Network-Based Asset Defense
Deceptive systems that appear as production devices act as decoy targets for early threat detection. A high-interaction environment facilitates the safe collection of adversary intelligence and the automation of analysis and incident response.
In-network threat detection can occur at the endpoint or within the network. Network-based deception addresses the attack tactics that start at the network level where attackers seek to enumerate the environment to find usernames and info on groups, shares, and services on networked computers or to harvest credentials by attempting a Man-in-the-Middle attack. This detection method is universally recognized for its ability to deliver high fidelity alerts because they are based on actual attacker engagement.
To reduce the risk of a successful attack, network-based deception is used to derail attempts at reconnaissance early in the attack cycle. Human or automated attackers will see devices that appear as production systems, where they are, in fact, decoys designed to mimic them. Deception devices that run full-OS decoys create the highest levels of authenticity. Emulated systems can also be effective for certain use cases and environments. Today’s cyber deception platforms have removed the operational issues associated with early-day honeypots and now use machine-learning to learn the environment automatically. This acquired information is then used to automate deployment and make ongoing operations to maintain authenticity extremely simple, no longer needing highly skilled experts to operate. High-interaction cyber deception platforms also provide the means to gather adversary intelligence safely for faster triage and remediation.
The Network Threat Detection Challenge
Zero Day Threats
Unknown threats, mistakes, and misconfigurations can allow attackers to bypass prevention solutions.
Shared security, containers, and serverless environments create unique detection challenges.
IOT / ICS Threats
Not all endpoints can run AV or produce logs for analysis ie: ICS, IoT, network infrastructure.
Increasing Dwell Times
73 Days to find an in-network attacker. Deception can reduce dwell times by 91%.
Early and Accurate Detection of Network Attack Activity to Minimize Organizational Risk
Detect reconnaissance from human and automated attacker.
Reduce false positives. Receive only high-fidelity alerts.
Create virtual landmines to efficiently derail attacks.
Detection coverage for on-premises, cloud, and specialized environments.
Machine-learning for automated operations.
Safely gather adversary intelligence including TTP’s and IOCs.
Learn Attacker Intent
Decoy documents serve as bait and to reveal attacker targets.
Automate incident response via native integrations.
Reduce time attackers remain undetected and response time.
Network-Based Threat Deception
Quickly detect in-network threat activity across all attack surfaces as an attacker seeks target assets, moves laterally, and maintains presence.
Decoys for Early Detection of Reconnaissance & Lateral Movement Activity
The ThreatDefend platform provides extensive endpoint protection functions that prevent attacker lateral movement. Deceptive credentials and shares protect production assets by redirecting attackers away from operational systems and into a decoy engagement environment.
- Gain early and accurate threat detection of human and automated attackers targeting networked systems and devices. Golden image customization delivers optimal authenticity
- Improve visibility into threat activity within an organization’s cloud environment
- Achieve awareness of attacks targeting ICS/SCADA systems
- Improve security over IoT devices on the network
- Learn when attackers target routers, switches, and other networking infrastructure
- Coverage for a wide-variety of endpoints and machine-learning for automated learning and deployment
- Capabilities to collect adversary intelligence and forensic data empower faster triage
- Integrations with EPP and EDR solutions facilitate automated incident response
— Decoy engagement-based detection
— Not reliant on signatures to detect attacks
— No pattern matching or database look up
— In-network threat detection
— Detect early reconnaissance
— Detect lateral movement
— Detect activities used to maintain presence
— Decoys to address all attack surfaces
— User Network
— Data Center
— Cloud (AWS, Azure, Google, OpenStack)
— Specialized: IOT, ICS, POS, SWIFT, Router
— Early detection of MitM attacks
— Attack replay to better understand movement
— Data deceptions to misdirect attack
— DecoyDocs for counterintelligence on attacker intent
— Geolocation tracking of opened documents
— Demonstrate in-network detection
— Forensics to demonstrate resolution
— Trust but verify M&A visibility
— Blue Team’s choice control during Pen Testing
— High-fidelity alerts are actionable
— Basic and advanced user interface
— Easy to deploy and operate
— Automations for attack analysys and incident response
Speak to a Security Specialist
Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.
“If you don’t know what threats are inside your network, then deception-based detection is your answer.”
— AUGUSTO BARROS, GARTNER, INC.