Real-time cyber-attack detector Vectra Networks has introduced a real-time detection platform for insider and targeted threats, the X-series, which offers a combination of dynamic community threat analysis and real-time detection of cyber-attacks to put an organization's assets at the center of investigations of insider and targeted threats.
The company's real-time breach detection identifies and analyzes anomalous host connectivity, as well as reconnaissance, lateral movement and unusual data acquisition, to provide customers with a single solution to quickly and efficiently identify insider and targeted threat activity.
The platform helps organizations identify potentially threatening individuals and hosts, understand details of any anomalous behavior, and perform triage and prioritization of incident response.
The Vectra X-series is designed for medium-size and large organizations, with current customers ranging from a few hundred to 50,000 employees.
"Vectra detects attacks that evade firewalls, IPSs and malware sandboxes by automating the very complicated job of detecting the behavior of sophisticated threats within the network," Oliver Tavakoli, Vectra Networks' chief technology officer, told eWEEK. "Vectra automates breach detection in real time and provides security operation reports on the progression and context of attacks, thereby allowing them to stop the threat."
The launch also combines behavioral detections of cyber-attacks and malware with dynamic community threat analysis to instantly display the proximity and impact of a suspect host to an organization's assets.
The platform detects and analyzes attacks at every phase of an ongoing attack, regardless of how the attack enters an organization's network and the application, operating system or device involved.
"The vast majority of today's security products are looking for the precursors of an attack, such as a piece of malware used for the initial exploit, but once they've missed the initial exploit, they don't see the attack play out," Tavakoli said. "This is like trying the guess the final score of a football game by watching only the kickoff."
He explained targeted attacks play out over a long period of time and involve several significant plays, and Vectra turns the focus to the inside of the network, which, in a sophisticated attack, is where all of the action of the game takes place.
"Simply put, most security sees only the initial malware—the kickoff—and the command and control callback—the kickoff return—while Vectra watches the game unfold so security operations have a full view of the offensive strategy in order to field an effective defense," Tavakoli said.
The X-series continuously monitors an organization's network and provides automated, intuitive and prioritized reporting so security analysts can address the highest business risks first, rather than sifting through other types of less severe alerts.
The Vectra X-series also combines new context-aware dynamic community threat analysis with its instant detection of indicators of an attack to automatically display an attacker's proximity and impact to assets.
Vectra automatically constructs and displays the communities based on observed behavior and creates a baseline against which anomalies can be detected, which can expose anomalous activity that may be the result of either insider or targeted threats.
"The past year has seen a sharp spike in the number of targeted multiphase attacks," Tavakoli said. "This approach, while once the domain of nation-states and spies, has become standard operating procedure for sophisticated cyber criminals. The headlines show that the low-and-slow approach of patiently infiltrating a network to steal assets works. Everything that we see in the real world indicates that businesses will face more and more of these persistent attacks."