2016 Post-Intrusion Report

Attackers know when they're being watched and are blending in with users and common network traffic.

Download the Report

Hostage crisis survival: The ransomware pandemic


"Identifies attacks as they are happening"

– Peter Stephenson, Technology Editor


Heading to the Gartner Security & Risk Management Summit?

June 13-16 National Harbor, Maryland


Vectra Bootcamp

Live 30-minute introduction to the Vectra product and its underlying technology.

Register Now



Up and running in minutes. Vectra learns everything it needs to know.


Continuous threat monitoring instantly identifies any phase of a cyber attack.


The Threat Certainty Index™ prioritizes the most serious threats in your network.


Learns new threat behaviors and adapts to your ever-changing network.


Cyber security information center
20 April 2016

This week we are proud to announce the release of the third edition of the Vectra Post-Intrusion Report. And while there are plenty of reports from security vendors out there, this one provides something that is unique. More

View More Blog Posts

News & Media

Machine learning helps detect real-time network threats
ThirdCertainty | 23 May 2016

“The core problem is that all the sensors the company has invested in – firewalls, sandboxes, AV – act as good filters, but they don’t stop everything from getting in,” says Oliver Tavakoli, Vectra chief technology officer. Vectra CSO Günter Ollmann adds that traditional tools relied on blacklists, two-dimensional signatures and behavioral analytics, which are driven by human decisions. More

How to handle the new U.S.-EU data regulations
TechRadar | 23 May 2016

The U.S.-EU Privacy Shield is seen – from a European perspective – as weak, and unable to prevent NSA surveillance of EU citizens. "The Privacy Shield is taking so long to agree due to the vast legal differences between the EU and U.S., especially when it comes to the handling of personal data," says Günter Ollmann, CSO at Vectra Networks. More

It's behavior, not names, that gives attackers away
CSO | 19 May 2016

“There seems to be a lot of pride in naming threats,” says Mike Banic, vice president of Vectra Networks, “but a lot of them behave in similar ways, and you don’t need a signature to recognize that. The IP address and the URL may change, but the fundamental behavior will not.” More

Domain abuse sinks ‘anchors of trust’
DarkReading | 18 May 2016

Günter Ollmann, chief security officer at Vectra Networks, notes that 0.2% of expired domains were found to be tied to some malicious behavior. “It is a very subtle attack and unlikely to be detected immediately” with today’s reputation systems, he says. More

FBI asked for responsible disclosure of Tor vulnerability
TechTarget | 13 May 2016

Günter Ollmann, chief security officer at Vectra Networks, noted that while Mozilla would like advanced disclosure, "precedents exist in this community, which means the FBI has no legal or ethical commitment to do so." More

Influencers oppose expanding federal hacking authorities
Passcode/The Christian Science Monitor | 9 May 2016

In late April, the Supreme Court announced a controversial change to Rule 41, a federal criminal procedural rule that would allow U.S. magistrates to grant law enforcement warrants to search computers outside their home districts. “Would the U.S. be bound to honoring foreign governments the same jurisdictional incursion into U.S. computers?” asks Vectra CSO Günter Ollmann, one of 150 security experts asked to participate in the Passcode Influencers Poll. More

Canary in the ransomware mine
IT Security Guru | 9 May 2016

"I’m often asked how organisations can stop ransomware from shutting down their business in the cheapest and most robust way?" Günter Ollmann, CSO of Vectra Networks tells IT Security Guru. "The quickest no-frills way of mitigating the network encryption piece of ransomware is actually pretty simple and follows the canary-in-a-coal-mine principle.” More

How to protect your business from common cyber attacks
Computer Business Review | 4 May 2016

Matt Walmsley, EMEA director at Vectra Networks, commented that cyber security training is not a “one-time pill, it needs to be an iterative process embedded into an organisations security posture and refined based upon contextual learnings." More

The rapid evolution of ransomware in the enterprise
SecurityWeek | 2 May 2016

While early versions of ransomware targeted individuals, the approach is now rapidly evolving and has been successfully adapted to target enterprises. This has literally raised the stakes, prompting considerable changes to current best practices in order to protect enterprise data from ransomware. More

Cyber attackers are getting quieter once they’re inside the network
ITProPortal | 2 May 2016

"No matter how much money you spend on prevention, perfection is not attainable," writes Wade Williamson, director of threat analytics at Vectra. "The good news is that even though attackers will almost always find a way in, security teams are able to find and stop those intrusions before data is compromised." More

Dezente Methoden für Netzwerk-Spionage
IT SecCity | 2 May 2016

Hackerangriffe werden immer unauffälliger. Das ist ein Ergebnis des aktuellen Post Intrusion Reports von Vectra Networks. Die Studie befasst sich mit realen Praxisfälle, in denen Hacker die vorhandene Perimeter-Abwehr umgangen haben, und analysiert die Aktivität von Cyberkriminellen, nachdem diese ins Netzwerk eingedrungen sind. More

Six steps for responding to a disruptive attack
DarkReading | 29 April 2016

Disruptive attacks have become a disturbing trend that IT security departments must consider when analyzing the ongoing threat landscape. This DarkReading article includes six slides that were developed following interviews with Günter Ollmann, chief security officer at Vectra Networks, and Jurgen Kutscher, senior vice president at FireEye. More

Was gegen Cyberattacken hilft
LANline | 29 April 2016

In vielen modernen Industrieunternehmen bilden digitale Netzwerke längst das Rückgrat der Maschine-zu-Maschine-Kommunikation. Dies wissen jedoch auch Hacker. Wie Unternehmen im Zeitalter der Industrie 4.0. ihre sensiblen Daten mit Hilfe von Data Science und maschinellem Lernen vor Hacker-Angriffen schützen können. More

Scoping the insider threat
Network Computing | 28 April 2016

"Much of our traditional response to cyber threats is predicated on what we know or suspect," said Matt Walmsley, director at Vectra. "The most dangerous threat to data, user and system security is unknown unknowns. In other words, the threats that have yet to be captured in the wild, then mapped and understood." More

Post-Intrusion Report shows that attackers are getting quieter inside the network
Global Banking and Finance Review | 27 April 2016

“Because brute force techniques are so noisy, more experienced and skilled attackers tend to try other access techniques first – preferably automatable techniques that are difficult to distinguish from normal network traffic and where failures are unlikely to be alerted upon,” said Vectra CSO Günter Ollmann. More

Attackers opt for discreet methods to spy inside the network
Help Net Security | 25 April 2016

Vectra researchers found that the use of HTTP and HTTPS command-and-control attacks using hidden tunnels made a significant jump this year. HTTP and HTTPS C&C is an emerging technique that allows attackers to pass hidden messages and steal data within protocols that are generally not blocked by perimeter firewalls. More

A busy week of security studies: Insider, DDoS, mobile threats
eWeek | 24 April 2016

While attackers use different methods to get into networks, the Vectra Networks 2016 Post-Intrusion Report provides some insights into what attackers are doing once they gain access. Command-and-control (C&C) activity from a botnet host was found in 67 percent of attacks. More

Report shows cyber attackers are getting quieter once inside the network
Continuity Central | 22 April 2016

Vectra has published the results of its latest Post-Intrusion Report, a real-world study about threats that evade perimeter defences and what attackers do once they get inside the network. The report analysed data from 120 Vectra customer networks comprised of more than 1.3 million hosts over the first quarter of 2016. More

How attackers have honed their attacks
DarkReading | 21 April 2016

"On the front end, pretty much every network let an attacker get inside," Wade Williamson, director of threat analytics, said about Vectra's new Post-Intrusion Report. "But the good news is that people who are paying attention are keeping data from getting out. There is scary news on the front end, but it is manageable. More

Attackers are quietly creeping inside your perimeter using covert communications
Information Age | 21 April 2016

Whether attackers breach perimeter defences through a targeted exploit or a broadcast botnet campaign, financial and reputational losses for victim organisations begins to occur once cybercriminals move laterally within the network – searching for, and stealing, confidential information and intellectual property, writes Vectra CSO Günter Ollmann. More

Vectra Post-Intrusion Report Shows Cyber Attackers Are Getting Quieter Inside Networks
Vectra Press Release | 20 April 2016

The 2016 Post-Intrusion Report from Vectra reveals that cyber attackers know they’re being watched and are responding by blending in with users and hiding in normal network traffic. This report analyzed data from 120 Vectra customer networks comprised of more than 1.3 million hosts over the first quarter of 2016. All organizations showed signs of targeted attacks, including internal reconnaissance, lateral movement or data exfiltration. More

The intruder's kill chain – Detecting a subtle presence
SecurityWeek | 20 April 2016

Vectra's recently released Post-Intrusion Report offers good news and bad news for security teams. The good news shows that more companies are successfully detecting intrusions before attackers manage to exfiltrate data. The bad news is that intruders are developing new and more professional ways of hiding their presence. More

View All News & Events


Upcoming Events

TechJunction - Willamette Valley

2 June 2016 - Eugene, OR

Staying up to date with the technology that runs your organization and ensures a secure environment for your data and infrastructure are critical to your business. TechJunction helps you meet these needs by providing quality, vendor-neutral educational seminars, drawn from case studies and best practice examples from leaders in the field.
Register Today.

Cyber Security for Financial Services Exchange

5 June 2016 to 7 June 2016
Jersey City, New Jersey

The Cyber Security for Financial Services Exchange presents the opportunity for delegates to network and build partnerships with peer level professionals, while learning new ideas and strategies that they can replicate within their own financial organizations, to build a best practices culture.
Register Today.

View all events »