SDxCentral
Join Log In
SD-WAN 5G Edge 1 IoT SDN NFV Containers Cloud Security AI Data Center Storage APM/NPM Open Source

Log In to SDxCentral

Log in with your email? Forgot your password?
  • Newsletters
  • eBriefs
  • Podcasts
  • Webinars
  • Videos
  • Directory
  • White Papers
  • Resources
  • Use Cases
  • Support

Join SDxCentral and get information tailored to your particular interests everyday.

Join
Sponsored:
Dell EMC Citrix Riverbed

Vectra Extends Its Threat Management Into the Data Center

Vectra Extends Its Threat Management Into the Data Center
Craig Matsumoto
Craig MatsumotoSeptember 14, 2016
8:16 am MT
Email LinkedIn Facebook Twitter Reddit Hacker News

Security startup Vectra, which has been focusing on campus networks, is expanding its reach to the data center and the public cloud.

To do that, it had to infuse Vectra DC 1.0, launched Tuesday, with some new strategies for detecting bad behavior, because intruders in the data center don’t have the same goals as intruders in the campus network do.

Vectra is among a new wave of security companies that try to detect attacks in progress. That’s in contrast to the traditional strategy of trying to keep attackers out entirely. You still want to try to do that, but the current thinking is that you have to assume the network has been breached and try to spot the intruders from within.

Some security startups have targeted the data center all along. Vectra might be new to the data center, but its strategy of targeting campus networks has won it some fans. Vectra claims roughly 200 installations since it began shipping in general availability in early 2014.

A common strategy among data center security startup such as GuardiCore and vArmour take the approach of spotting intruders based on their activity and then isolating them to limit the damage.

Vectra uses a similar tactic but opts to watch everything, keeping a real-time record of all network activity. The trick is to winnow down that activity to a small number of anomalies to tell the operators about, and that’s where technologies such as machine learning come in.

Security-wise, the data center is more difficult than the campus because workloads move. “All the ground is shifting beneath your feet there,” says Wade Williamson, Vectra’s director of threat analysis.

Venctra also had to revise the list of behaviors that trigger red flags in its software.

For example, Williamson says, intruders in the campus tend to move about laterally, seeking credentials that can get them into the data center. But inside the data center itself, the game becomes more about exfiltration — siphoning away all that data.

So, Vectra DC has to watch for signs of exfiltration. Attackers might grab as much data as possible very quickly — which is obviously noteworthy — but they can also slowly bleed information out of the network, a pattern Vectra now looks for.

Since Vectra uses machine learning to tell anomalies from false positives, the company had to build a model of what data center network administrators do. That way, any behavior outside the norm — such as suddenly using an old, obscure protocol to tap a server — can be flagged as a sign of trouble.

Vectra built this model by logging the activity of network operators at 11 beta customers. It was crucial to observer real activity rather than having administrators answer questions, says Alex Waterman senior director of product management at Vectra.

Related Articles

Cisco Pushes ACI to AWS and Azure, Embraces ‘Data Center Anywhere’ Strategy
Cisco Pushes ACI to AWS and Azure, Embraces ‘Data Center Anywhere’ Strategy
Enterprises-Spent-125-Billion-on-IT-Infrastructure-in-2018-Says-Synergy-Research
Enterprises Spent $125B on IT Infrastructure in 2018, Says Synergy Research
Concensus and AMD Build Blockchain-Based Cloud Infrastructure
Consensys and AMD Build Blockchain-Based Cloud Infrastructure
VMware Helps Make a Wish Bring Joy to Kids
VMware Helps Make-a-Wish Foundation Save Millions on IT
Pivot3 Adds Encryption, Key Management to HCI Stack
Pivot3 Adds Encryption, Key Management to HCI Stack
VMware Tech Prevents Attacks Across Texas School Districts
VMware Tech Prevents Cyberattacks Across Texas School Districts
SDxCentral Daily News

Join your Peers! Subscribe to SDxCentral's Newsletter

Article Tags:

Breaking News Cloud Data Center GuardiCore Security vArmour Vectra Networks

Craig Matsumoto

About Craig Matsumoto

Craig Matsumoto is managing editor at SDxCentral.com, responsible for the site's content and for covering news. He is a "veteran" of the SDN scene, having started covering it way back in 2010, and his background in technology journalism goes back to 1994. Craig is based in Silicon Valley. He can be reached at craig@sdxcentral.com.

Subscribe to Get the Daily News!

About SDxCentral

  • Newsletters
  • About Us
  • Contact Us
  • Work With Us
  • Editorial Team
  • Careers
  • Legal
  • Support

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

© 2012-2019 SDxCentral, LLC, All Rights Reserved. SDNCentral™, the SDNCentral logo, SDxCentral™, SDxCentral logo, SDxNews™, SDxTech™, SDx™, the SDx logo, and DemoFriday™ are trademarks of SDxCentral, LLC in the U.S. and other countries.

  • Terms of Service
  • Privacy