sb-as logo
Story image

Vectra expands NDR capabilities across all network environments

20 Nov 2020

Network threat detection and response company Vectra is bringing fresh new capabilities to threat detection and cybersecurity, with the expansion of cloud services that can monitor threats across cloud, hybrid, and on-premise networks.

Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks.

The company points to the rise in remote working and the influx of devices connected to the internet of things (IoT) as areas in which traditional network security solutions can often be blind to attacker activities. 

The company states that targeted credential-based attacks are so powerful that they render some prevention processes useless - particularly email security, multifactor authentication (MFA), cloud access security brokers (CASBs). This is because malicious account-based attacks look like legitimate user actions.

Vectra Asia Pacific and Japan director of security engineering, Chris Fisher, adds, “ Attackers are moving and expanding their attack surface and getting more effective.”

“Private and trusted networks cannot be protected by legacy network security focused on signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has redefined the network and user identity has become the new perimeter.”

He adds that it’s no longer useful to build higher walls to keep attackers at bay - especially if organisations are trying to slow down experienced attackers, or if they’re trying to speed up detection.

“With more people working remotely, a wider attack surface of home and private networks is being created that traditional security policies and approaches are not designed to protect. A more robust response is needed.”

Vectra created its NDR solution to provide an analysis of how people access, use, and configure cloud services. It does this through logs from software as a service (SaaS) applications, and account usage from identity providers like Microsoft Azure AD.

“Our learning behavioural models stitch together hosts and on-premise and cloud identities to stop attacks earlier in the kill chain,” continues Fisher.

This, Vectra says, can help to reduce the overall risk of a breach.

Last month Vectra also published its 2020 Spotlight Report on Microsoft Office 365 report, which analysed more than four million Microsoft Office 365 accounts for signs of potential security issues.

The report found that the accounts are prone to suspicious behaviour such as lateral movement, command and control communication, exfiltration, and reconnaissance.

“In Office 365, threats traverse the attack lifecycle with no endpoint or network activity taking place and evade traditional network and endpoint detection,” the report notes.

Common attack methods include:

  • Searching through emails, chat histories, and files looking for passwords or interesting data.
  • Setting up forwarding rules to get access to a steady stream of email without needing to sign-in again.
  • Leveraging the trusted communication channel – the email isn’t spoofing an email from the CEO; it is an email from the CEO – to socially engineer
  • employees, customers or partners.
  • Planting malware or malicious links in documents that many people trust and use, again leveraging trust to get around prevention controls that may
  • trigger warnings.
  • Stealing or holding files and data for ransom.
     
Story image
Trend Micro integrates with AWS Network Firewall
As a Launch Partner, Trend Micro has integrated managed threat intelligence feeds from its cloud security solution to enable superior protection in line with this new AWS managed firewall service.More
Story image
SMBs in Southeast Asia hit hard by cyber criminals
Kaspersky has recognised a worrying trend of cyber criminals targeting small and medium businesses (SMBs) in Southeast Asia (SEA), and has released a new offering in response. More
Story image
Digital transformation and cloud security top of mind for enterprise
In the era of the coronavirus pandemic, digital transformation and cloud security are the chart-topping topics enterprises want to know more about.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the benefits of Boundless Cybersecurity
Today's interviewee will discuss the ins and outs of the company's Boundless Cybersecurity solution and how it can help APAC organisations adjust to the new normal, as well as explaining the 'cybersecurity business gap'.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Kaspersky ICS CERT joins FIRST global threat intelligence forum
FIRST was founded in 1990, and its members come from 95 countries across Oceania, Asia, Europe, the Americas, and Africa.More