Vectra AI Inc.

The security operations team of a major real estate firm realized the need to modernize their approach to potential cyber threats. The company had been using combined intrusion detection and intrusion prevention systems to catch threats at the network perimeter. However, these systems did not scale well and offered no visibility inside the network and data center. The security operations teams were also burdened with manually investigating thousands of threat alerts per day, causing significant alert fatigue and giving real attacks more time to spread.

DZ BANK, the second largest bank in Germany, was facing challenges in detecting advanced threats that were missed by traditional signature-based firewalls, IDS and IPS. The bank was looking for a solution that could distinguish between benign anomalous behaviors and high-risk attacker behaviors. The bank's mission to protect its assets, operations and sensitive information was complicated by a broad range of data privacy and financial regulations. Many types of surveillance and electronic monitoring of employees and communications are prohibited in Germany. In addition, both the European Union General Data Protection Requirement (GDPR) and Germany’s Second Markets in Financial Instruments Directive (MiFID II) became law in 2018.

The company lacked an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) across its estate, which includes numerous offices across the country. This situation made it difficult for the company to monitor and flag up unusual network traffic for further investigation. The company was also struggling with false positives and had to invest time in tuning the system to reduce these. The company was looking for a solution that could provide visibility into behaviors across the full life cycle of an attack in their network, beyond just the internet gateway.

The university was looking for a solution that required less customization and more commercial off-the-shelf capabilities. They wanted their team to focus on protecting the university rather than upgrading custom software. They needed a solution that could inspect and look for malicious, abusive, or other types of forbidden behavior with their north-south and east-west traffic. The solution needed to be able to differentiate between normal and abnormal events. The university also wanted to detect issues with privileged accounts, as they had users ranging from low-privileged, regular users to administrators with high levels of privilege.

Hydro Ottawa, the largest distributor in eastern Ontario, is responsible for delivering electricity to over 323,000 business and residential customers. With the surge in attacks on electrical grids and utility providers, the company needed to protect its corporate IT and critical infrastructure systems from cyberattacks. The challenge was to close the gap between infection and detection. The company needed to automate threat management that is simple to use and integrates easily with other security tools.

ED&F Man Holdings, a commodities trading company, faced a significant challenge in mitigating cybersecurity risks. A security incident several years ago served as a wake-up call to the increasing success of cyberattacks. An independent assessment indicated that the company needed to significantly step up its cybersecurity processes, tools, and people. The company undertook a complete security transformation. Carmelo Gallo took over as the cybersecurity manager to protect the operations of the $10 billion company that has a presence in 60 countries. A focus on next-generation security technology, integration, and automation has rapidly accelerated the company’s security maturity.

INDEVCO, a multinational manufacturing and industrial consultancy group, was facing challenges in detecting internal threats, gaining visibility into their network, and maintaining network hygiene. They had an open-source security information and event management (SIEM) solution and an endpoint detection and response (EDR) solution, but these were not sufficient. The company needed a solution that could help them better protect data and keep their operations running smoothly across their 38 manufacturing plants and 38 commercial companies worldwide.

ROSSMANN, one of the largest drugstore chains in Europe, was facing a significant challenge in identifying threats inside its network. The IT security team, led by Daniel Luttermann, was tasked with strengthening the company's security posture to catch cyberattackers at the network perimeter and within the network. Before evaluating vendors, ROSSMANN conducted a red team exercise to identify potential security weaknesses and vulnerabilities. The results of this penetration test were used to gauge vendors in the proof-of-concept (POC) testing phase. The team ultimately chose a diverse roster of solutions that included the Cognito® network detection and response (NDR) platform from Vectra®.

Tri-State Generation and Transmission Association, a utilities provider that supplies wholesale electric power to 44 electric cooperatives across Colorado, Nebraska, New Mexico, and Wyoming, faced a significant challenge in protecting its corporate and subscriber data from cyberattacks. The threat of a cyberattack shutting down the national electric grid is real, and utility companies are beefing up security measures to keep the lights on and the heat running for households and businesses. Tri-State's internal networks, which store both corporate information and subscriber data for 1.5 million customers, had to be protected. Multiple hosts, or master computers, are located throughout the wide area network and support 1,500-plus Tri-State employees. These hosts are critical to the utility’s business and way too valuable to take any risks with their security. However, Tri-State lacked visibility into the hosts’ activity and when potential threats did come up, there was no context to the type or degree of threat, and no prioritization.

The telecom provider’s network spans more than 10 geographies and multiple Amazon virtual private clouds (VPCs). Securing and monitoring such a diverse and expansive footprint is no easy task. As a result, the telecom provider is required to follow and operate under several different compliance policies. To support this mandate, the security team relies on their AWS-hosted ArcSight platform for big data security analytics, security information and event management (SIEM) and log management. Although the telecom company is running endpoint detection and response (EDR) on its managed clients, this still leaves a large security gap in visibility for IoT, unmanaged devices, BYOD, and other devices that cannot support EDR software agents.

The global financial services company was in constant reactive mode due to their security operations center (SOC) being overwhelmed with homegrown solutions that required a lot of software patches. The SOC team was constantly putting out fires, rushing to investigate whenever they saw smoke. They were looking for a network detection and response (NDR) solution that would enable them to proactively detect and respond to hidden threats inside their network. They evaluated potential NDR solutions, including Darktrace and Vectra, hoping to find the right solution that would enable them to proactively detect and respond to hidden threats inside the network.

The university healthcare system was in need of a proactive approach to understand threats, threat actors and the methods they employ in the internal threat landscape. They had in place anti-virus, anti-malware and email filters to protect end users. However, their log and event manager created a lot of work for the security team. It relied on the vendor to integrate the log and event manager with other security systems, which resulted in a deluge of anomalous alerts that didn’t make sense and were incompatible with security feeds that flowed into it. The university healthcare system needed a network-centric detection and response solution that was endpoint agnostic and which would help bring clarity to internal network traffic.

The Municipal Property Assessment Corporation (MPAC) was facing a challenge of lack of lateral movement visibility within the organization. As an IT security veteran, Mirza Baig, IT Security Manager at MPAC, needed to understand the security solutions the team was utilizing. He found that the team had already prioritized removing any blind spots, which is key to having the ability to detect attacker behavior. However, the existing solutions were not sufficient to detect lateral movement across cloud or enterprise workloads.

Royal Holloway University of London, a top 25 university in the UK, was facing a significant challenge in defending against a wide range of cyber threats. As a center of research and excellence in cybersecurity, the university was a particularly attractive target for threat actors. The large population of students and staff regularly connected to multiple devices, presenting a broad attack surface. With limited resources, the Cyber Security team at Royal Holloway was under huge pressure to keep up with the increasing workload of manual investigations in response to suspected vulnerabilities. They needed a solution that could detect threats that managed to penetrate their network, or those that originated from inside their perimeter defenses, without needing to perform manual intervention.

The Very Group, a leading digital retailer in the UK, has undergone a significant digital transformation, shifting from a catalog operation to a pureplay digital retailer. However, this transformation has introduced new risks. The company needed to protect its ecommerce platforms, maintain customer trust, and meet regulatory requirements like the European Union’s General Data Protection Requirement (GDPR). The Very Group has 1.3 million visitors a day and four million active customers, and its systems hold a wealth of information that needs to be protected. The company also wanted to ensure that its security and privacy practices were tightly aligned with GDPR and other mandates.

The organization was dealing with a large volume of network traffic, with 89,000 concurrent IPs being analyzed. This resulted in a significant amount of noise, with only 1% of the traffic warranting deeper investigation. The challenge was to filter out the noise and focus on the high-risk events that needed attention. Additionally, the organization needed a solution that could provide visibility into behaviors across the full lifecycle of an attack in the network, beyond just the internet gateway. This included identifying unauthorized devices on the network and detecting suspicious domain activity.

The company was in need of an intrusion detection system to monitor traffic within their network. They had previously experienced a ransomware event, which Vectra AI was able to quickly detect and alert on, greatly reducing the time it took for the company to respond to the incident. However, the company was looking for a solution that could provide a fuller picture of what was going on before the target left the network, and also triage threats and correlate them with compromised host devices to further reduce the time to respond to incidents.

The Government Authority in the Middle East manages and oversees all of the country's digital assets, information technology, and data programs. It operates similarly to a service provider throughout all government agencies including healthcare, education, traffic, and immigration. Cybersecurity is a fundamental pillar protecting government institutions as they are a prime target for hackers. The Government Authority maintains and supports multiple core business functions at a large scale where compromised data or systems increase the risk of a breach. A breach in a government institution would impact critical systems that citizens rely on, demand remediation costs, and require unplanned spending to close the gaps. The security team needed to reduce the risk of a breach by having the ability to detect and respond to potential threats. However, they were overwhelmed with a large volume of unprioritized alerts, poor capability in detecting unknown threats, and they lacked visibility into their cloud environment.

The company, a distributor in North America, was facing challenges in securing its geographically dispersed environment. Traditional security vendors were falling short when it came to stranger peripherals such as printers, scan guns, tablets, and guest devices. The company had a centralized data center and numerous physical locations across the country, making their network very distributed. Before deploying Vectra, the company was not monitoring network traffic, creating a significant gap in their security infrastructure.

The Private Research Institution was facing a wave of uncertainty due to the risk of a second ransomware attack. The manual workload was overwhelming and the institution needed a solution to automate Security Operations Center (SOC) inefficiencies and prevent future ransomware attacks. The institution was also dealing with constant change as network devices were constantly on the move with students and staff connecting in different locations and bringing multiple personal devices.

mLeasing, a leading leasing company in Poland and part of the mBank group, was looking for a modern solution that enabled the identification of online threats in real time. Traditional systems based on signatures or attack patterns only detect threats that are known to the system. The company wanted to find a system that would complement the security concept with a state-of-the-art solution based on behavioral analysis, supported by artificial intelligence and deep machine learning.

Greenhill, a renowned investment bank, was facing challenges in managing cyber risk. They were using SIEM tools but had difficulty in identifying which firewall logs were serious and which ones were not. The rise in credential abuse and account takeovers in SaaS platforms like Microsoft Office 365 was also a concern. Attackers were using social engineering to exploit human behavior, elevate account privileges, and steal critical business data. Greenhill needed more visibility into the network and an easier way to identify which threats were critical and which threats were not.

Greater Manchester Mental Health NHS Foundation Trust, a healthcare provider in North West England, was facing a significant challenge with limited visibility into malicious behaviors inside network traffic or Office 365. The trust has about 5,400 employees, more than 140 locations, and provides mental health services for 53,00 patients a year. The sheer quantity of individuals using the service increases the chance that cyber hygiene will fall by the wayside, and knowledgeable attackers will exploit human behavior to gain high-privilege access to critical business-data. Despite antivirus software, a LogPoint SIEM and next-generation firewalls, network detection and response (NDR) had been on the radar for quite some time.

Nissho Electronics Corp., a company that makes cutting-edge U.S. technology available to enterprise organizations in Japan, was facing growing concerns about its own network and cloud security posture due to the rise in advanced cyberattacks. These hidden threats easily evade firewalls, IDS and other legacy security systems and spread inside networks in search of assets to steal. Nissho had used its SIEM to analyze firewall logs, which was a manual, time-consuming operation. The company was also concerned about the recent spike in credential abuse and account takeovers in SaaS-based Microsoft Office 365, which affects more than 30% of organizations each month. Attackers use social engineering to exploit human behavior, elevate account privileges and steal critical business-data. The company understood that it needed visibility inside the network and public cloud to identify and stop hidden cyberattackers who move laterally in traffic to spy, spread and steal.

American University, a private institution in Washington D.C., was preparing to expand its cloud presence and needed to enhance its cybersecurity measures to protect its public cloud, data center, and campus networks. The university was facing two significant cybersecurity challenges that were consuming a significant amount of time and resources. The first was the use of open-source tools to monitor network traffic, and the second was the use of signatures to detect intrusions. The university's network supports about 60,000 users with more than 20,000 devices at any given time, along with 700 servers and hundreds of applications. The information security team was looking for non-open-source solutions that utilized artificial intelligence and aligned with their goals.

The Texas A&M University System, an academic and research powerhouse, faced significant challenges in protecting its high-value academic and research data. The system, which includes 11 university campuses, seven state agencies, and numerous research institutes, was a prime target for cyber thieves. The university system faced a lack of cybersecurity talent, a global issue that made it difficult to hire and retain skilled cybersecurity professionals. Additionally, the university system's significant expenditures and vital research partnerships with organizations like the U.S. Department of Energy, NASA, and the U.S. Department of Defense made it a target for nation-state cyber attackers.

The international private healthcare group, with over 100 hospitals and clinics globally, was facing challenges in timely detection and effective management of active cyberattacks. The healthcare industry is a prime target for cybercriminals, who use advanced attack techniques and tools. These criminals often target patient records that contain substantial amounts of private and sensitive information. In addition to the risk of data loss, ransomware attacks have the potential to disrupt and deny control over key digital services like biomedical devices and vital systems, putting the provider and the safety of patients at risk. The healthcare group realized that its existing cybersecurity protections were not enough to quickly spot and manage attacks, given the rapidly evolving threat landscape.

The company, a Forbes Global 2000 manufacturer of specialty chemicals and advanced materials, needed to ensure its supply chain, from raw materials to finished goods, was not compromised by hidden cyberattacks. The company's supply chain spans the procurement of raw materials to formulating the plastics and adhesives that are essential ingredients in its own customers’ manufacturing processes. Cyberattacks could disrupt production operations, causing serious business disruption, reputational damage and fines for regulatory noncompliance. The company wanted to lift the burden from its security operations team, which was weighed down by huge volumes of inconclusive alerts and false positives.

Pennine Care NHS Foundation Trust, a provider of mental health and learning disability services in parts of Greater Manchester and Derbyshire, was faced with the challenge of protecting its operations from cyber threats. This became a priority after the 2017 WannaCry ransomware attack that disrupted a third of NHS operations. Although no patient data was compromised and the attack was stopped from spreading, all NHS trusts have since stepped up security to identify and stop future cyber threats. ICT security manager Rizwan Majeed was entrusted to protect Pennine Care NHS from cyber threats. He began to evaluate potential solutions, including network detection and response (NDR).

Bolton NHS Foundation Trust, a healthcare provider for over 140,000 people in Bolton and the surrounding area northwest of Manchester, was facing a growing challenge of protecting patient information across a growing number of mobile devices, medical internet-of-things (IoT) devices, data center workloads and cloud services. Healthcare providers have a treasure trove of patient, financial and clinical research data, making healthcare a top target for data theft. Criminals also target healthcare providers for extortion with ransomware, knowing that hospital systems must operate around the clock. Bolton NHS is just down the road from ground zero of the 2017 WannaCry outbreak in the U.K. The ransomware crisis, which affected organizations around the world, sparked many conversations at Bolton NHS. “We had proven security, but we still reassessed our weaknesses and gaps,” says Walmsley.

The telematics company, despite having a deep understanding of the tactics used by cybercriminals, was constrained by limited resources and budget. With a total of 100 employees, the IT operations team consisted of only five members who were tasked with handling everything IT-related, including security. The company provides telematic services to insurance clients, requiring them to store and transfer sensitive customer information regularly. Therefore, security was a top priority. However, with limited financial ability to fund a dedicated Security Operations Center (SOC) team, it became a priority to find budget-friendly alternatives. The company needed a solution that was software and operating system agnostic, and could help detect attacker behavior, increase their human expertise with artificial intelligence (AI), and address any threat or abnormal activity.

The global retail giant in the beauty industry was struggling with maintaining network security for hundreds of stores and a busy online retail business with a lean security budget. Every year, the company would hire consultants to conduct red team exercises to test the mettle of cybersecurity operations, and every year it failed. The seven-member security operations center (SOC) team was in need of a solution that would provide visibility inside the network to detect and respond to hidden cyberattackers. They needed a network detection and response (NDR) platform that would identify attackers that bypass firewalls and IPS at the network perimeter and provide visibility into threats inside the network.

The online gaming company, with operations in more than a dozen locations worldwide, was facing a rapidly changing threat landscape. Gaming companies are lucrative targets for cybercriminals, who range from solo actors to organized crime rings. An outage or data breach can cause material damage to the firm’s income, customer retention and longterm value. As a publicly traded company, it is required to meet a wide range of regulatory and compliance mandates, including PCI-DSS and GDPR. The gaming firm needs to be able to detect threats and attacks, which means having the ability to hunt for malicious activity around the clock without requiring security teams to be on site 24/7. At the same time, security analysts were overwhelmed by the volume of alerts from their security tools, such as SIEMs, firewalls and other defenses. Before selecting Vectra’s AI-driven platform, the company experienced limited visibility into threat behaviors inside its networks, which did not support the company’s priorities to deliver the best experience for gamers, guard its operations against attacks, and protect its brands and intellectual property.

The financial markets are a favorite target of cyberattackers, whether they are trying to disrupt the global economy, make a political statement or commit an act of war. From the banks to dealers, clearing houses to exchanges, the industry strives to maintain the availability and integrity of the financial infrastructure. It’s a massive challenge, where one worker’s misstep or moment of inattention can lead to compromised systems, financial loss and damage to corporate reputation. This exchange is well prepared to defend against the everyday cybercrimes of monetary gain and reputational damage as well as black swan events. To stay ahead of bad actors and criminals, it continually improves its information security controls and systems.

The EDAG Group, one of the world’s largest independent development partners to the automotive and aviation industries, fell victim to a ransomware attack on the night of March 13, 2021. A large number of their business-critical systems suddenly became unusable, and it was determined that their IT systems were under attack. The stakes were high as they were up against a ransomware attack. Their security team quickly stepped in and was able to control the attack, getting their systems back up and running. However, EDAG knew they needed an approach that would ensure no suspicious activity was left in the network and any future attacks would be thwarted.

The Australian Private Health Fund was facing a challenge with their existing cybersecurity solution, Darktrace. The number of alerts they were receiving was overwhelming and they needed a solution that would reduce these alerts and increase visibility across their hybrid environments. They were looking for a solution that would not only protect against external threats but also spot unusual employee behavior that could lead to vulnerabilities. The organization wanted to ensure the cyber wellness of their members and prevent any risk of their information being compromised in a cyberattack.

The company initially implemented Vectra AI to protect some of its legacy systems that did not support encryption at rest. This was necessary to meet compliance requirements. The company then extended the use of Vectra AI to monitor other devices and servers within its network. The company was looking for a solution that could detect anomalous behavior and reduce the time spent on looking into logs. The company also wanted a solution that could triage threats and correlate them with compromised host devices. The company was dealing with about 300 events a day, with about 10 to 15 events requiring investigation.

The organization had a gap in its cybersecurity infrastructure. They did not have a managed service and needed a solution that would help them detect malicious behavior and anomalies within the organization. They were looking for a solution that could provide actionable data and reduce the workload on their small team. They also needed a solution that could provide visibility into behaviors across the full lifecycle of an attack in their network, beyond just the internet gateway.