solutions test page - Attivo Networks

Incident Response

Actionable alerts, forensics, and automation to accelerate incident response.

Free Active Directory Security Assessment for Unprecedented Visibility to AD Vulnerabilities

Awards

SC 2020 Awards
CDM-INFOSEC-WINNER-2020
Info Security Products Guide 2020 Gold
cybersecurity excellence award
Astors award platinum 2019

The State Of Active Directory

Don’t leave the door open for attackers to secure the “keys to the kingdom”.

Ransomware

increasing threats

26% Increase in Attacks in Early 2020

— Akrose Labs

Point of Sale

point-of-sale attacks

Top threat to the retail industry

— Booz Allen Hamilton

Retail Sector

monthly attacks

Every month, 44% of retail firms get hit by an average of 50+ cyberattacks.

— Best VPNs

Median time to Detection

median time to detection

197 days in the retail sector.

— Ponemon

Overview

The Attivo Networks Deception and Response Platform provides substantiated, actionable alerts. Its decoys record all attacker interactions to capture the forensic evidence analysts need to conduct and report on their investigations. With the Informer solution, the built in analysis engine automatically correlates attack data, enriches the information with native threat intelligence feeds, and delivers an accurate chronological session view of all attacker activity. The system automates incident response with integrations that provide automatic threat intelligence sharing, blocking, and threat hunting. The ThreatOps module can be activated to provide repeatable playbooks, providing consistent and rapid responses from a deception-based detection. These functions all simplify and increase the efficiency of the incident response process.

Benefits

Retail organizations choose Attivo Networks® deception-based threat detection for:

Benefits Subtitle

substantiated-alerts

Substantiated Alerts

  • Based on Attacker engagement
  • Immediately Actionable
  • Responders can act with high confidence
automated-analysis

Automated Analysis

  • Attack information correlation
  • Threat intelligence enrichment
  • Identify polymorphic or time-triggered activity

Active Directory Protection Coverage

Keep businesses safe by preventing the misuse of privileged credentials and accounts with continuous Active Directory assessment and attack path visibility. Expose and remediate at risk credentials and paths that provide access to an organization’s most valuable assets.

  • Credentials

  • Shadow Admins

  • Stale Accounts

  • Shared Credentials

  • Identity Attack Paths

Active Directory-Specific MITRE ATT&CK Techniques

Attivo Networks Active Directory protection provides comprehensive security for MITRE ATT&CK Techniques

  • Domain groups
  • Cloud groups
  • Local groups

T1069: Permission Group Discovery

T1078: Valid Accounts

  • Local Account
  • Domain Account
  • Email Account
  • Cloud Account

T1135: Network Share Discovery

T1207: Rogue Domain Controller (Dcshadow)

T1482: Domain Trust Discovery

  • Golden ticket attack
  • Silver ticket attack

T1557: Steal Or Forge Kerberos Tickets: (Kerberoasting)

Cloud Environments Supported

Amazon Web Services
logo-google-edited-150x45
logo-microsoft-azure
logo-openstack
logo-oracle-cloud

Attivo Active Directory Protection Solutions

Attivo Active Directory Protection Solutions

Port/Service Scans

The Endpoint Detection Net Solution (Deflect Feature) Provides:

  • Endpoint-based port and service reconnaissance visibility and alerting
  • Inbound or outbound attack-related connection redirection
  • Host fingerprinting prevention
  • Native host quarantine
The Endpoint Detection Net™ Solution (Deflect Feature) Offers:

Port/Service Scans

The Endpoint Detection Net™ Solution (Deflect Feature) Offers:

The Endpoint Detection Net Solution (Deflect Feature) Provides:

  • Endpoint-based port and service reconnaissance visibility and alerting
  • Inbound or outbound attack-related connection redirection
  • Host fingerprinting prevention
  • Native host quarantine

Incident Response Capabilities

binoculars

Attack Analysis

info

Threat Intelligence Development

actions

Automated Response Actions

magnifying-glass

Malware Analysis

cog

Native Integrations

eye

Attack Time-Lapse Replay

Cyber Deception For All Attack Surfaces

Attivo Networks cyber deception provides early and accurate threat detection with centralized management for an evolving attack surface.

cloud

Cloud

AWS, Azure, OpenStack, Google

data-center-network

Data Center Network

Distributed, microsegmented, private, public, hybrid

corporate-lan

Corporate LAN

User, guest, wireless, wired

endpoint

Endpoint

Mac, Windows, Linux, credentials, mapped shares, profile data

cloud

Cloud

AWS, Azure, OpenStack, Google

data-center-network

Data Center Network

Distributed, microsegmented, private, public, hybrid

corporate-lan

Corporate LAN

User, guest, wireless, wired

endpoint

Endpoint

Mac, Windows, Linux, credentials, mapped shares, profile data

“The most important thing you do is provide me alerts based on confirmed activity… you are my eyes and ears on the inside of my network.. the nerve center”

CISO, FORTUNE 500 FINANCIAL SERVICES FIRM

Closing The Detection Gaps For All Threat Vectors

100Perimeter & endpoint security solutions cannot reliably stop attacks from all vectors and methods. This has resulted in attacker dwell times averaging 101+ days (M-Trends 2018 Report). Deception technology plays a critical role in changing this paradigm by detecting attacks that have bypassed other security controls, early and accurately, regardless of the methods used to compromise the network. Since deception uses traps and lures to detect an adversary, the solution is not reliant on signatures or database look up. This makes deception scalable and capable of reliably detecting attackers using ever-changing attack methods and targeting rapidly evolving attack surfaces.

zero-day

Zero-day Exploitation

credential-theft

Credential Theft/reuse

network

Network Reconnaissance

active-directory

Active Directory Reconnaissance

communication

Communication Over Https

man-in-the-middle

Man-in-the-middle Attack

Use Cases

Hiding data, cyber deception, and misdirections reveal attackers early as they look to conduct reconnaissance, steal credentials, and to move laterally in order to escalate their attack.

Deception and concealment are non-disruptive technologies to set up. Deployment is simple and automated, accomplished in as little as day. Credential customization and deployment is fast and easy with a wide variety of options. Active Directory protection and assessments happen at the endpoints in in the cloud with no impact to production AD controllers.

High fidelity alerts are based on attacker engagement with decoys, deception credentials, port scanning, or other bait. Each alert is actionable with attack details for prompt incident response.

Machine-learning is applied to create dynamic deception campaigns that simplify ongoing deception environment authenticity, refresh, and redeploy after a compromise is detected. Engagement-based alerts prevent false-positives, automate attack analysis and incident response actions, and remove operation burden.

Extensive 3rd party integrations accelerate incident response and reduce the meantime to remediation. Automations will accelerate blocking, quarantine, and threat hunting, while repeatable playbooks streamline incident response.

Sequence

  • 01 Attacker compromises a system

  • 02Attacker enumerates local files and folders

  • 03Attacker queries for local administrator accounts

deception-for-penimg

Deception For Ongoing Assessment And Compliance

Deception plays an important role in proving network resiliency. Blue teams can go into Pen Tests with confidence that they will be able to detect and record the actions of their Red team adversary. One of the benefits of the ThreatDefend platform is its ability to not only detect early reconnaissance and credential theft, but also in its ability to record and report on every move for the proof that they are well equipped to detect and quickly respond to threats. These reports can also be crucial for proving company and supplier compliance.

Think that deception wont be effective if the Red team knows its installed. You will be pleasantly surprised that Attivo Networks detection passes with flying colors, even when the attacker anticipates it is installed. Want to see what an attacker would see or how it will hold up against the adversary? Check out the BOTsink vulnerability emulator or ThreatInject tools to see what an attacker will see when looking for deception.

Deception use cases for retail organizations

In-Network Visibility

Deception use cases for retail organizations

In-Network Visibility

Retail organizations manage a complicated network that can include corporate and business assets, remote store networks, customer-facing web applications, and networks that operate Point-of-Sale systems. The Attivo Networks ThreatDefend deception and response platform is uniquely suited to provide eyes-inside-the-network visibility to all areas of a retail organization’s IT infrastructure. Benefits include the ability to quickly detect targeted attacks, unknown threats, and policy violations that may come from external, supplier, or internal threat actors.

Lateral Movement to POS Systems

Deception use cases for retail organizations

Lateral Movement to POS Systems

POS systems have proven to be a prime target to be breached because of the large financial gains that can be made. Attivo Networks empowers retail organizations by providing efficient detection of attacks targeting POS management severs an lateral movement throughout the network. The ThreatDefend™ platform can accurately detect threats by identifying the infected clients being used by attackers to propagate the attack. The solution significantly reduces detection time, providing the context retail organizations need for remediation of an attack and to mitigate the risk of an attacker’s return.

IoT Threats

Deception use cases for retail organizations

IoT Threats

As the amount of devices connected to the Internet of Things (IoT) continues to explode, the serious security complications surrounding these devices must be addressed by retail organizations concerned about protecting critical customer data.

The Attivo Networks platform can be configured to look identical to the IoT devices on an organizations network (signage, card readers, environmental control systems, etc.); engagement servers and decoys appear as real production IoT servers and services, deceiving attackers into thinking they’re authentic. By engaging with decoys and not with production devices, the attacker reveals themselves and can then be quarantined and studied for detailed forensics.

Mergers and Acquisitions

Deception use cases for retail organizations

Mergers and Acquisitions

The Attivo Networks platform has a proven track record in playing a crucial role during M&A due diligence and post-acquisition integration for retail organizations. By detecting hidden threats, identifying security deficiencies, and providing risk visibility, these insights can be applied to mitigate risk and to strengthen the combined organization’s overall security posture. The platform can instantly detect and alert on suspicious behavior that may arise from new network access including insiders, suppliers, and contractors, and will provide detailed forensics to understand and quickly react/respond to anomalous behavior.

Insider Threats

Deception use cases for retail organizations

Insider Threats

It has become increasingly important for retail organizations to be able to identify and stop attacks from within. Whether these threats are from employees, contractors, or suppliers, insider threats start with the advantage of already being inside—often with privileged access to the network and sensitive information. Deception technology is a tried-and-proven technique for outmaneuvering the adversary. Applying deception technology allows retail organizations to effectively protect sensitive assets and data from an insider threats and provides tools needed to quickly and accurately detect and identify suspicious or malicious insider activity.

Business Value

Early and Accurate Detection of Network Attack Activity to Minimize Organizational Risk

Reconnaissance

Detect reconnaissance from human and automated attacker.

Alerting

Reduce false positives. Receive only high-fidelity alerts.

Derailing Attacks

Create virtual landmines to efficiently derail attacks.

Reconnaissance

Detect reconnaissance from human and automated attacker.

Alerting

Reduce false positives. Receive only high-fidelity alerts.

Derailing Attacks

Create virtual landmines to efficiently derail attacks.

Reconnaissance

Detect reconnaissance from human and automated attacker.

Alerting

Reduce false positives. Receive only high-fidelity alerts.

Derailing Attacks

Create virtual landmines to efficiently derail attacks.

Securing The Enterprise When Employees Work Remotely

Active Directory Reconnaissance

Real time visibility on attempts to enumerate hosts on the VPN network segment.

Active Directory Reconnaissance

Real time visibility on attempts to enumerate hosts on the VPN network segment.

Active Directory Reconnaissance

Real time visibility on attempts to enumerate hosts on the VPN network segment.

A Proactive Defense Disrupts An Attacker’s Playbook And Changes The Asymmetry Of An Attack

Visibility

Visibility

See attack activity across any attack surface, regardless of location.

Proactive Prevention

Prevention

Deny attackers from exploiting high-privileged accounts and sensitive data.

In-Network Detection

Detection

Alert on in-network discovery, lateral movement, and privilege escalation activity.

Attivo users see an average increase of 42% in detection rate when leveraging the Attivo Networks EDN solution with traditional endpoint security tools. To learn more, check out the TAG Cyber report on using Deception to Improve MITRE ATT&CK Test Results for Endpoint Security, the Attivo Testing Insights solution brief, and the MITRE whitepaper that maps our comprehensive coverage.

Identity Detection And Response

Identity attack surface management solutions for the enterprise

ThreatStrike

Detect endpoint credential theft and reuse

ThreatStrike

Detect endpoint credential theft and reuse

ThreatStrike

Detect endpoint credential theft and reuse

ThreatStrike

Detect endpoint credential theft and reuse

ThreatStrike

Detect endpoint credential theft and reuse

phone-icon

Want more information?

If you’d like to know more before signing up for the free trial, our security specialists would be happy to walk you through a demo.

Resources

Solution Brief
POS System Attacks Whitepaper
td-platform-vid
Deception-based Threat Detection Ebook
td-platform-vid
Use Cases To Defeat Advanced Attackers
Customer Experiences in Real-World Deception Deployments
Deception for Mergers and Acquisitions
Large Retailer uses Deception for Active Acquisition Strategy

Spotlight

Defending the Retail Industry Against Cyber Attacks Using Deception

Ready to find out what’s lurking in your network?

Scroll to Top