1 White Paper Reinventing Network Security Executive Overview Organizations are under constant attack from high-volume opportunistic threats and the less-frequent, but highly targeted attacks. Damage ranges from a nuisance to operational disruption to the theft of high-value information. For decades, prevention-centric security has been the answer, but its efficacy has fizzled in the face of more advanced attacks. The reality is that adversaries are already inside most organizations networks, and security operations teams are often blind to these incursions. Vectra s platform delivers real-time detections of advanced cyberattacks by continuously monitoring the network. Vectra reports real-time insights into each stage of a cyber attack, providing multiple opportunities to prevent or mitigate loss, with next-to-zero operational cost. Vectra achieves this differentiation by leveraging inflection points in data analytics, machine learning and next-generation computing technology. The platform can detect attacks on any operating system, application, device and browser. Read this whitepaper to learn how Vectra s cyber-security thinking machine continuously listens, thinks, remembers and anticipates the next move of an attack in real time, giving IT the insight to stop attacks, even while they are happening.
2 The threat of Cyberattacks are a fact of life for organizations advanced targeted of every size and across every industry. A glance at the news each day reveals yet attacks, also known another massive theft of credit card numbers as advanced or other personally identifiable information persistent threats, or an exposé into the shadowy world of cybercriminals. They have sophisticated or APTs, has business models, with some specialists spawned a wave spreading infections, others operating botnets of innovation in the and the sales force selling stolen data. Once attackers take over an organization s security market. hosts, they are effectively selling a cloud Gartner 4 services platform to the highest bidder at that organization s expense. Concerns about cyberattacks are starting to have measurable negative business implications in some areas, according to a report from World Economic Forum and McKinsey & Company. 1 The research notes that 80 percent of organizations said that attackers capabilities were improving faster than their ability to defend against them, and escalating security concerns could slow the progress of cloud computing and mobility. The damage to a company s brand or loss of an organization s intellectual property or trade secrets can have a devastating impact. Yet stealing payment-card information or intellectual property is practically petty theft compared to the stakes of cyber-espionage and cyber-warfare. Relying on Prevention is Not Enough The effectiveness of preventing advanced attacks and malware from entering the network in the first place has eroded rather dramatically over the past three years. Historically, the best practice was a layered defense with prevention-centric products such as firewalls, intrusion prevention systems (IPS), web security proxies, payload analysis tools and antivirus software. Prevention is futile in Advanced targeted attacks make prevention-centric strategies obsolete, declared Gartner in What has happened since the report was published has only heightened the issue. Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks, Gartner writes in a 2014 report. 3 Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities. Gartner recommends that information security architects shift your mindset from incident response to continuous response, wherein systems are assumed to be compromised and require continuous monitor and remediation. 1 Risk and Responsibility in a Hyperconnected World, World Economic Forum in collaboration with McKinsey & Company, January 2014, 2 Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence, by Neil Mac- Donald, Gartner, 30 May 2013, ID G , 3 Designing an Adaptive Security Architecture for Protection From Advanced Attacks, by Neil MacDonald and Peter Firstbrook, 12 February 2014, ID G , https://www.gartner.com/doc/ /designing-adaptive-securityarchitecture-protection 4 Five Styles of Advanced Threat Defense, by Lawrence Orans and Jeremy D Hoinne, Gartner, 20 August 2013, ID G
3 Four reasons to shift your security mindset 1. Organizations are increasingly connected, extending their network s perimeter and making it porous. The explosion of mobile workers and the shift to cloud services means that corporate applications and data extend far beyond an organization s highly secure data center. Workers laptops and mobile devices may get infected at a coffee shop, and that infection will be carried right in through the company s front door. Add bring-your-owndevice (BYOD) into the mix, and companies cannot effectively set and enforce guidelines regarding the security software that should be on the device. The infections on all these devices can spread when they connect to the corporate network, ultimately exposing other applications, databases and users to threats that can further the goals of an attack. 2. Advanced threats are defeating current security controls and attempts to add more control are failing. Organizations must defend against both high-volume, opportunistic threats and less-prevalent targeted attacks. The most worrisome threats are stealthy and persistent, often unfolding in stages over days, weeks or even months. Attackers remotely direct the initial compromise, spreading laterally and shape-shifting to achieve their end game. 3. Each prevention-centric product has only one chance to identify a threat before its slips past the perimeter into the network. A firewall or IPS watches individual communication sessions between devices and tries to spot an attack in the traffic based on having seen such an attack before or by assessing an outside system s reputation. But malware and the places it communicates to mutate rapidly to evade these defenses. More attackers use encryption and other means of obfuscation, often making it impossible for preventive products to create a signature which describes the attack pattern and no patterns are available for zero-day attacks. Once the attack has gained a foothold inside the network, it is free to begin its job. The perimeter defenses are blind to any further activities. 4. A security strategy based on prevention continues to drain IT resources. Most IT departments have the limited resources to support the growing needs of the business. An experienced security analyst or consultant may need weeks to properly tune a firewall or IPS so that it is operationally effective. Isolating a newly discovered suspected threat can mean a very long day of sifting through innumerable alerts. Network security has always been a complex affair, but now it is so convoluted that big-data analytics companies are getting into the security business. And there simply aren t enough highly skilled (and highly compensated) security analysts to meet the demand. A fresh approach is needed. Vectra is advancing network security to enable organizations to fully embrace mobility and cloud services and to connect confidently with partners and customers without security getting in the way of doing business.
4 Security that Listens, Thinks, Remembers and Anticipates Vectra is a cyber-security thinking machine a brain within your network. Vectra continuously listens, thinks, remembers and anticipates the next move of an attack in real time. Vectra provides real-time insight into advanced persistent attacks through a combination of security research, data science and machine learning. This insight is fully automated with clear, intuitive reports so organizations can take immediate decisive action to stop an impact or mitigate its impact. Real-time insights into advanced persistent attacks. Machine learning and data science enable Vectra to detect advanced persistent attacks at multiple stages and across the entire attack lifecyle (see Figure 1). Providing multiple opportunities to stop the attack makes Vectra the perfect complement to existing prevention-centric security. Disrupting an in-progress attack at any point can prevent or significantly mitigate potential losses. A device may be compromised by an opportunistic attack or a targeted attack. Once the device has been compromised, the attacker can establish a base camp in the network. The compromised device may perform reconnaissance to determine where it is and what it might exploit. The attack may move laterally, looking for internal servers with high-value data or probing web servers to find application vulnerabilities. As devices are exploited, Vectra identifies the signs of automated forms of monetization sending spam, advertising click fraud, mining bitcoins or an outbound denial-of-service attack behavior that uses one organization s devices to attack another s or Internet services. If attackers successfully acquire highvalue data, they need to get it out of the organization. Exfiltration is typically done through a series of benign intermediaries before it reaches its final destination. The data might, for example, be sent to a previously compromised server at a hosting provider, and then later retrieved by the attacker. Vectra will look for the exfiltration, rather than focusing on where the data is being sent as it leaves the company s network. Standard C&C Initial Compromise Monetization Custom C&C Custom C&C Internal Recon Acquire Data Figure 1: Vectra gives security administrators an unfair advantage over cyberattacks. Vectra has visibility into every attack stage, from the initial infection to the exfiltration of the stolen information. Disrupting an attack at any point can prevent or significantly reduce potential losses.
5 Watches, learns and remembers behaviors over time. Vectra is always listening, rather than periodically scanning. That means it knows when an attack starts, changes or subsides. And because it s deployed inside the network perimeter, Vectra can listen to users traffic to and from both the Internet and the data center to identify anomalous behavior. Vectra identifies attacks on all operating systems, applications, devices and browsers. Vectra learns the traffic patterns and behaviors that are typical to a network, and it remembers and correlates anomalous behaviors that it has seen hours, days or even weeks before. A laptop that s sending s is unremarkable, but if the volume spikes suddenly or if the laptop begins mapping out the inside of the network, it may indicate a broader problem. Detections that matter. Vectra s innovative Threat-Certainty Index automatically displays the more significant threats in real time, based on contextual scoring (see Figure 2). As Vectra listens, learns and remembers, it may see a particular behavior repeat over time. Vectra distills the most important of these behaviors and analyzes them over days, weeks or even months. With a longerterm memory than current-generation realtime products, Vectra can put an attack into context and better assess the risk for the organization. Administrators don t need to rummage through gigabytes of log files or wrestle with big-data analytic tools to determine if a threat is real. Figure 2: Administrators can see the most important threats in their network at a glance with Vectra s innovative Threat-Certainty Index.
6 Vectra is a cybersecurity thinking machine. Vectra continuously listens, thinks, remembers and anticipates the next move of an attack in real time. Figure 3: Administrators can drill into details, such as the threats detected on a particular device. Intuitive, adaptive reporting. With a realtime view of the most important threats, security managers can use the Vectra Threat- Certainty Index to prioritize their remediation and mitigation efforts. That makes it easy for IT to prioritize stopping a laptop an attacker is using to exfiltrate intellectual property over cleaning an infected machine being used for advertising click fraud. Vectra s visual clarity comes without compromise. Security administrators can drill down into the threat details, including packet captures that enabled identification of the behavior (see Figure 3). Vectra s reporting can document the progression of a threat over time. Vectra is operationally effective. Vectra does all the hard work of security and is designed to relieve the burden of real-time security monitoring from the operations team. Administrators don t need to perform a detailed, time-consuming configuration or spend weeks tuning the platform. When the Vectra platform is plugged into the network, it automatically learns what it needs to know and establishes a baseline behavior of the devices connected to the network. Vectra updates automatically via a cloud service so protection is always up-to-date. Security that Thinks It s time for security to get smarter. Attackers are already in your network, looking for an opportunity to steal high-value data or further their goals. Vectra s cyber-security thinking machine does the hard work by recognizing an attack amid the normal chatter in your network and anticipating the next move in real time so the attack can be stopped. See how Vectra works at
1 Cisco: Addressing the Full Attack Continuum A New Security Model for Before, During, and After an Attack 2 3 9 12 Issue 1 Welcome Addressing the Full Attack Continuum: A New Security Model for Before,
The Custom Defense Against Targeted Attacks A Trend Micro White Paper Contents Executive Summary...3 The Anatomy of a Targeted Attack...4 The Reality and Costs of Targeted Attacks...5 Strategic Choices
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
Continuous Endpoint Threat Detection and Response in a Point-in-Time World A New Model to Protect the Endpoint Sourcefire is not a newcomer to security innovation nor have we been sitting idly by while
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
CYBERSECURITY A Resource Guide for BANK EXECUTIVES Executive Leadership of Cybersecurity CEO LETTER I am proud to present to you the CSBS Executive Leadership of Cybersecurity Resource Guide. The number
Cisco 2014 Annual Security Report 2 Cisco 2014 Annual Security Report Executive Summary The Trust Problem The exploitation of trust is a common mode of operation for online attackers and other malicious
A Trend Micro Research Paper Suggestions to Help Companies with the Fight Against Targeted Attacks Jim Gogolinski Forward-Looking Threat Research Team Contents Introduction...3 Targeted Attacks...4 Defining
Network World and Robin Layland present The 2013 Next Generation Firewall Challenge Next Generation Firewalls provide the needed protection against Advance Evasion Techniques 2013 The 2013 Next Generation
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
WHITE PAPER Shifting Risks and IT Complexities Create Demands for New Enterprise Security Strategies Sponsored by: Booz Allen Hamilton Christina Richmond February 2014 Michael Versace IDC OPINION The Challenge
G00224682 Best Practices for Mitigating Advanced Persistent Threats Published: 18 January 2012 Analyst(s): Lawrence Pingree, Neil MacDonald Many security practitioners see the term "advanced persistent
White Paper Secure Network Access for Personal Mobile Devices What You Will Learn People around the globe are enamored with their smartphones and tablet computers, and they feel strongly that they should
White paper The future of Service Desks - vision Service Desks require strategic consideration and innovation to raise user productivity and to support business goals. Fujitsu has the experience and feedback
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Cyber Security Intel Corporation U.S. Executive Order 13636 and Critical Security Capabilities to Consider White Paper Authors Amit Agrawal (Security Strategist, Intel) Jack Lawson (Director - Security,
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n G o v e r n a n c e a n d I n t e r n a l C o n t r o l C O S O I N T H E C Y B E R A G
2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
Global Cyber Executive Briefing Lessons from the front lines Read more Global Cyber Sectors Executive Briefing Lessons from the front lines In a world increasingly driven by digital technologies and information,
Nine Essential Requirements for Web Security Enabling safe, productive access to social media and other web applications Table of Contents Executive Summary...3 Introduction...4 Web Security Concerns....4
Whitepaper Addressing the Threat Within: Rethinking Network Security Deployment Introduction Cyber security breaches are happening at an industrial scale. The unabated volume of cyber breaches along with
TELSTRA CYBER SECURITY REPORT 2014 Security insights, trends and impact to Australian organisations EXECUTIVE SUMMARY The internet presents a world of social connectivity, economic growth and endless opportunities
BIG DATA FUELS INTELLIGENCE-DRIVEN SECURITY Rapid growth in security information creates new capabilities to defend against the unknown Authors Sam Curry, Chief Technology Officer, Identity and Data Protection
Targeted Attacks 8-Step Plan To Safeguard Your Organization Plus 8 Case Studies 1 Targeted Attacks U.S. companies lose about $250 billion per year through intellectual property theft, with another $114