire answers can likely be represented by the flags of a handful of nation states. Certainly the front-of-mind answer – identifying a cluster of hackers – represents a constant and escalating threat to business continuity and potential compromise.

Yet, if we introspectively examine the nature of our industry, we can easily argue that the biggest risk that Internet security faces is in fact our general inability to respond and counter the attacks launched by adversaries from around the world.

It is estimated that today there are over 1 million InfoSec positions unfilledgrowing to over 1.5 million by 2019 – and more than 200,000 of those vacancies are in the U.S. This global shortage of expertise and experience lies at the very heart of the InfoSec world’s ability to respond to cyber attacks – affecting vendors and consumers alike.

Read More »

Topics: it-security, cybersecurity, InfoSec


Bringing attack detections to the data center

Posted by Wade Williamson on Sep 12, 2016 11:59:00 PM

In extending the Vectra cybersecurity platform to enterprise data centers and public clouds, we wanted to do more than simply port the existing product into a virtualized environment. So, Vectra security researchers, data scientists, and developers started with a fresh sheet of paper to address the real-world challenges and threats that are unique to the enterprise data centers and clouds.

 

Visibility and intelligence that spans the enterprise

First, it was important to remember that the data center can be both integrally connected, yet in some ways separated from the physical enterprise. For example, attacks can spread from the campus environment to the data center environment, and security teams absolutely need to know how these events are connected. On the other hand, 80% of data center traffic never leaves the data center, making it invisible to traditional security controls.

Read More »

Topics: Cyberattacks, cybersecurity, Data Center


From the Iron Age to the “Machine Learning Age”

Posted by Günter Ollmann on Aug 30, 2016 8:00:00 AM

It is likely self-evident to many that the security industry’s most overused buzzword of the year is “machine learning.” Yet, despite the ubiquity of the term and its presence in company marketing literature, most people – including those working for many of the vendors using the term – don’t actually know what it means.

Read More »

Topics: cyber security, machine learning, cybersecurity


Accelerating action: New technology partnerships help customers bridge the cybersecurity gap

Posted by Kevin Kennedy on Aug 4, 2016 8:00:00 AM


“Without knowledge, action is useless, and knowledge without action is futile.”  -Abu Bakr

Read More »

Topics: network security, cybersecurity


Time to update how we manage and address malware infections

Posted by Mike Banic, VP of Marketing, Vectra Networks on Jun 28, 2016 9:00:00 AM

Network-based malware detection addresses increasing complexity in the malware ecosystem but doesn’t make attribution a key priority.

Conventional wisdom about malware infection paints a picture that hapless users click on something they shouldn’t, that in turn takes their Web browsers to a drive-by-download website. It then exploits a vulnerability to install a botnet agent that eventually steals all their personal data and uploads it to cybercriminals in another country.

That conventional wisdom isn’t completely wrong, but it needs some serious updating. Today’s malware infections are more typically multi-stage events, wherein a user visits a favorite website with a banner advertisement supplied by a third-party ad network that was supplied by an affiliate ad network.

Read More »

Topics: Cyberattacks, network security, cybersecurity


Ransomware lessons from Julius Caesar

Posted by Jacob Sendowski on Jun 6, 2016 11:59:00 PM

In his youth, Julius Caesar was taken hostage by Sicilian pirates and held for a ransom of 20 talents of silver (about 0.5 tons). He managed to convince the pirates that he was more important than that and encouraged them to demand 50 talents of silver instead.

They obliged and in doing so bought into a view of Caesar as superior to them. Caesar exploited this to good effect: he acted as the leader of the pirates, he practiced combat exercises with them and even read them poetry.

Eventually, Caesar’s associates returned with the silver and he was let go. He vowed to return to collect his money and kill the pirates and he went to great lengths to make good on his promise.

Caesar kept his cool, survived the hostage situation, and recovered his belongings because he had a plan and a strategy.

Read More »

Topics: cybersecurity, Ransomware