Vectra Networks has released an updated real-time detection platform - X-series platform - aimed for insider and targeted threats detection. The updated X-series enables enterprises to identify potentially threatening individuals and hosts, understand details of any anomalous behavior, and perform quick triage and prioritization of incident response to best protect their most important assets.
Vectra, the leader in real-time detection of in-progress cyber attacks, said that the platform also uniquely combines behavioral detections of cyber-attacks and malware with dynamic community threat analysis to instantly display the proximity and impact of a suspect host to an organization’s high-value assets.
Vectra noted that perimeter security is unable to detect insider threats since an insider already has access and doesn’t need to communicate externally for command and control or exfiltration. In addition, insiders may have credentials that allow them to access high-value assets, and may be able to exfiltrate data undetected by carrying it out the door.
The security company added that the current methods of detecting insider and targeted threats such as log monitoring and data leak prevention require manual operation, are often used after a breach has been reported, and require correlation of abnormalities across multiple products. Vectra Networks’ real-time breach detection identifies and analyzes anomalous host connectivity, as well as reconnaissance, lateral movement and unusual data acquisition to provide customers with a single solution to quickly and efficiently identify insider and targeted threat activity.
Rob Caputo, Principal at CS Technology
At CS Technology, our client base includes some of the largest companies in the world, and we have a contractual responsibility to safeguard their data from both external and internal threats. Vectra has identified threats that our other ‘industry standard’ tools miss or won’t discover until the next update. We’ve been testing a few of the Vectra insider threat features and find that they provide greater insight and enable us to rapidly identify and prioritize the potential impact of a single security event. We see increased use of Vectra in other areas of our environment and greater integration with our IT service management tools.
Oliver Tavakoli, CTO of Vectra Networks
Today’s solutions for detecting insider attacks either involve collecting large volumes of data to look for specific attack patterns or searching for anomalies in previously established models of individual user behavior. Vectra’s approach of building behavioral models around host and community behaviors in real-time does away with large-scale data collection and limits false positives. Now IT teams can instantly see the attacks on their networks and their progression, and can quickly mitigate the most immediate and significant threats.
