Categories
AI

Vectra: 10 most common threats for Azure AD, Office 365 customers

Elevate your enterprise data technology and strategy at Transform 2021.


Research on the most frequently seen malicious behavior in Azure Active Directory and Office 365 found that malicious activity often looks very similar to legitimate user activity, said Vectra AI, a threat detection and response company. Regardless of the size of the company, O365 Risky Exchange Operation, or attempts to manipulate Exchange was the most frequently seen behavior, Vectra said in the 2021 Q2 Spotlight Report, Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365.

Top 10 most common threat detections in large companies

Above: Vectra.ai identified the top 10 most common activities suggesting security threats in large companies.

Image Credit: Vectra.ai

Research focusing on the top 10 threat detections in Azure AD and Office 365 environments identified the most common activities that can indicate a security threat:

  1. O365 Risky Exchange Operation: Attempts to manipulate Exchange to get access to data.
  2. Azure AD Suspicious Operation: Operations indicating attackers are escalating privileges and performing tasks which require administrator access after regular account takeovers.
  3. O365 Suspicious Download Activity: Account is downloading an unusual amount of objects, suggesting an attacker is using SharePoint or OneDrive to exfiltrate data.
  4. O365 Suspicious Sharing Activity: Account is sharing files and folders at a higher volume than usual, suggesting an attacker is using SharePoint to exfiltrate data or maintain access into the network.
  5. Azure AD Redundant Access Creation: Administrative privileges are being assigned to other entities, suggesting attackers are establishing multiple methods of maintaining access.
  6. O365 External Teams Access: An external account added to a team in O365, suggesting an attacker has added another account which they control.
  7. O365 Suspicious Power Automate Flow Creation: Automated workflows created with Microsoft Power Automate, suggesting the attacker is establishing persistence in the environment.
  8. O365 Suspicious Mail Forwarding: Mail forwarded to another account, suggesting attackers are collecting or exfiltrating data without needing to maintain persistence.
  9. O365 Unusual eDiscovery Search: User creating or updating an eDiscovery search, suggesting an attacker is performing reconnaissance to learn what else is accessible in the environment.
  10. O365 Suspicious Sharepoint Operation: Administrative SharePoint operations suggesting malicious actions.

Vectra calculated the relative frequency of threat detections that were triggered on its platform during a three-month span based on customer size (small, medium and large).Larger companies triggered fewer detections when compared to smaller companies — that may be because larger companies’ users and administrators perform Office 365 and Azure AD activity more consistently compared to smaller organizations.

Top 10 for threat detections for small and medium companies

Above: Small and medium companies had similar top 10 lists of potential malicious activities.

Image Credit: Vectra.ai

Medium and small companies have the same top 10 threat detections, and differed slightly from the breakdown of detection types found in large companies. For example, Office 365 DLL Hijacking, Office 365 Unusual Scripting Engine and Office 365 Suspicious eDiscovery Exfil were in the top 10 for large companies, but not in the top 10 for medium and small companies. Medium and small companies included Office 365 Suspicious SharePoint Operation, Office 365 Suspicious eDiscovery Search and Azure AD Suspicious Operation in

With 250 million active users, Office 365 has a big target on its back, as cybercriminals devote time and resources crafting attacks targeting the platforms large user base. Adversaries increasingly find that overtly malicious actions are unnecessary when existing services and access used throughout an organization can simply be co-opted, misused and abused.

In a recent Vectra survey of 1,000 security professionals, 71% said they had suffered an average of 7 account takeovers of authorized users over the last 12 months.

Read the full 2021 Q2 Spotlight Report, Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

AI-powered cybersecurity platform Vectra AI raises $130M

Join Transform 2021 this July 12-16. Register for the AI event of the year.


San Jose, California-based cybersecurity startup Vectra AI today announced it has raised $130 million in a funding round that values the company at $1.2 billion. Vectra says the investment will fuel the company’s growth through expansion into new markets and countries.

According to Markets and Markets, the security orchestration, automation, and response (SOAR) segment is expected to reach $1.68 billion in value this year, driven by a rise in security breaches and incidents and the rapid deployment and development of cloud-based solutions. Data breaches exposed 4.1 billion records in the first half of 2019, Risk Based Security found. This may be why 68% of business leaders in a recent Accenture survey said they feel their cybersecurity risks are increasing.

Vectra was founded in 2012 by Hitesh Sheth, and the company provides AI-powered network detection and response services. Vectra’s platform sends security-enriched metadata to data lakes and security information and event management (SIEM) systems while storing and investigating threats in this enriched data.

The aforementioned metadata is wide-ranging but includes patterns, precursors, account scores, saved searches, host scores, and campaigns. It’s scraped from sensors and processing engines deployed across cloud environments, where the sensors record metrics from traffic and ingest logs and other external signals.

Vectra AI

Above: The Vectra AI dashboard.

Image Credit: Vectra AI

AI is a core component of Vectra’s product suite. Algorithms suss out and alert IT teams to anomalous behavior from compromised devices in network traffic metadata and other sources, automating cyberattack mitigation. Specifically, Vectra uses supervised machine learning techniques to train its threat detection models and unsupervised techniques to identify attacks that haven’t been seen previously. Vectra’s data scientists build and tune self-learning AI systems that complement the metadata with key security information.

“For us, it all starts with collecting the right data because attack behaviors always vary. We’re continuously creating machine learning models for any type of new or current threat scenario,” Sheth told VentureBeat via email. “AI-based security defenses are the right tool for modern network defenders, not because current threats will become some dominant force, but because they are transformative in their own right.”

Global ambitions

Signaling its global ambitions, in August 2019 Vectra opened a regional headquarters in Sydney, Australia. Last July, the company launched a range of new advisory and operational cybersecurity services, weeks after revamping its international channel partner program.

A growing number of cloud users are suffering malicious account takeovers, according to a survey conducted by Vectra. Nearly 80% of respondents claimed to have “good” or “very good visibility” into attacks that bypass perimeter defenses like firewalls. Yet there was a contrast between opinions of management-level respondents and practitioners, with managers exhibiting greater confidence in their organizations’ defensive abilities.

“The pandemic has caused a further shift toward the cloud, even for organizations that were previously cloud adverse. Companies needed to prioritize the health and safety of their employees, which in many cases meant a shift to remote work,” Sheth said. “However, the only way to keep teams connected and productive was to further adopt cloud applications that enable collaboration from anywhere. For security teams, this means finding new solutions to protect assets and users because traditional network security doesn’t translate to securing a dispersed workforce that has adopted cloud technologies … Vectra can automate threat detection and investigation, provide visibility, and audit remote endpoint security posture to make sure users and company assets are secure.”

Vectra, which has 375 employees and claims a 100% compound annual growth rate in 2020, counts Texas A&M University and Tribune Media Group among its customer base. In February, the company closed the strongest quarter in its history.

Attack and defend

“To me, this funding round confirms today’s cybersecurity capital markets are rewarding the most effective and innovative technology — not just the best pitch,” Sheth said. “Contrary to flashy Hollywood headlines about some Skynet-like AI hacker coming to get you, actual human attackers are far more clever than any contemporary offensive AI systems. This is in part because AI systems conform to a series of ‘rules,’ and as every human hacker knows, rules are made to be broken.”

Sheth added “The most likely scenario is that some AI techniques merely make it into the toolkit of human adversaries, such as incorporating natural language AI into large-scale phishing attacks. We shouldn’t downplay the impact of a good phishing campaign, but if this is the sum total of what your C-suite is preparing for, you have your work cut out [for you]. Decisions about which AI cybersecurity solution to commit to should be driven based on outcome-based evaluations. This means selecting functional, rather than purely ornamental, solutions.”

Blackstone Growth led Vectra’s latest round of funding. Existing investors also participated, bringing the company’s total raised to over $350 million. Vectra previously nabbed $100 million in a growth equity round led by TCV.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link