Vectra Networks, the leader in real-time detection of in-progress cyber attacks, today introduced the industry’s first real-time detection platform for insider and targeted threats, enabling organizations to best protect their networks from today’s complex attacks. Vectra Network’s updated X-series platform delivers a unique combination of dynamic community threat analysis and real-time detection of cyber attacks to put an organization’s key assets at the center of real-time investigations of insider and targeted threats.
Now organizations can identify potentially threatening individuals and hosts, understand details of any anomalous behavior, and perform quick triage and prioritization of incident response to best protect their most important assets. With today’s launch, Vectra also uniquely combines behavioral detections of cyber-attacks and malware with dynamic community threat analysis to instantly display the proximity and impact of a suspect host to an organization’s high-value assets. For more information, see Vectra’s white paper on the new solution on the website.
According to Gartner,“Most enterprises have experienced comparative success in sufficiently mitigating the majority of external threats. This focus on external threats has not significantly decreased risk exposure related to the misuse of intellectual property and sensitive data by entities within the traditional security perimeter…In addition to active management of access rights, access activities must be monitored and analyzed to ensure ongoing compliance and to detect anomalous patterns of activity.”1
The Vectra X-series platform now combines new context-aware dynamic community threat analysis with its instant detection of indicators of an attack to automatically display an attacker’s proximity and impact to high-value assets. Vectra automatically constructs and displays the communities based on observed behavior and creates a baseline against which anomalies can be detected. This community threat analysis quickly exposes anomalous activity that may be the result of either insider or targeted threats.
“At CS Technology, our client base includes some of the largest companies in the world, and we have a contractual responsibility to safeguard their data from both external and internal threats,” said Rob Caputo, Principal at CS Technology, a global advisory services firm that covers technology infrastructure, data centers, workspaces, and end user technology. “Vectra has identified threats that our other ‘industry standard’ tools miss or won’t discover until the next update. We’ve been testing a few of the Vectra insider threat features and find that they provide greater insight and enable us to rapidly identify and prioritize the potential impact of a single security event. We see increased use of Vectra in other areas of our environment and greater integration with our IT service management tools.”
Perimeter security is unable to detect insider threats since an insider already has access and doesn’t need to communicate externally for command and control or exfiltration. In addition, insiders may have credentials that allow them to access high-value assets, and may be able to exfiltrate data undetected by carrying it out the door.
Current methods of detecting insider and targeted threats such as log monitoring and data leak prevention require manual operation, are often used after a breach has been reported, and require correlation of abnormalities across multiple products. This leaves security teams inundated with uncorrelated information and unable to quickly triage threats or focus their time and resources to address the highest priority attacks. Vectra Networks’ real-time breach detection identifies and analyzes anomalous host connectivity, as well as reconnaissance, lateral movement and unusual data acquisition to provide customers with a single solution to quickly and efficiently identify insider and targeted threat activity.
“Today’s solutions for detecting insider attacks either involve collecting large volumes of data to look for specific attack patterns or searching for anomalies in previously established models of individual user behavior,” said Oliver Tavakoli, CTO of Vectra Networks. “Vectra’s approach of building behavioral models around host and community behaviors in real-time does away with large-scale data collection and limits false positives. Now IT teams can instantly see the attacks on their networks and their progression, and can quickly mitigate the most immediate and significant threats.”
Vectra Networks detects and analyzes attacks at every phase of an ongoing attack, regardless of how the attack enters an organization’s network and the application, operating system or device involved. The Vectra X-series platform continuously monitors an organization’s network and provides automated, intuitive and prioritized reporting so security analysts can address the highest business risks quickly, rather than spending valuable time sifting through thousands of alerts.
Availability and Price
The new capabilities are part of the standard Vectra X-series platform and software license, and both are available today directly from Vectra Networks and authorized resellers. The Vectra X-series list price starts at $60,000.
About Vectra Networks
Vectra Networks (vectranetworks.com) is the leading innovator in real-time detection of in-progress cyber-attacks. Vectra delivers continuous automated cyber-attack detection and reporting that instantly identifies attacks while they are happening and describes what the attacker is doing. Vectra automatically prioritizes attacks that pose the greatest business risk, enabling organizations to quickly make decisions on where to focus their time and resources. Vectra Networks’ investors include Khosla Ventures, Accel Partners, IA Ventures and AME Cloud Ventures. The company’s headquarters are in San Jose, Calif.
Note 1 Gartner,“Best Practices for Managing ‘Insider’ Security Threats, 2014 Update,” by Andrew Walls, June 17, 2014.
Vectra Networks is a registered trademark of Vectra Networks in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.