SAN JOSE, Calif., Nov. 29, 2017 /PRNewswire/ -- Vectra, the leader in automating the hunt for in-progress cyberattacks, today announced the ability for its customers to integrate threat intelligence and indicator-of-compromise (IoC) feeds into its Cognito platform to further improve their threat detection coverage. In addition, the Cognito platform adds new detections for attacker reconnaissance of Active Directory involving LDAP and Kerberos protocols, and limited-time sharing links to simplify the sharing of critical information during a threat investigation.
Growing demand to automate threat hunting and the company's recent advances spurred a 294 percent increase in 3Q2017 revenue compared to the same quarter last year, for a second consecutive quarter of triple-digit revenue growth.
Cognito adds detections based on the threat intelligence and IoCs
The Cognito platform from Vectra further automates threat hunting by enabling customers to import importing local and industry-specific indicators of compromise (IoCs) consisting of malicious IP addresses, domains, URLs or user agents expressed in Structured Threat Information eXpression (STIX) Version 1.2 files.
Detections based on IoCs include a packet capture (PCAP), and are correlated with all other Cognito attacker behavior detections to provide rich context and are scored based on risk to prioritize the response. The Cognito API automates the upload of STIX files, such as the threat intelligence feeds of the Financial Services Information Sharing and Analysis Center (FS-ISAC), and each file is assigned a relevant attack phase category – command and control, reconnaissance, lateral movement or exfiltration.
"This integration will further improve the workload of our security operations team," said Beau Canada, VP of Information Security at Ticketmaster. "AI automates the hunt for unknown threats and IoCs enable detection for known threats. Automated real-time correlation, scoring and prioritization of both types of threats with PCAPs will improve the efficiency and effectiveness of security operations."
"Many enterprise organizations are building internal programs and processes for threat intelligence consumption, analysis and operationalization, and this trend will likely continue," said Jon Oltsik, principal analyst at Enterprise Strategy Group (ESG). "According to ESG research, 27 percent of cybersecurity professionals working at enterprise organizations say that spending on their organizations' threat intelligence programs will increase significantly over the next 12 to 18 months, while another 45 percent say that threat intelligence spending will increase somewhat during this timeframe."
"Customers use Cognito to automate manual threat hunting, triage and correlation so they can respond to threats in real time," said Kevin Kennedy, vice president of product management at Vectra. "By enabling them to integrate threat intelligence and IoC feeds into Cognito, we are putting even more context at the security analyst's fingertips and enabling them to focus on the critical role of confirming and responding to cyberattacks before data is stolen."
Cognito adds Active Directory reconnaissance detections
Reconnaissance of an enterprise's Active Directory (AD) infrastructure is a critical part of an advanced attacker's tool kit to identify accounts with administrative privilege, which enables them to access systems with sensitive data. Vectra has added new detection algorithms to its Cognito platform to detect these attacker behaviors through the LDAP and Kerberos protocols.
Suspicious LDAP Query – Through carefully chosen LDAP queries of the AD server, an attacker can discover group membership, directory structure, and privileged accounts and groups. This information enables attackers to determine which credentials they need to obtain to move deeper into a network and gain access to restricted areas. The Suspicious LDAP Query detection algorithm tracks LDAP communication and identifies rare LDAP queries that have a higher likelihood of being associated with an attack and are unusual in the local environment.
Kerberos Brute Force – Though blunt and inelegant, brute-force and dictionary attacks can be called upon to gain unauthorized access to systems that perform authentication either locally or via the Kerberos protocol. This algorithm monitors all Kerberos authentication events on a network, learns the typical volumes for each account and triggers when activity consistent with a brute-force attempt occurs. To optimize context for the security team, the detection includes the volume, client, account and domain controller involved in the authentication attempt.
These new detections provide early indications of existing administrative credential abuse and administrative protocol abuse lateral-movement detections. A combination of detecting these new reconnaissance and existing lateral movement behaviors by Cognito results in a critical-risk score, which drives a higher priority incident verification and response.
Limited-time sharing links simplifies security collaboration
Cognito introduces the ability to create limited-time sharing links to specific host and detection pages. This enables the security team to quickly and easily engage IT team members who don't have an account on Cognito to reduce the time to confirm and respond to an active cyberattack. Simplifying the sharing of information with other IT functions ensures security operations teams gain clarity on the observed behavior, faster understanding by all people involved in a threat investigation, and shorter time to resolution.
General availability
Cognito Version 3.11 is currently available and includes all the capabilities in this news release: threat intelligence integration, the Suspicious LDAP Query and Kerberos Brute Force detections, and limited-time sharing links.
Additional Information
For more information about this announcement, visit the Vectra business and technology webpage.
About Vectra
Vectra® is transforming cybersecurity with AI. Its Cognito platform automates cyberattack detection and response from data center and cloud workloads to user and IoT devices. Cognito correlates threats, prioritizes hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 168x. Vectra was named "Most Innovative Emerging Company" in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra has been issued five U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit https://vectra.ai
Vectra, the Vectra Networks logo and 'Security that thinks' are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.
Media Contacts:
LEWIS Global Communications
[email protected]
(415) 432 2498
SOURCE Vectra
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article