infoTECH Feature

December 06, 2016

Bigger Walls Won't Keep Data Safe, Vectra Will

Security is front of mind across all industries. From sovereign nations and industrial espionage to slews of evil-doers eager to gain a big pay back or to throw a massive wrench in operations, the threat is more real today than at any time in history. For years, the security community placed a focus on perimeter defenses but ensuring all is well is much more than simply building a bigger wall. It’s what these nefarious actors do once in the network that is the truly frightening part of the equation.

At Editors Day Silicon Valley, Vectra Networks’ VP of Marketing Mike Banic (News - Alert) noted that, as of March 2016, the average amount of time in network for these hackers is 146 days. To compound matters, on average it takes an attacker less than three days to gain administrative credentials, or as Banic put it, “the keys to the kingdom.”

Vectra specializes in ensuring the “keys” are kept in the right hands; its solution is “deployed deep inside the network,” and seeks out evil-doers doing reconnaissance in order to protect your data. If an attacker defeats the perimeter defenses, Vectra serves as your network Navy Seals security team.

The security solution is capable of hunting down hackers by looking at the internal traffic. Its toolbox is jam packed with ways to do so. Via automated threat hunting, Vectra does more than simply relay detection and put your team to work, it offers “the relevant context” needed to address the situation.

Banic illustrated, “When we talk to end users they say, ‘we think we can find the attack by using this module in our SIEM,’ but it won’t help you find the threat.” Others are putting data to work, but the SIEM is no good for dark data. Vectra instead looks at flow data, analyzes behavior and is able to diagnose the issue rather quickly.

Recently, the firm unveiled a couple of new detection technologies. The first is a means to provide the end user with a complete “story” of an attack by learning the knocking sequence of ports, protocols and normal infrastructure behavior. This makes it possible to offer a play by play, and illustrate exactly what happened.

In addition, Vectra introduced suspicious admin behavior detection, which utilizes an algorithm to, “learn who admins are in network and what they normally service,” explained Banic. The algorithm can quickly detect if an admin is dabbling in areas it shouldn’t. Banic noted that when it comes to physical infrastructure, “even if security wipes the server, the vulnerability will still exist,” because the physical infrastructure is sub operating system. It never hurts to be safe than sorry.

Aside from adding new detection capabilities, Vectra has added partnerships with Carbon Black and Phantom. With Carbon Black, the two utilized each other’s APIs for three key ends:

  1. If attacker behavior is detected for any endpoint in a network Vectra will import the context from Carbon Black
  2. If, after learning of the attack, a firm would like to dig a little deeper into forensic investigation it can easily pivot directly into Carbon Black – they can isolate or automate the process.
  3. Bring back isolation status into the user interface

For Phantom, Banic illustrated, “think of Phantom as middleware.” The integrations between the two allows for remediation via a bevy of defensive tools available.

Some may think it bold, but per Banic, “There’s nobody out there that can tell me there’s an attacker in my network better than Vectra.” Noting the competition’s flawed approaches as the key reason. Security is more than a firewall and hoping for the best. With sinister actors seeking to disrupt operations at every turn, a comprehensive and data-driven approach will serve you well.

Are you still building bigger walls to protect your network?

Edited by Alicia Young

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers