Review: Vectra X-Series Prevents Data Breaches with AI

Frank Ohlhorst details how data breaches happen and what Vectra’s X-Series security appliances can do to detect and prevent them.

 By Frank Ohlhorst
Page 1 of 2
Print Article

Insider threats and targeted attacks are on the rise and becoming harder and harder to detect, especially with enterprises that experience difficulties recruiting and retaining seasoned IT security staff. And if recent intrusions, attacks and data breaches at organizations as large as Target, Home Depot, and Sony have taught us anything, it is that both security technology and personnel are coming up short in identifying and remediating threats.

Enter Vectra Networks, a San Jose, CA-based startup that came out of stealth mode earlier this year. Vectra’s X-Series security appliances combine advanced security analytics with machine learning to identify data security threats in real time.

To truly appreciate the technology that Vectra has developed, one has to first understand how attacks and intrusions happen on today’s networks. While it would take a thick tome to explain the attack process fully, the basics amount to a few critical steps. These are the most commonly used by hackers and data thieves today.

  • Initial Exploit: Often defined as the first attempt to break in to a network, the initial exploit is an attacker’s first attempt to leverage a weakness in a given entry point. The initial exploit is usually predicated by a software implementation flaw on a not-completely-patched system. Internal attackers may not need to leverage this type of attack vector, but initial exploits are common in attacks that begin outside the network perimeter.
  • Internal Recon: Once through the network perimeter protection schemes, attackers start a process called reconnaissance. During this stage, they can employ a number of techniques to discover the assets on the network. Internal recon delivers information on systems, applications and so forth, helping attackers build a sense of the network landscape.
  • Lateral Movement: Here, the attack spreads across internal network resources, using a variety of automated and manual techniques to attack the identified assets and attempt to infiltrate those systems.
  • Data Acquisition: After infiltrating internal systems, techniques are used to gather data deemed desirable. That data could be intellectual property, customer information, or anything else of tangible value.
  • Data Exfiltration: Here, the data that has been identified and collected is then processed in such a fashion to deliver it to an external resource using techniques that hide the activity, such as tunnels hidden in regular HTTP traffic that deliver data files to external storage services.

Obviously, much more activity and many additional subtasks can be incorporated into an intentional data breach, but the process almost always involves the basics of infiltrate, reconnoiter, identify, acquire and exflitrate.

While one may assume that it should be easy to uncover any of the abovementioned actions, the ease or difficulty of the task comes down to how those actions are hidden within the typical noise of network traffic and how each action is separated by time, method and activity. In practice, these variables often make it incredibly challenging to identify an attack in progress and proactively defend against it.

Here’s where Vectra Network’s automated threat detection comes onto the scene. It defends against hacks and prevents data breaches by intelligently correlating seemingly unrelated events into actionable notifications, helping security analysts battle insider and outsider threats, botnets and much more.

On page 2: How Vectra’s X-Series security appliances can prevent data breaches

Header photo courtesy of Shutterstock. All other images provided by the author.

This article was originally published on Dec 9, 2014
Get the Latest Scoop with Networking Update Newsletter