Network Security Redefined. Vectra s cybersecurity thinking machine detects and anticipates attacks in real time

Similar documents
Reinventing Network Security Vectra s cyber-security thinking machine delivers a new experience in network security

Fighting Advanced Threats

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Advanced Threat Protection with Dell SecureWorks Security Services

End-user Security Analytics Strengthens Protection with ArcSight

10 Things Every Web Application Firewall Should Provide Share this ebook

The Hillstone and Trend Micro Joint Solution

IBM QRadar Security Intelligence April 2013

Doris Yang Vectra Networks, Inc. June 16, 2015 The World Ahead

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Getting Ahead of Malware

Extreme Networks Security Analytics G2 Vulnerability Manager

Endpoint Threat Detection without the Pain

ENABLING FAST RESPONSES THREAT MONITORING

IBM Advanced Threat Protection Solution

Cisco Cyber Threat Defense - Visibility and Network Prevention

SPEAR PHISHING UNDERSTANDING THE THREAT

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Cybersecurity and internal audit. August 15, 2014

Teradata and Protegrity High-Value Protection for High-Value Data

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Enterprise Cybersecurity: Building an Effective Defense

Cisco RSA Announcement Update

Under the Hood of the IBM Threat Protection System

Cisco Advanced Malware Protection for Endpoints

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Top five strategies for combating modern threats Is anti-virus dead?

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Cisco Advanced Malware Protection for Endpoints

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Cyber Situational Awareness for Enterprise Security

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

CyberArk Privileged Threat Analytics. Solution Brief

Analyzing HTTP/HTTPS Traffic Logs

Cisco IPS Tuning Overview

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

RSA Security Analytics

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IBM Security QRadar Vulnerability Manager

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Content Security: Protect Your Network with Five Must-Haves

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Incident Response. Six Best Practices for Managing Cyber Breaches.

The Sophos Security Heartbeat:

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

The Business Case for Security Information Management

APPLICATION PROGRAMMING INTERFACE

Unified Security, ATP and more

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Spear Phishing Attacks Why They are Successful and How to Stop Them

IBM Security re-defines enterprise endpoint protection against advanced malware

Defending Against Cyber Attacks with SessionLevel Network Security

Carbon Black and Palo Alto Networks

Security strategies to stay off the Børsen front page

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Cisco Security Intelligence Operations

SIEM is only as good as the data it consumes

Perspectives on Cybersecurity in Healthcare June 2015

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Networking for Caribbean Development

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

Cisco Advanced Malware Protection

Vulnerability Management

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

I D C A N A L Y S T C O N N E C T I O N

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Stay ahead of insiderthreats with predictive,intelligent security

The Symantec Approach to Defeating Advanced Threats

Fight Malware, Malfeasance, and Malingering with F5

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Introducing IBM s Advanced Threat Protection Platform

The webinar will begin shortly

Protect Your Business and Customers from Online Fraud

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Bio-inspired cyber security for your enterprise

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

TRITON APX. Websense TRITON APX

Achieve Deeper Network Security

Transcription:

Network Security Redefined Vectra s cybersecurity thinking machine detects and anticipates attacks in real time

Table of Contents Executive Overview 3 Relying on Prevention is Not Enough 4 Four Reasons to Shift Your Security Mindset 4 Security that Listens, Thinks, Remembers and Anticipates 5 Security that thinks. 7 2

Executive Overview All organizations have infected hosts inside their networks. Prevention-centric security solutions deployed at the network perimeter provide one imperfect chance to stop an attack. Once attackers gain a foothold inside the network, they are free to begin their exploitation and perimeter defenses are blind. Today, the top priority for security professionals is to implement automated real-time detection and reporting capabilities that provide multiple opportunities to stop an attack. Security technologies must continuously listen, think, remember and automatically analyze data to anticipate the attacker s next move. The Vectra X-series platform is the first to bring that level of intelligence and automation, instantly identifying a cyberattack as it is happening as well as what the attacker is doing. With patent-pending technology, the Vectra platform learns the typical network traffic patterns and behaviors, and it remembers and correlates anomalous behaviors seen over hours, days and weeks. The Vectra platform automatically prioritizes attacks that pose the greatest risk, enabling organizations to quickly focus their time and resources. Read this white paper to learn how Vectra empowers IT and security analysts with insights to stop attacks, even while they re happening. Cyberattacks are a fact of life for organizations of every size and across every industry. A glance at the news each day reveals yet another massive theft of credit card numbers or other personally identifiable information or an exposé into the shadowy world of cybercriminals. They have sophisticated business models, with some specialists spreading infections, others operating botnets and the sales force selling stolen data. Once attackers take over an organization s hosts, they are effectively selling a cloud services platform to the highest bidder at that organization s expense. Concerns about cyberattacks are starting to have measurable negative business implications in some areas, according to a report from World Economic Forum and McKinsey & Company. 1 The research notes that 80 percent of organizations said that attackers capabilities were improving faster than their ability to defend against them, and escalating security concerns could slow the progress of cloud computing and mobility. The damage to a company s brand or loss of an organization s intellectual property or trade secrets can have a devastating impact. Yet stealing payment-card information or intellectual property is practically petty theft compared to the stakes of cyber-espionage and cyber-warfare. Relying on Prevention is Not Enough The effectiveness of preventing advanced attacks and malware from entering the network in the first place has eroded rather dramatically over the past three years. Historically, the best practice was a layered defense with prevention-centric products such as firewalls, intrusion prevention systems (IPS), web security proxies, payload analysis tools and antivirus software. 1. Risk and Responsibility in a Hyperconnected World, World Economic Forum in collaboration with McKinsey & Company, January 2014, http://www3.weforum.org/docs/wef_riskresponsibility_ HyperconnectedWorld_ Report_2014.pdf 2. Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence, by Neil MacDonald, Gartner, 30 May 2013, ID G00252476, http://www.gartner.com/document/2500416 3. Designing an Adaptive Security Architecture for Protection From Advanced Attacks, by Neil MacDonald and Peter Firstbrook, 12 February 2014, ID G00259490, https://www.gartner.com/doc/2665515/designingadaptive-security-architecture-protection 4. 4 Five Styles of Advanced Threat Defense, by Lawrence Orans and Jeremy D Hoinne, Gartner, 20 August 2013, ID G00253559 3

The threat of advanced targeted attacks, also known as advanced persistent threats, or APTs, has spawned a wave of innovation in the security market. Gartner 4 and data extend far beyond an organization s highly secure data center. Workers laptops and mobile devices may get infected at a coffee shop, and that infection will be carried right in through the company s front door. Add bring-your-owndevice (BYOD) into the mix, and companies cannot effectively set and enforce guidelines regarding the security software that should be on the device. Prevention is futile in 2020. Advanced targeted attacks make prevention-centric strategies obsolete, declared Gartner in 2013. 2 What has happened since the report was published has only heightened the issue. Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks, Gartner writes in a 2014 report. 3 Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities. Gartner recommends that information security architects shift your mindset from incident response to continuous response, wherein systems are assumed to be compromised and require continuous monitor and remediation. Once an attacker has gained a foothold inside the network, they are free to begin their job. The perimeter defenses are blind to any further activities. Four Reasons to Shift Your Security Mindset 1. Organizations are increasingly connected, extending their network s perimeter and making it porous. The explosion of mobile workers and the shift to cloud services means that corporate applications The infections on all these devices can spread when they connect to the corporate network, ultimately exposing other applications, databases and users to threats that can further the goals of an attack. 2. Advanced threats are defeating current security controls and attempts to add more controls are failing. Organizations must defend against both highvolume, opportunistic threats and less-prevalent targeted attacks. The most worrisome threats are stealthy and persistent, often unfolding in stages over days, weeks or even months. Attackers remotely direct the initial compromise, spreading laterally and shapeshifting to achieve their end goal. 3. Each prevention-centric product has only one imperfect chance to identify a threat before its slips past the perimeter into the network. A firewall or IPS watches individual communication sessions between devices and tries to spot an attack in the traffic based on having seen such an attack before or by assessing an outside system s reputation. But malware and the places it communicates to mutate rapidly to evade these defenses. More attackers use encryption and other means of obfuscation, often making it impossible for preventive products to create a signature which describes the attack pattern and no patterns are available for zero-day attacks. Once an attacker has gained a foothold inside the network, they are free to begin their exploitation. The perimeter defenses are blind to any further activities. 4

4. A security strategy based on prevention continues to drain IT resources. Most IT departments have limited resources to support the growing needs of the business. An experienced security analyst or consultant may need weeks to properly tune a firewall or IPS so that it is operationally effective. Isolating a newly discovered suspected threat can mean a very long day of sifting through innumerable alerts. Network security has always been a complex affair, but now it is so convoluted that big-data analytics companies are getting into the security business. And there simply aren t enough highly skilled (and highly compensated) security analysts to meet the demand. A fresh approach is needed. Vectra is advancing network security to enable organizations to fully embrace mobility and cloud services and to connect confidently with partners and customers without security getting in the way of doing business. Security that Listens, Thinks, Remembers and Anticipates Vectra is a cybersecurity thinking machine a brain within your network. Vectra continuously listens, thinks, remembers and anticipates the next move of an attack in real time. Vectra provides real-time insight into Providing multiple opportunities to stop the attack makes Vectra the perfect complement to existing prevention-centric security. advanced persistent attacks through a combination of security research, data science and machine learning. This insight is fully automated with clear, intuitive reports so organizations can take immediate decisive action to stop an attack or mitigate its impact. Real-time insights into advanced persistent attacks. Machine learning and data science enable Vectra to detect advanced persistent attacks at multiple stages and across the entire attack lifecyle (see Figure 1). Providing multiple opportunities to stop the attack makes Vectra the perfect complement to existing prevention-centric security. Disrupting an in-progress attack at any point can prevent or significantly mitigate potential losses. A device may be compromised by an opportunistic attack or a targeted attack. Once the device has been compromised, the attacker can establish a base camp in the network. The compromised device may perform reconnaissance to determine where it is and what it might exploit. The attack may move laterally, looking Figure 1: Vectra gives security analysts an unfair advantage over cyberattacks. Prevention-centric security provides imperfect detection of the initial compromise. Vectra provides visibility into every stage of an ongoing attack from customized command and control to exfiltration of stolen information. 5

for internal servers with high-value data or probing web servers to find application vulnerabilities. As devices are exploited, Vectra identifies the signs of automated forms of monetization sending spam, advertising click fraud, mining bitcoins or an outbound denial-of-service attack behavior that uses one organization s devices to attack another s or Internet services. If attackers successfully acquire high-value data, they need to get it out of the organization. Exfiltration is typically done through a series of benign intermediaries before it reaches its final destination. The data might, for example, be sent to a previously compromised server at a hosting provider, and then later retrieved by the attacker. Vectra will look for the exfiltration, rather than focusing on where the data is being sent as it leaves the company s network. Watches, learns and remembers behaviors over time. Vectra is always listening, rather than periodically scanning. That means it knows when an attack starts, changes or subsides. And because it s deployed inside the network perimeter, Vectra can listen to users traffic to and from both the Internet and the data center to identify anomalous behavior. Vectra identifies attacks on all operating systems, applications, devices and browsers. Vectra learns the traffic patterns and behaviors that are typical to a network, and it remembers and correlates anomalous behaviors it has seen hours, days or even weeks before. A laptop that s sending emails is unremarkable, but if the email volume spikes suddenly or if the laptop begins mapping out the inside of the network, it may indicate a broader problem. Detections that matter. Vectra s innovative Threat Certainty Index automatically displays the more significant threats in real time, based on contextual scoring (see Figure 2). As Vectra listens, learns and remembers, it may see a particular behavior repeat over time. Vectra distills the most important of these behaviors and analyzes them over days, weeks or even months. With a longer-term memory than current-generation real-time products, Vectra can put an attack into context and better assess the risk for the organization. Administrators don t need to rummage through gigabytes of log files or wrestle with big-data analytic tools to determine if a threat is real. Figure 2: Vectra s Threat Certainty Index prioritizes hosts with the greatest security risk and reports contextual information about the threat. 6

Figure 3: Administrators can drill into details, such as the threats detected on a particular device. Intuitive, adaptive reporting. With a real-time view of the most important threats, security managers can use Vectra s Threat Certainty Index to prioritize their remediation and mitigation efforts. That makes it easy for IT to prioritize stopping a laptop an attacker is using to exfiltrate intellectual property over cleaning an infected machine being used for advertising click fraud. Vectra s visual clarity comes without compromise. Security administrators can drill down into the threat details, including packet captures that enabled identification of the behavior (see Figure 3). Vectra s reporting can document the progression of a threat over time. Vectra is operationally effective. Vectra does all the hard work of security and is designed to relieve the burden of real-time security monitoring from the operations team. Administrators don t need to perform a detailed, time-consuming configuration or spend weeks tuning the platform. When the Vectra platform is plugged into the network, it automatically learns what it needs to know and establishes a baseline behavior of the devices connected to the network. Vectra updates automatically via a cloud service so protection is always up-to-date. Security that thinks. It s time for security to get smarter. Attackers are already in your network, looking for an opportunity to steal high-value data or further their goals. Vectra s cybersecurity thinking machine does the hard work by recognizing an attack amid the normal chatter in your network and anticipating the next move in real time so the attack can be stopped. Email: info@vectranetworks.com Tel: 1 408-326-2020 www.vectranetworks.com 2015 Vectra Networks, Inc. All rights reserved. Vectra is a registered trademark and the Vectra logo, Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information