Survey Reports Bad-Boy Behavior After The Breach
Jun25

Survey Reports Bad-Boy Behavior After The Breach

We know that cybersecurity is anything but secure, and the situation appears to be worsening. However, a new study from Vectra Networks – the self-proclaimed ‘leader in real-time detection of in-progress cyber attacks’ – provides a fascinating view of what happens after your cyber defenses have been breached. According to the second edition of its Post-Intrusion Report, there was non-linear growth in lateral movement (580%) and reconnaissance (270%) detections that outpaced the 97% increase in overall detections compared to last year. Although the sample size was relatively small – just 42 customers – it did represent data collected from more than 250,000 hosts over a six-month period, said Vectra’s Wade Williamson, Director of Product Marketing. Like most other security vendors, he told IT Trends & Analysis that it’s a matter of when, not if there will be a security breach. However, as soon as they get in, they’re going to move laterally. “The increase in lateral movement and reconnaissance detections shows that attempts at pulling off targeted attacks continue to be on the rise,” said Oliver Tavakoli, Vectra Networks CTO, in a prepared statement. “The attackers’ batting average hasn’t changed much, but more at-bats invariably has translated into more hits.” Williamson said his company is looking for threats in new ways and new places. Our model is considerably different, pulling security deeper into the network, to see not just how traffic is going to the Internet, but the 90% that is staying inside. “We’re still looking at packets… but we’re applying data science to those data flows”, he said. What Vectra is seeing year-over-year is an uptake in those two aspects — laterally and reconnaissance – proportionately they’re growing way faster than others, and these are the hardest to deal with. “Once they get in, they literally have free reign.” Williamson calls the lateral movement as probably the most important aspect for an advanced attack. “People are getting in the front door by avoiding analyses… this is essentially us being able to watch inside and notice that there is a particular node… spreading… without having to recognize a particular payload… and do this for anything. It doesn’t matter what type of malware it is.” As the run up to – and immediately following – April’s RSA Conference, a plethora of surveys surfaced to highlight just how bad the security environment is. Cisco reported that customers are only just starting to come to terms with the wide gap between perception and protection, and security budgets – and skills – aren’t where they need to be. Cisco’s latest data offers a disturbing look at why cyber security is in such a...

Read More

VCE Gets Creative with Bright Box Technologies

It is interesting to watch large companies. Some seem to make the same mistakes over and over again, while others, typically younger firms, tend to learn from their mistakes and those made by others. VCE is a young firm and a case in point. Their new VxRack line addition is the packaging of commodity white box servers – which VCE calls “bright box” nodes – into a solution that scales from 4-1000+ nodes and brings VCE’s factory integration and incredible customer support makes them price competitive in one of the most popular growing enterprise and service provider segments – the Hyper-converged infrastructure. To read the complete article, CLICK HERE NOTE: This column was originally published in the Pund-IT...

Read More

Leveraging Analytics For Smarter Storage Systems

Almost since their inception, storage systems have been keeping log files that track everything that is going on with that storage system. Over the years the type and granularity of data that is captured has increased, and today these systems are essentially a big data generator in their own right. The problem is that most of these storage systems don’t provide any meaningful analysis of the data being captured, and the analysis that is reported on is isolated to a single system. To read the complete article, CLICK HERE NOTE: This column was originally published in the Storage Switzerland Weekly...

Read More

Is the Cloud Just So Many Legos?

I was recently looking at Lego parts, and I started to consider the myriad of Legos and the broad categories they fit within. Then I had a thought. Is the cloud just so many Legos? SaaS, PaaS, IaaS, and DaaS are various categories of clouds. We could call them the fundamental building blocks or bricks of the cloud, and we could think of moving to the cloud as the assembly of those bricks into something usable. Or so one would think. Once you get past the broad categories, there are very specific versions of Legos. There are roofs, arches, minifigs, bricks, plates, plants, animals, and more. Just like there are myriad specific Legos, there are also myriad things you can do in the cloud. These things still fall into categories of DaaS, SaaS, PaaS, and IaaS. However, these myriad solutions are themselves made up of many other bricks, gears, roofs, arches, etc. The cloud has many moving parts. To read the complete article, CLICK HERE NOTE: This column was originally published in The Virtualization Practice...

Read More
Read More

EMC’s Data Protection… Now “Spans” Cloud-based Workloads

Adding Spanning’s Office365, GoogleApps, and SalesForce protection capabilities to the broad EMC data protection solution portfolio, including Mozy (cloud-based backup), Avamar, Networker, Data Domain, etc., ensures that EMC will be able to protect where file/collab/CRM data is moving, as well as where that data lives today. Congrats to EMC on a smart addition to their portfolio. Here’s the Spanning-EMC announcement. To read the complete article, CLICK...

Read More