How to Find Cyber Threats in Real Time

In a nod to reality, Vectra Networks helps cybersecurity teams stop attackers once they’re inside the network — not before they get there.

No matter how robust a company’s cyber defenses, the bad guys seem to find a way to get in. And when — not if — they do, it could take weeks, or even months, to detect them and assess the damage. Building off the premise that spending a lot of money “trying to prevent the bad guys from getting in” is an imperfect approach, Vectra Networks wants to help cybersecurity teams track down and stop attackers once they’re inside the network — not before they get there. “The core problem is that all the sensors the company has invested in — firewalls, sandboxes, AV — act as a good filter, but they don’t stop everything from getting in,” says Vectra’s chief technology officer, Oliver Tavakoli. “We’re single-mindedly focused on finding that intruder inside your network before the FBI calls you and tells you about it.” Using machine learning and some of the same techniques used to sequence DNA and improve search engines, the company has developed a platform that looks at patterns to detect anomalies and trigger a mitigation response. Vectra isn’t advocating forgoing the traditional filters like firewalls and reputation lists — it’s still important to practice good cyber hygiene, Tavakoli says. But that’s no longer enough. “Presuming the filters are 100% perfect is a recipe for the kind of breaches we see in the news,” he says. So Vectra’s product, a platform software called X-series, picks up where those traditional security tools stop and provides real-time detection of an attack that’s in process. Instead of signature- and reputation-based methods, Vectra uses machine learning, data science and behavior analysis — an approach that’s much more effective in stopping the types of high-profile breaches that have dominated headlines of late. See also: What You Must Know on Machine Learning The platform, which was launched in 2014, is typically deployed with an on-premises appliance that sits within the data center and monitors packet traffic. Customers also can opt for a virtual appliance using another product, S-series sensors. The service is subscription-based, based on the amount of traffic that’s being processed.
Vectra’s chief security officer, Günter Ollmann, says, in the past, traditional tools relied on blacklists, two-dimensional signatures and behavioral analytics, which are all driven by human decisions. But the threats develop so fast that those techniques don’t keep up with the bad guys. “Machine learning is doing a much better job of … creating multidimensional signatures for detecting what’s going bad,” Ollmann says. Machine learning works in two ways: supervised and unsupervised. With supervised learning, humans tell the machines which behaviors are good and which are bad, and the machines figure out the commonalities to develop multidimensional signatures. In the past, Tavakoli explains, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, it’s essentially about training the computer to find those differences — but much faster. “Supervised machine learning involves the machine doing 95% of the work and the data scientists doing the 5%,” Tavakoli says. With unsupervised learning, the machines develop the algorithms without having the data labeled, so they analyze the clusters to figure out what’s normal and what’s an anomaly. “That’s a slower detection, but it detects things that humans and those high-fidelity signatures would never be able to see,” Tavakoli says. Founded in 2012, Vectra set its sights on machine learning when the concept was still novel. The company, which came out of stealth mode in March 2014, immediately focused on a broad range of sectors. Now in what Tavakoli calls its “adolescent stage,” Vectra has gone through several phases of funding (for a total of about $75 million) and has grown to 125 employees as well as sales offices in Europe. See also: How Machine Learning Changes the Game “We believe the market is not limited to a few verticals because it’s a broad problem,” Tavakoli says. That means that for the next year or so, the company’s energies are focused on gaining sales momentum and scaling all its processes and operational capacity as the organization matures. The timing seems fortuitous, now that machine learning and automation are becoming the new frontiers for cybersecurity. And that’s what’s given the platform a broad appeal, according to Tavakoli: the ability to do the heavy lifting for humans, especially as the industry is experiencing a shortage of human resources. “You see a real renaissance nowadays when you hear about machine learning in all types of markets, and those techniques are being applied to a much broader set of problems than they were historically,” Tavakoli says. He believes it’s the machine learning that will fulfill the promise that big data holds, not yet through complete autonomy but rather as a leveraging point. “The whole world is swimming in a large amount of data being collected from all sorts of things, and people are struggling to pull value out of that data,” he says. “Machine learning and data science are at the vanguard of unlocking the information that’s hidden inside the data — and cybersecurity is just one such application.” This article first appeared at Third Certainty. It was written by Rodika Tollefson. More stories related to data security : JP Morgan Chase caper offers frank lessons about insider theft Predictive threat intelligence roots out cyber threats before they occur Biggest identity theft threat? Downplaying your risk

Byron Acohido

Profile picture for user byronacohido

Byron Acohido

Byron Acohido is a business journalist who has been writing about cybersecurity and privacy since 2004, and currently blogs at


Read More