SOLUTION BRIEF Adaptive Distributed Architecture Vectra Networks provides automated detection of cyber attacks in real time. Vectra detects any active phases of an attack including command and control, internal reconnaissance, lateral movement, exfiltration phases of a cyber attack. Executive Overview Today’s cyber security threat landscape is highly dynamic with attackers constantly morphing malware and attack vectors to evade detection, and persistently attack your information assets. There are many infections that will occur outside the perimeter – mobile users, connected partners. Recent breaches have all followed the same blueprint of attackers gaining privileged access, extending the compromise across the network and stealing or destroying data. These cyber attacks are evading the perimeter security systems designed to stop an attacker from entering. The breach at Target Corp began with keylogger malware installed on a computer at their business partner Fazio Mechanical. By infecting computers at Fazio Mechanical, the attackers used stolen credentials to gain access to the Target network, spread laterally, locate key assets, accumulate data and exfiltrate it. Automating Detection of Attacks in Progress To detect cyber attacks that have already bypassed the network perimeter, security professionals need an automated real-time breach detection and reporting solution. This solution monitors network traffic in real time and provides high fidelity detection of an attack in progress. Vectra Networks provides automated detection of cyber attacks in real time. Vectra detects any active phases of an attack including command and control, internal reconnaissance, lateral movement, exfiltration phases of a cyber attack. Using data science and machine learning to detect all attack phases, the Vectra platform has several opportunities to detect an active cyber attack with high fidelity, reducing the rates of false negatives and false positives. The Vectra X-series platform passively monitors network traffic and performs all of the functions below to provide real-time breach detection and reporting. Report Correlate Detect Distill Capture External reporting through syslog, email alerts and API are also provided. Detections are correlated to the hosts under attack using Vectra’s Threat Certainty Index, detections are matched against a host and a numeric value assigned to the host reflecting its security risk. Data science and machine learning algorithms are applied on the distilled data to detect active phases of an active cyber attack within the traffic. Packets are assembled into flows and metadata is extracted from packets for processing by the detection. Capturing network packets in passive mode in the initial stage of real-time breach detection. Figure 1. Vectra Network Architecture Increasing Efficacy Efficacy increases when this solution has visibility into traffic across the entire attack surface such as remote sites and internal network segments where key assets are located. Remote sites are often weak links in the attack surface. Remote sites typically have fewer perimeter defenses and lack security professionals who can take quick action during an attack. Minimizing capital expense, and operational cost and complexity of cybersecurity at remote sites are often key criteria. In the case of remote sites in retail, banking and healthcare segment, the size, noise level, heat dissipation and ease of use are other important decision factors. Internal segments containing key assets have often been presumed to be safe because they lie deep within layers of perimeter security, yet the perpetrators of the Carbanak APT were able to use remote access tools on financial networks to steal over $1 Billion for over 100 banks. Holistic cybersecurity – fully distributed The automated detection of attacks in progress by the Vectra X-series platform can now be extended to remote sites and internal segments while maintaining a singlepane view of an organizations risk profile. X-series Platform The X-series platform software can be ordered preloaded on a full-depth rack-mountable appliance designed to scale with even the largest networks. The X-series platform can be deployed either as an all-in-one device to both monitor traffic and perform real-time threat detection or in combination with S-series sensors that monitor traffic and process metadata from the sensors. The X-series platform performs all detection, analysis and correlation of threats on metadata from sensors. S-series Sensors The S-series sensors are small, dedicated sensors that can be easily deployed in remote sites or with access switches. Sensors can be deployed in-line or as passive device to monitor network traffic, extract critical metadata from it and forward the metadata on to an X-series platform for threat analysis. The small size and simple deployment model of the S-series ensures enterprises have comprehensive coverage throughout the network, especially to remote sites including small offices, bank branches, healthcare clinics and retail locations. Deploying the Distributed Architecture The Vectra Networks scalable distributed architecture ensures customers have consistent cybersecurity protection across their entire organizational regardless of size or geographical distribution. S-series sensors and X-series platforms provide the ability to scale to any size of network across geographically dispersed sites and deliver the centralized analysis, detection and correlation of threats. The infographic on the next page shows the deployment topologies of distributed architecture. » Monitoring traffic on these internal segments is important in a data-centric security strategy, the capital expense and operational complexity of solutions are often limitations. ©2015 Vectra Networks, Inc. | 2 Campus Sensor Deployment Remote Site Sensor Deployment • Sensors deployed at the access layer switch provides visibility into user-to-user traffic • Sensors deployed at the remote-site provides visibility into traffic at remote sites • X-series deployed at the core/distribution layer provides visibility into traffic to and from users to internet, and correlates detections from sensors • X-series deployed at the data center provides visibility into traffic in the data center, and correlates detections from sensors Benefits of Distributed Architecture Vectra Networks distributed architecture provides the following benefits: • Plug-and-play deployment » Sensors are provisioned with customer information before shipment by Vectra Networks. » Sensors obtains its network configuration from DHCP server in the network. This helps with deployments in remote sites with very little technical expertise » Sensors can be deployed in passive mode, or in-line mode as bump-in-the-wire with fail-open • Low bandwidth utilization » Sensor distills metadata of the local traffic and sends it to the X-series for threat analysis and reporting » The metadata from the sensor to X-series is compressed to less than 1% of the received bandwidth to reduce overhead on low bandwidth network links • Extends full fidelity traffic visibility » Remote sites are weak links in the attack surface. Sensors can be easily deployed at remote locations to strengthen network security at remote sites » Sensors deployed on internal segments with key assets to detect lateral spread and data accumulation • Automatic centralized reporting » Vectra X-series provides a unified view of an organization’s risk profile by aggregating and correlating all detections » Vectra X-series enables security operations team to filter threat detections based on sensor monitoring the suspect traffic » X-series provides automatic real-time reporting, empowering organizations with the relevant data to rapidly respond to attacks saving time and manpower • Automatic software updates » Vectra cloud provides updates to the X-series » Updates are downloaded automatically to the sensor from the X-series. ©2015 Vectra Networks, Inc. | 2 The screenshot below shows detections viewed from the X-series deployed in distributed architecture. Figure 2. Detection view on X-series Summary Vectra technology picks up where perimeter security leaves off by providing deep, continuous analysis of both internal and Internet network traffic to automatically detect all phases of a breach. Vectra Networks provides a scalable distributed architecture to ensure customers can maintain full visibility of their networks regardless of their organizational size or physical distribution. S-series sensors and X-series platforms provide the ability to scale to any size of network across geographically dispersed sites while delivering the centralized analysis, detection and correlation of threats.
© Copyright 2024