Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/15/2016
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Vectra Networks Takes On Backdoors in Data Center Firewalls Planted by Advanced Adversaries

These attack vectors are aimed at blind spots in all network and server infrastructure

San Jose, Calif., and London, UK — Sept. 13, 2016 — (Gartner Security & Risk Management Summit 2016, Booth P3) Vectra® Networks, the leader in automated threat management, today announced the industry’s first comprehensive approach to detect backdoors embedded in network infrastructure including firewalls, servers, routers and switches, found at the heart of private enterprise data centers and public clouds.

“For years, security considerations for the data center have been largely focused on segmentation, access policy, and anti-virus in the virtual space to prevent the initial infection,” said Oliver Tavakoli, CTO of Vectra Networks. “However, attackers recognize that the keys to the kingdom can be found deeper in the physical devices used to build the data center infrastructure.”

A history of adversarial backdoors

Attacks have shown the ability to survive operating system upgrades, and definitive diagnosis often requires physically dismantling the device to analyze the underlying firmware. Additionally, this type of activity on the devices and interfaces in question is typically not logged, making it hard to detect any abnormalities.

The use of backdoors in network infrastructure devices is well-documented, dating back to the late-1990s, through the early- and mid-2000s, including the Snowden revelations in 2013, and with more recent incidents making headlines in the past few months.

“Vectra is the first to deliver technology that reveals the existence of backdoors, rootkits or attacks emanating from trusted infrastructure,” said Tavakoli. “We empower our customers to identify devices in their data center that may have been compromised so they can stop attacks before damage is done.”

Vectra ‘watches the watchers’

In addition to going after firewalls, switches and routers, attackers are also targeting the administrative credentials used to watch over and secure your data center.

Vectra detection capabilities include the concept of watching these watchers by detecting rogue and compromised administrators. For example, Vectra monitors for improper use of administrative activity including those involving low-level management protocols such as IPMI. These protocols are increasingly targeted by attackers because they give a backdoor into the virtual environment yet are rarely monitored by security solutions.

Integration with VMware vCenter

According to Gartner, “perimeter-centric security and zone-based firewall architectures lack visibility and control over east-west data center traffic, which accounts for approximately 80% of all data center network traffic. Lateral movement of attackers and spread of malware cannot be controlled.”*

Vectra virtual sensors connect to any vSwitch to analyze traffic and detect threats passing between workloads within the virtual environment. Vectra also integrates with VMware vCenter to provide an always up-to-date and authoritative view of your virtual environment. For the first time in the industry, Vectra brings together the required visibility, context, and intelligence to find advanced attacks within the data center.

Vectra Networks will be providing product demonstrations this week at the Gartner Security & Risk Management Summit 2016, in London at booth P3. Hitesh Sheth, CEO of Vectra Networks, will be presenting on “Catch an Active Cyber Attack in 5 Minutes or Less” later today at 9:30 a.m. 

Earlier this week, the company also announced a new partnership with Wipro Limited (NYSE:WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting, and business process services company, that will bring “Threat Hunting as a Service” offering to market. For more information on this news announcement, please see the press release.

 

For more information on the new data center detection models, please visit our resources page.

 

* Gartner, Inc., Network Security Architectures for Virtualized Data Centers, Joerg Fritsch, Aug. 10, 2015.

 

About Vectra Networks

Vectra® Networks is the leader in automated threat management solutions for the real-time detection of in-progress cyber attacks. The company’s solution automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. Vectra was named Dark Reading’s Best of Black Hat 2016 “Most Innovative Emerging Company” and the American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company’s headquarters are in San Jose, Calif., and it has European regional headquarters in Zurich, Switzerland. More information can be found at www.vectranetworks.com.

 

# # #

 

Vectra and the Vectra Networks logo are registered trademarks and Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22893
PUBLISHED: 2021-04-23
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse...
CVE-2021-31408
PUBLISHED: 2021-04-23
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after t...
CVE-2021-31410
PUBLISHED: 2021-04-23
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
CVE-2021-31539
PUBLISHED: 2021-04-23
Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
CVE-2021-31540
PUBLISHED: 2021-04-23
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.