2016 Post-Intrusion Report

Attackers know when they're being watched and are blending in with users and common network traffic.

Download the Report

Hostage crisis survival: The ransomware pandemic


Webinar: New Rules of Engagement for Breach Detection


"Identifies attacks as they are happening"

– Peter Stephenson, Technology Editor


Get better data out of big data


One of the year's hottest cybersecurity companies.

Read all about it

Heading to the Gartner Security & Risk Management Summit?

June 13-16 National Harbor, Maryland


Vectra Bootcamp

Live 30-minute introduction to the Vectra product and its underlying technology.

Register Now



Up and running in minutes. Vectra learns everything it needs to know.


Continuous threat monitoring instantly identifies any phase of a cyber attack.


The Threat Certainty Index™ prioritizes the most serious threats in your network.


Learns new threat behaviors and adapts to your ever-changing network.


Cyber security information center
20 April 2016

This week we are proud to announce the release of the third edition of the Vectra Post-Intrusion Report. And while there are plenty of reports from security vendors out there, this one provides something that is unique. More

View More Blog Posts

News & Media

The rapid evolution of ransomware in the enterprise
SecurityWeek | 2 May 2016

While early versions of ransomware targeted individuals, the approach is now rapidly evolving and has been successfully adapted to target enterprises. This has literally raised the stakes, prompting considerable changes to current best practices in order to protect enterprise data from ransomware. More

Cyberattackers are getting quieter once they’re inside the network
ITProPortal | 2 May 2016

"No matter how much money you spend on prevention, perfection is not attainable," writes Wade Williamson, director of threat analytics at Vectra. "The good news is that even though attackers will almost always find a way in, security teams are able to find and stop those intrusions before data is compromised." More

Dezente Methoden für Netzwerk-Spionage
IT SecCity | 2 May 2016

Hackerangriffe werden immer unauffälliger. Das ist ein Ergebnis des aktuellen Post Intrusion Reports von Vectra Networks. Die Studie befasst sich mit realen Praxisfälle, in denen Hacker die vorhandene Perimeter-Abwehr umgangen haben, und analysiert die Aktivität von Cyberkriminellen, nachdem diese ins Netzwerk eingedrungen sind. More

Six steps for responding to a disruptive attack
DarkReading | 29 April 2016

Disruptive attacks have become a disturbing trend that IT security departments must consider when analyzing the ongoing threat landscape. This DarkReading article includes six slides that were developed following interviews with Günter Ollmann, chief security officer at Vectra Networks, and Jurgen Kutscher, senior vice president at FireEye. More

Was gegen Cyberattacken hilft
LANline | 29 April 2016

In vielen modernen Industrieunternehmen bilden digitale Netzwerke längst das Rückgrat der Maschine-zu-Maschine-Kommunikation. Dies wissen jedoch auch Hacker. Wie Unternehmen im Zeitalter der Industrie 4.0. ihre sensiblen Daten mit Hilfe von Data Science und maschinellem Lernen vor Hacker-Angriffen schützen können. More

Scoping the insider threat
Network Computing | 28 April 2016

"Much of our traditional response to cyber threats is predicated on what we know or suspect," said Matt Walmsley, director at Vectra. "The most dangerous threat to data, user and system security is unknown unknowns. In other words, the threats that have yet to be captured in the wild, then mapped and understood." More

Post-Intrusion Report shows that attackers are getting quieter inside the network
Global Banking and Finance Review | 27 April 2016

“Because brute force techniques are so noisy, more experienced and skilled attackers tend to try other access techniques first – preferably automatable techniques that are difficult to distinguish from normal network traffic and where failures are unlikely to be alerted upon,” said Vectra CSO Günter Ollmann. More

Attackers opt for discreet methods to spy inside the network
Help Net Security | 25 April 2016

Vectra researchers found that the use of HTTP and HTTPS command-and-control attacks using hidden tunnels made a significant jump this year. HTTP and HTTPS C&C is an emerging technique that allows attackers to pass hidden messages and steal data within protocols that are generally not blocked by perimeter firewalls. More

A busy week of security studies: Insider, DDoS, mobile threats
eWeek | 24 April 2016

While attackers use different methods to get into networks, the Vectra Networks 2016 Post-Intrusion Report provides some insights into what attackers are doing once they gain access. Command-and-control (C&C) activity from a botnet host was found in 67 percent of attacks. More

Report shows cyber attackers are getting quieter once inside the network
Continuity Central | 22 April 2016

Vectra has published the results of its latest Post-Intrusion Report, a real-world study about threats that evade perimeter defences and what attackers do once they get inside the network. The report analysed data from 120 Vectra customer networks comprised of more than 1.3 million hosts over the first quarter of 2016. More

How attackers have honed their attacks
DarkReading | 21 April 2016

"On the front end, pretty much every network let an attacker get inside," Wade Williamson, director of threat analytics, said about Vectra's new Post-Intrusion Report. "But the good news is that people who are paying attention are keeping data from getting out. There is scary news on the front end, but it is manageable. More

Attackers are quietly creeping inside your perimeter using covert communications
Information Age | 21 April 2016

Whether attackers breach perimeter defences through a targeted exploit or a broadcast botnet campaign, financial and reputational losses for victim organisations begins to occur once cybercriminals move laterally within the network – searching for, and stealing, confidential information and intellectual property, writes Vectra CSO Günter Ollmann. More

Vectra Post-Intrusion Report Shows Cyber Attackers Are Getting Quieter Inside Networks
Vectra Press Release | 20 April 2016

The 2016 Post-Intrusion Report from Vectra reveals that cyber attackers know they’re being watched and are responding by blending in with users and hiding in normal network traffic. This report analyzed data from 120 Vectra customer networks comprised of more than 1.3 million hosts over the first quarter of 2016. All organizations showed signs of targeted attacks, including internal reconnaissance, lateral movement or data exfiltration. More

The intruder's kill chain – Detecting a subtle presence
SecurityWeek | 20 April 2016

Vectra's recently released Post-Intrusion Report offers good news and bad news for security teams. The good news shows that more companies are successfully detecting intrusions before attackers manage to exfiltrate data. The bad news is that intruders are developing new and more professional ways of hiding their presence. More

Interview: Günter Ollmann, Vectra Networks
Infosecurity Magazine | 20 April 2016

“We are focused on lateral movement detection as opposed to prevention or detection, and the approach being achieved through sophisticated machine and model learning approaches,” said Vectra CSO Günter Ollmann tells Dan Raywood, editor of Infosecurity magazine.. More

Hackerangriffe werden immer unauffälliger
Funkschau | 20 April 2016

Das deutsche Fachmagazin Funkschau hat die Ergebnisse des aktuellen Post Intrusion Reports von Vectra Networks vorgestellt. Gérard Bauer, Vice President EMEA bei Vectra Networks, erklärt exklusiv auf Funkschau, was die Ergebnisse der Studie für Firmen bedeuten und was Entscheider in Sachen Sicherheitsstrategie berücksichtigen sollten. More

Post Intrusion Report von Vectra Networks deckt auf: Hackerangriffe werden immer unauffälliger
Vectra Press Release | 20 April 2016

Vectra® Networks stellt heute die Ergebnisse seines Post Intrusion Reports vor. Die Studie befasst sich mit realen Praxisfällen, in denen Cyberkriminelle die vorhandene Perimeter-Abwehr umgangen haben und analysiert die Aktivität von Hackern, nachdem diese ins Netzwerk eingedrungen sind More

By the numbers: Just how important is transparency to security posture?
SC Magazine | 14 April 2016

Symantec's new report includes interesting numbers on how many companies fail to report breaches. Not so fast, says Vectra CSO Günter Ollmann, who told SC that there is "no easy answer to the debate over breach disclosure" because there is no accepted definition of what qualifies as a breach. And since many companies can't identify threat activity, "if you can't observe it, how can you prove you were breached?" More

Hat Sandboxing als Hacker-Abwehr ausgedient?
Silicon.de | 14 April 2016

Hat das Thema Sandboxing 2015 noch beachtliche Investitionen hervorgebracht, zeichnet sich für 2016 eine Trendwende ab. So setzt sich in Unternehmen zunehmend die Erkenntnis durch, dass durch entsprechend programmierte Schadsoftware diese Form der Perimeter-Abwehr immer leichter umgangen werden kann. More

WordPress SSL now free for hosted sites, thanks to Let's Encrypt
TechTarget | 12 April 2016

"Moving to HTTPS for hosted websites with custom domain names is great for privacy, but offers no significant advantage against the constant plague of remotely exploitable vulnerabilities that WordPress has suffered from over the last decade," said Günter Ollmann, chief security officer at Vectra. More

Lateral movement: When cyber attacks go sideways
SecurityWeek | 11 April 2016

The lateral movement phase of a cyber attack will continue to be of strategic importance to the overall success of cybercriminals, writes Wade Williamson, director of threat analytics at Vectra. And as these attackers get better at patient, low-and-slow intrusions, their lateral movement skills will evolve and improve over time. More

Vectra debuts global channel partner program
The VAR Guy | 7 April 2016

“We made an intentional decision from the beginning to embrace the channel community because they are critical to our success,” said Hitesh Sheth, president and CEO of Vectra Networks. “Cybersecurity is critical to every organization because the threat is already inside.” More

View All News & Events


Upcoming Events

Data Connectors San Antonio

5 May 2016 - San Antonio, TX

The San Antonio Tech-Security Conference features 40-60 vendor exhibits and 8-12 educational speaker sessions discussing current tech-security issues such as cloud security, email and social media security, VoIP, LAN security, wireless security, USB drives security & more. Numerous door prizes such as iPads, Kindles, $25, $50 and $100 gift cards and lots more! You'll come away with advice and knowledge so you can start proactively protecting your environment from the latest security breaches. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. THIS CONFERENCE QUALIFIES FOR CPE CREDITS. Scroll down to view the full conference agenda.
Register Today.

2016 Information Security Forum - ISSA Pittsburgh

6 May 2016 - Monroeville, Pennsylvania

The Pittsburgh Chapter of ISSA is holding their annual Security Forum at the Doubletree Hotel in Monroeville Pennsylvania on Friday May 6th. This is an all-day event with the proceeds going to a local food pantry. There will be presentations of various security topics as well as vendor tables to assist you in securing your environment with the latest products.
Register Today.

View all events »