IoT devices as bait for cyber attackers
Attivo Networks has integrated its Deception technology-based ThreatDefend platform into the Microsoft Azure Security Center.
This further improves the detection rate and response time when attacking the Microsoft Azure IoT Edge service.
Because Intelligent Edge is a common target for attackers, the Azure IoT Edge service actively addresses emerging cyber risks by using Attivo ThreatDefend to detect threats. The integration of both platforms offers companies a reliable way to quickly and securely identify attackers in the network, mislead them and react to them.
Azure IoT Edge is a fully managed service based on the Azure IoT Hub. It enables companies to run cloud workloads via standard containers on IoT Edge devices. When certain workloads are migrated to the fringes of the network, IoT devices spend less time communicating with the cloud. This means that these devices can react more quickly to local changes and they work reliably even over long periods without an internet connection.
IoT deception on a large scale
The joint solution from Attivo Networks and Microsoft is designed so that Azure IoT modules can be used seamlessly as bait. In this way, threats are recognized early and warded off. Cyber security teams can install the Attivo Networks ThreatDirect solution on IoT Edge devices and lay them out directly from the Azure IoT Hub console. In this way, large-scale deception maneuvers can be projected over the cloud, IoT devices or in industrial and medical corporate networks to protect the entire infrastructure of a company. This jointly developed solution is available in the Azure Marketplace.
The Attivo ThreatDefend platform is based on the generation of a virtual deception environment that is modeled on the real network environment of the respective company. Attackers automatically get the baits laid out by Attivo Networks and are lured into the deception environment, recognized and repelled. As soon as attackers target IoT Edge devices and try to search for information on the network or move across the network, they will encounter objects of interest that are deceptively similar to real production systems. Any active search will result in the attack being redirected to the deception environment. ThreatDefend then triggers an alarm that automatically notifies the Azure Security Center.
“The efficient detection of cloud-based attacks on containers and IoT devices is a major challenge for all security systems,” explains Joe Weidner, Regional Director DACH at Attivo Networks. “We are excited to partner with Microsoft to provide businesses with improved visibility, early detection and accelerated response to attacks, which they urgently need to effectively combat increasingly sophisticated attackers while taking full advantage of the Intelligent Edge.”
Michal Braverman-Blumenstyk, CTO and GM, Cloud and AI Security Division at Microsoft, says: “We at Microsoft believe it is our responsibility to provide a trustworthy, easy-to-use platform that enables customers to securely build and implement their IoT implementations Our collaboration with Attivo Networks strengthens Azure Security Center for IoT Edge’s security framework with effective, deception-based detection that enables organizations to respond to ever-changing security needs. ”
Read the original article.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise