sb-au logo
Story image

Vectra expands NDR capabilities across all network environments

20 Nov 2020

Network threat detection and response company Vectra is bringing fresh new capabilities to threat detection and cybersecurity, with the expansion of cloud services that can monitor threats across cloud, hybrid, and on-premise networks.

Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks.

The company points to the rise in remote working and the influx of devices connected to the internet of things (IoT) as areas in which traditional network security solutions can often be blind to attacker activities. 

The company states that targeted credential-based attacks are so powerful that they render some prevention processes useless - particularly email security, multifactor authentication (MFA), cloud access security brokers (CASBs). This is because malicious account-based attacks look like legitimate user actions.

Vectra Asia Pacific and Japan director of security engineering, Chris Fisher, adds, “ Attackers are moving and expanding their attack surface and getting more effective.”

“Private and trusted networks cannot be protected by legacy network security focused on signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has redefined the network and user identity has become the new perimeter.”

He adds that it’s no longer useful to build higher walls to keep attackers at bay - especially if organisations are trying to slow down experienced attackers, or if they’re trying to speed up detection.

“With more people working remotely, a wider attack surface of home and private networks is being created that traditional security policies and approaches are not designed to protect. A more robust response is needed.”

Vectra created its NDR solution to provide an analysis of how people access, use, and configure cloud services. It does this through logs from software as a service (SaaS) applications, and account usage from identity providers like Microsoft Azure AD.

“Our learning behavioural models stitch together hosts and on-premise and cloud identities to stop attacks earlier in the kill chain,” continues Fisher.

This, Vectra says, can help to reduce the overall risk of a breach.

Last month Vectra also published its 2020 Spotlight Report on Microsoft Office 365 report, which analysed more than four million Microsoft Office 365 accounts for signs of potential security issues.

The report found that the accounts are prone to suspicious behaviour such as lateral movement, command and control communication, exfiltration, and reconnaissance.

“In Office 365, threats traverse the attack lifecycle with no endpoint or network activity taking place and evade traditional network and endpoint detection,” the report notes.

Common attack methods include:

  • Searching through emails, chat histories, and files looking for passwords or interesting data.
  • Setting up forwarding rules to get access to a steady stream of email without needing to sign-in again.
  • Leveraging the trusted communication channel – the email isn’t spoofing an email from the CEO; it is an email from the CEO – to socially engineer
  • employees, customers or partners.
  • Planting malware or malicious links in documents that many people trust and use, again leveraging trust to get around prevention controls that may
  • trigger warnings.
  • Stealing or holding files and data for ransom.