Network-Based Asset Defense - Attivo Networks

Network-Based Asset Defense

Deceptive systems that appear as production devices act as decoy targets for early threat detection. A high-interaction environment facilitates the safe collection of adversary intelligence and the automation of analysis and incident response.

Overview

In-network threat detection can occur at the endpoint or within the network. Network-based deception addresses the attack tactics that start at the network level where attackers seek to enumerate the environment to find usernames and info on groups, shares, and services on networked computers or to harvest credentials by attempting a Man-in-the-Middle attack. This detection method is universally recognized for its ability to deliver high fidelity alerts because they are based on actual attacker engagement.

To reduce the risk of a successful attack, network-based deception is used to derail attempts at reconnaissance early in the attack cycle. Human or automated attackers will see devices that appear as production systems, where they are, in fact, decoys designed to mimic them. Deception devices that run full-OS decoys create the highest levels of authenticity. Emulated systems can also be effective for certain use cases and environments. Today’s cyber deception platforms have removed the operational issues associated with early-day honeypots and now use machine-learning to learn the environment automatically. This acquired information is then used to automate deployment and make ongoing operations to maintain authenticity extremely simple, no longer needing highly skilled experts to operate. High-interaction cyber deception platforms also provide the means to gather adversary intelligence safely for faster triage and remediation.

The Network Threat Detection Challenge

Reduce Dwell Time

Zero Day Threats

Unknown threats, mistakes, and misconfigurations can allow attackers to bypass prevention solutions.

Cloud

Cloud Threats

Shared security, containers, and serverless environments create unique detection challenges.

ICS-SCADA

IOT / ICS Threats

Not all endpoints can run AV or produce logs for analysis ie: ICS, IoT, network infrastructure.

Median time to Detection

Increasing Dwell Times

73 Days to find an in-network attacker. Deception can reduce dwell times by 91%.

Business Value

Early and Accurate Detection of Network Attack Activity to Minimize Organizational Risk

Reconnaissance

Detect reconnaissance from human and automated attacker.

Alerting

Reduce false positives. Receive only high-fidelity alerts.

Derailing Attacks

Create virtual landmines to efficiently derail attacks.

Detection Coverage

Detection coverage for on-premises, cloud, and specialized environments.

Machine-Learning

Machine-learning for automated operations.

Threat Intelligence

Safely gather adversary intelligence including TTP’s and IOCs.

Learn Attacker Intent

Decoy documents serve as bait and to reveal attacker targets.

Incident Response

Automate incident response via native integrations.

Dwell Time

Reduce time attackers remain undetected and response time.

Network-Based Threat Deception

Quickly detect in-network threat activity across all attack surfaces as an attacker seeks target assets, moves laterally, and maintains presence.

Decoys for Early Detection of Reconnaissance & Lateral Movement Activity

servers-img

Servers

endpoint

endpoints

active-directory-2

Active Directory

application-img

Application

data-img

Data

Specialized Devices

IoT

Medical IoT

Industrial Control

POS

Router Infrastructure

Benefits

The ThreatDefend platform provides extensive endpoint protection functions that prevent attacker lateral movement. Deceptive credentials and shares protect production assets by redirecting attackers away from operational systems and into a decoy engagement environment.

Icon_Attacker-target_white

High-Fidelity Detection

  • Gain early and accurate threat detection of human and automated attackers targeting networked systems and devices. Golden image customization delivers optimal authenticity
Icon_Cloud_white

Cloud Threat Detection

  • Improve visibility into threat activity within an organization’s cloud environment
Icon_Industry_white

Industrial Control Threat Detection

  • Achieve awareness of attacks targeting ICS/SCADA systems
IoT

IoT Threat Detection

  • Improve security over IoT devices on the network
Alert

Network Infrastructure Threat Detection

  • Learn when attackers target routers, switches, and other networking infrastructure
Scalability

Scalability and ease of operation

  • Coverage for a wide-variety of endpoints and machine-learning for automated learning and deployment
Threat-Intelligence

Gather company-centric threat-Intelligence

  • Capabilities to collect adversary intelligence and forensic data empower faster triage
triangle_Exclamation

Accelerate Incident Response

  • Integrations with EPP and EDR solutions facilitate automated incident response

Use Cases

— Decoy engagement-based detection
— Not reliant on signatures to detect attacks
— No pattern matching or database look up

— In-network threat detection
— Detect early reconnaissance
— Detect lateral movement
— Detect activities used to maintain presence

— Decoys to address all attack surfaces
— User Network
— Data Center
— Cloud (AWS, Azure, Google, OpenStack)
— Specialized: IOT, ICS, POS, SWIFT, Router

— Early detection of MitM attacks
— Attack replay to better understand movement

— Data deceptions to misdirect attack
— DecoyDocs for counterintelligence on attacker intent
— Geolocation tracking of opened documents

— Demonstrate in-network detection
— Forensics to demonstrate resolution
— Trust but verify M&A visibility
— Blue Team’s choice control during Pen Testing

— High-fidelity alerts are actionable
— Basic and advanced user interface
— Easy to deploy and operate
— Automations for attack analysys and incident response

phone-icon

Speak to a Security Specialist

Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.

“If you don’t know what threats are inside your network, then deception-based detection is your answer.”

AUGUSTO BARROS, GARTNER, INC.

Resources

Solution Brief
FEATURE HIGHLIGHT: TREATDIRECT
td-platform-vid
COMPANY FACT SHEET
Solution Brief
FEATURE HIGHLIGHT: VULNERABILITY SIMULATOR

Perspectives

Attivo Perspectives On New Gartner Deception Solution Comparison
Deception: An Essential Element of your Cyber Defense Strategy – OODA Loop
Purple Teaming with Attivo Networks Deception

Spotlight

Deception Based Threat Detection eBook

Ready to find out what’s lurking in your network?

Scroll to Top