Vectra Networks is rolling out a new appliance that gives its attack-detection gear better visibility into potentially malicious activity on corporate networks.
Called S-Series, the new appliance attaches to span or tap ports of access switches at major sites and can also be placed in branch offices. It gathers information about traffic and feeds it back to Vectra’s analysis machine called X-Series, which generally is placed at headquarters or some other major site.
S-Series gathers more information than router-based NetFlow, and X-Series sorts through it to find behavior that might indicate a breach has already occurred. For example, it can flag when a network device is in communication with one outside the network and that the external device is initiating all the chatter – an indication it might be sending instructions to a compromised machine. Similarly, the system can find lateral movement of intruders across networks, spot reconnaissance and detect data theft in progress, the company says.
The company is adding a software feature called Detection Triage to its platform that can customize how suspicious activity is reported based on what is normal activity for a particular network. What appears to be risky activity – such as a device gathering data and sending the same amount outside the network – may actually be a legitimate use of Salesforce apps.
The company competes against Damballa and LightCyber.
S-Series is available now and costs $8,000.