Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

November 30, 2017 |

Vectra Ups the Ante on Automated Threat Detection with Threat Intelligence Integration and New Active Directory Threat Detections

Company achieves second consecutive quarter of triple-digit revenue growth with 294% year-over-year growth in 3Q2017

Vectra, the leader in†automating the hunt for in-progress cyberattacks, announced the ability for its customers to integrate threat intelligence and indicator-of-compromise (IoC) feeds into its Cognito platform to further improve their threat detection coverage. In addition, the Cognito platform adds new detections for attacker reconnaissance of Active Directory involving LDAP and Kerberos protocols, and limited-time sharing links to simplify the sharing of critical information during a threat investigation.

Growing demand to automate threat hunting and the company’s recent advances spurred a 294 percent increase in 3Q2017 revenue compared to the same quarter last year, for a second consecutive quarter of triple-digit revenue growth. ††

Cognito adds detections based on the threat intelligence and IoCs†
The Cognito platform from Vectra further automates threat hunting by enabling customers to import importing local and industry-specific indicators of compromise (IoCs) consisting of malicious IP addresses, domains, URLs or user agents expressed in†Structured Threat Information eXpression†(STIX) Version 1.2 files.

Detections based on IoCs include a packet capture (PCAP), and are correlated with all other Cognito attacker behavior detections to provide rich context and are scored based on risk to prioritize the response. The Cognito API automates the upload of STIX files, such as the threat intelligence feeds of the Financial Services Information Sharing and Analysis Center (FS-ISAC), and each file is assigned a relevant attack phase category – command and control, reconnaissance, lateral movement or exfiltration.

“This integration will further improve the workload of our security operations team,” said†Beau Canada, VP of Information Security at Ticketmaster. “AI automates the hunt for unknown threats and IoCs enable detection for known threats. Automated real-time correlation, scoring and prioritization of both types of threats with PCAPs will improve the efficiency and effectiveness of security operations.”

“Many enterprise organizations are building internal programs and processes for threat intelligence consumption, analysis, and operationalization, and this trend will likely continue,” said†Jon Oltsik, principal analyst at Enterprise Strategy Group (ESG). “According to ESG research, 27 percent of cybersecurity professionals working at enterprise organizations say that spending on their organizations’ threat intelligence programs will increase significantly over the next 12 to 18 months, while another 45 percent say that threat intelligence spending will increase somewhat during this timeframe.”

“Customers use Cognito to automate manual threat hunting, triage, and correlation so they can respond to threats in real time,” said†Kevin Kennedy, vice president of product management at Vectra. “By enabling them to integrate threat intelligence and IoC feeds into Cognito, we are putting even more context at the security analyst’s fingertips and enabling them to focus on the critical role of confirming and responding to cyberattacks before data is stolen.”

Cognito adds Active Directory reconnaissance detections
Reconnaissance of an enterprise’s Active Directory (AD) infrastructure is a critical part of an advanced attacker’s tool kit to identify accounts with administrative privilege, which enables them to access systems with sensitive data. Vectra has added new detection algorithms to its Cognito platform to detect these attacker behaviors through the LDAP and Kerberos protocols.

Suspicious LDAP Query†– Through carefully chosen LDAP queries of the AD server, an attacker can discover group membership, directory structure, and privileged accounts and groups. This information enables attackers to determine which credentials they need to obtain to move deeper into a network and gain access to restricted areas. The Suspicious LDAP Query detection algorithm tracks LDAP communication and identifies rare LDAP queries that have a higher likelihood of being associated with an attack and are unusual in the local environment.

Kerberos Brute Force†– Though blunt and inelegant, brute-force and dictionary attacks can be called upon to gain unauthorized access to systems that perform authentication either locally or via the Kerberos protocol. This algorithm monitors all Kerberos authentication events on a network, learns the typical volumes for each account and triggers when activity consistent with a brute-force attempt occurs. To optimize context for the security team, the detection includes the volume, client, account and domain controller involved in the authentication attempt.

These new detections provide early indications of existing administrative credential abuse and administrative protocol abuse lateral-movement detections. A combination of detecting these new reconnaissance and existing lateral movement behaviors by Cognito results in a critical-risk score, which drives a higher priority incident verification and response.

Limited-time sharing links simplifies security collaboration
Cognito introduces the ability to create limited-time sharing links to specific host and detection pages. This enables the security team to quickly and easily engage IT team members who don’t have an account on Cognito to reduce the time to confirm and respond to an active cyberattack. Simplifying the sharing of information with other IT functions ensures security operations teams gain clarity on the observed behavior, faster understanding by all people involved in a threat investigation, and shorter time to resolution.

General availability
Cognito Version 3.11 is currently available and includes all the capabilities in this news release: threat intelligence integration, the Suspicious LDAP Query and Kerberos Brute Force detections, and limited-time sharing links.


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience