Review: Vectra X-Series Prevents Data Breaches with AI
Frank Ohlhorst details how data breaches happen and what Vectra’s X-Series security appliances can do to detect and prevent them.
Insider threats and targeted attacks are on the rise and becoming harder and harder to detect, especially with enterprises that experience difficulties recruiting and retaining seasoned IT security staff. And if recent intrusions, attacks and data breaches at organizations as large as Target, Home Depot, and Sony have taught us anything, it is that both security technology and personnel are coming up short in identifying and remediating threats.
Enter Vectra Networks, a San Jose, CA-based startup that came out of stealth mode earlier this year. Vectra’s X-Series security appliances combine advanced security analytics with machine learning to identify data security threats in real time.
To truly appreciate the technology that Vectra has developed, one has to first understand how attacks and intrusions happen on today’s networks. While it would take a thick tome to explain the attack process fully, the basics amount to a few critical steps. These are the most commonly used by hackers and data thieves today.
- Initial Exploit: Often defined as the first attempt to break in to a network, the initial exploit is an attacker’s first attempt to leverage a weakness in a given entry point. The initial exploit is usually predicated by a software implementation flaw on a not-completely-patched system. Internal attackers may not need to leverage this type of attack vector, but initial exploits are common in attacks that begin outside the network perimeter.
- Internal Recon: Once through the network perimeter protection schemes, attackers start a process called reconnaissance. During this stage, they can employ a number of techniques to discover the assets on the network. Internal recon delivers information on systems, applications and so forth, helping attackers build a sense of the network landscape.
- Lateral Movement: Here, the attack spreads across internal network resources, using a variety of automated and manual techniques to attack the identified assets and attempt to infiltrate those systems.
- Data Acquisition: After infiltrating internal systems, techniques are used to gather data deemed desirable. That data could be intellectual property, customer information, or anything else of tangible value.
- Data Exfiltration: Here, the data that has been identified and collected is then processed in such a fashion to deliver it to an external resource using techniques that hide the activity, such as tunnels hidden in regular HTTP traffic that deliver data files to external storage services.
Obviously, much more activity and many additional subtasks can be incorporated into an intentional data breach, but the process almost always involves the basics of infiltrate, reconnoiter, identify, acquire and exflitrate.
While one may assume that it should be easy to uncover any of the abovementioned actions, the ease or difficulty of the task comes down to how those actions are hidden within the typical noise of network traffic and how each action is separated by time, method and activity. In practice, these variables often make it incredibly challenging to identify an attack in progress and proactively defend against it.
Here’s where Vectra Network’s automated threat detection comes onto the scene. It defends against hacks and prevents data breaches by intelligently correlating seemingly unrelated events into actionable notifications, helping security analysts battle insider and outsider threats, botnets and much more.
On page 2: How Vectra’s X-Series security appliances can prevent data breaches
Header photo courtesy of Shutterstock. All other images provided by the author.
Frank is an award-winning technology journalist, professional speaker and IT business consultant with over 25 years of experience in the technology arena. He has written for several leading technology publications, including ComputerWorld, TechTarget, PCWorld, ExtremeTech, Tom's Hardware and business publications, including Entrepreneur, Forbes and BNET. Ohlhorst was also the Executive Technology Editor for Ziff Davis Enterprise's eWeek and formerly the director of the CRN Test Center.