Vulnerabilities / Threats

10/27/2015
03:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Vectra Networks Reveals Cyber Attackers Covert Encrypted Communications

Revolutionary Advances in Data Science and Machine Learning Algorithms Are First in Industry to Reveal Threats without Decrypting Network Traffic

Vectra® Networks, the leader in real-time detection of in-progress cyber-attacks, today announced an unprecedented technology breakthrough that enables the detection of covert cyber attack communications in encrypted tunnels without using decryption. Also a first in the industry, the company also announced that it is now possible to detect hidden attack behaviors that hide in everyday applications that flow across today’s enterprise networks.

According to Mike Rothman, analyst and president of research firm Securosis, “It’s clear that threat detection needs to evolve to more effectively catch modern adversaries. But detecting attacks from network traffic can be challenging. Attackers work diligently to ‘hide in plain sight’ by obscuring their attack traffic within the tens of billions of legitimate packets on the network.”1

Attackers use covert attack communications like an invisibility cloak to hide in ordinary network traffic while they take their time to orchestrate the theft of an organization’s data and assets. Vectra applies advanced data science and machine learning algorithms directly to network traffic to reveal hidden underlying behaviors without needing decryption. This visibility robs attackers of the stealth and coordination that has made modern attacks so successful.

Attackers use a variety of covert attack communication methods, including encryption, hiding within ordinary applications, and skulking in common communications protocols. Vectra takes a revolutionary approach to detecting malicious covert communications in:

  • Encrypted traffic: Encryption is a sure-fire method of hiding communications and control instructions – until now. Vectra algorithms can detect encrypted threats without decrypting traffic. Vectra applies advanced data science to packet-level network traffic to expose the true underlying malicious behaviors within encrypted traffic.
    By default, the bulk of network traffic today is HTTPS and it is not inspected by security systems. This creates a huge blind spot that attackers use to their advantage. Previously, the only solution to this problem was SSL decryption, which carries massive performance penalties, legal challenges, and technical obstacles.
  • Common Web applications and Internet protocols: Attackers hide communications in commonly used Web applications and Internet protocols. Using highly sophisticated network traffic analysis, Vectra can reveal the subtle abnormalities that indicate the presence of these hidden tunnels within HTTP, HTTPs and DNS protocols. Vectra also can detect attackers who try to blend in by masquerading as a person using a Web-based enterprise application or cloud application.
  • Remotely controlled devices: Attackers often need hands-on control of a device to carry out a targeted attack. Vectra uses data science and packet-level machine learning to reveal the presence of external remote access tools that are controlling an organization’s devices.

“Until now, organizations had no way to protect themselves from attackers who use covert communications to steal their data with impunity,” said Oliver Tavakoli, chief technology officer at Vectra Networks. “Vectra reveals attackers’ hidden communications and sheds light into all phases of a cyber attack, giving organizations an effective way to fight back and protect their valuable information assets.”

To learn how Vectra actually detects hidden attack communications inside networks, register to download the white paper, "How to detect malicious covert communications."

About Vectra Networks 
Vectra® Networks is the leader in real-time detection of in-progress cyber attacks. The company’s automated threat-management solution continuously monitors internal network traffic to pinpoint cyber attacks as they happen. It then automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. In 2015, Gartner named Vectra a Cool Vendor in Security Intelligence for addressing the challenges of post-breach threat detection. The American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015. Vectra’s investors include Khosla Ventures, Accel Partners, IA Ventures and AME Cloud Ventures. The company’s headquarters are in San Jose, Calif., and it has European operations in Zurich. More information can be found at www.vectranetworks.com.

 

 

1. “Network-Based Threat Detection,” Version 1.5, Securosis, June 19, 2015.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.
CVE-2018-17336
PUBLISHED: 2018-09-22
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n...
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.