Deception Technology for Risk Reduction - Attivo Networks

Risk Reduction Programs

Enhance your cyber-risk mitigation strategy with Deception Technology. The Attivo solution aligns to NIST, MITRE ATT&CK, PCI-DSS, HIPAA and ISO 27001/27002 frameworks.

Request a Demo
Contact Sales

Awards

Overview

Reducing Cybersecurity Risk

As businesses adapt to technology changes, compliance requirements, and evolving security challenges, they are turning to the ThreatDefend Platform to enhance their cyber-risk mitigation strategies. The platform aligns to several well-known security frameworks such as the NIST Cybersecurity Framework, the MITRE ATT&CK framework, and ISO 27001/27002. It provides ongoing reliability assessments of both security tools and processes, and aids in providing metrics for accountability and acting on or assessing a business’s risk management program. With its ability to defend legacy systems and devices with limited built-in security as well as its ability to cover the expanding attack surface, the ThreatDefend platform reduces cybersecurity risk across the organization.

Attack Risk Mitigation

Attackers have methods to evade existing defenses to infiltrate the network. Once they get past the perimeter and internal/endpoint defenses, they conduct discovery, privilege escalation, and lateral movement attack activities to find and compromise data. The MITRE ATT&CK matrix outlines and categorizes these attack methods under 12 categories of tactics to for organizations to develop specific threat models and methodologies in their defensive strategies. The more their defenses can account for or cover the MITRE ATT&CK tactics their adversaries would use against them, the lower the risk of a successful attack.

Traditional security controls provide coverage for the early and later stages of the attack cycle and ATT&CK matrix categories, but don’t provide as much coverage for the middle stages, and these are where Attivo solutions excel. Attivo solutions provide detection and prevention capabilities across 11 of the 12 tactical categories in the MITRE ATT&CK matrix, but especially so in the middle stages of Credential Access, Discovery, Lateral Movement, and Collection. By deploying Attivo solutions in conjunction with other security controls such as EDR, organizations can provide better detection and prevention capabilities, mitigating attack risk and improving defenses.

Business Risk Reduction

Organizations are modernizing their approach to the ever-evolving information security landscape. This requires implementing security programs differently, moving beyond IT risk management and shifting the focus to digital risk management. Rather than merely protecting an asset, server, or endpoint, they are enabling new services for competitive advantage in the marketplace, cost reduction, and reducing overall business risk. Digital risk management models are evolving to address new attack surfaces, limitations in built-in device security, as well as business models that grant deeper access to insiders, suppliers, and contractors.

The ThreatDefend Platform plays a critical role in an organization’s ability to adapt to these changes by aligning to how a company can manage their risk tolerance levels, assessment, architectures and systems. It also aids in providing metrics for accountability and acting on or assessing achievement of a business’s risk management program. The ability to deliver fast and accurate notifications of malicious activity as well as policy violations and misconfigurations by threat actors with inside access allows organizations to better manage and reduce risks to the business.

Cyber-Risk Mitigation

Risk Reduction

Cyber-Risk Mitigation

Organizations are modernizing their approach to the ever-evolving information security landscape. This requires implementing security programs differently, moving beyond IT risk management and shifting the focus to digital risk management. Rather than merely protecting an asset, server, or endpoint, they are enabling new services for competitive advantage in the marketplace, cost reduction, and reducing overall business risk. Digital risk management models are evolving to address new attack surfaces, limitations in built-in device security, as well as business models that grant deeper access to insiders, suppliers, and contractors.

Deception technology plays a critical role in an organization’s ability to adapt to these changes by aligning to how a company can manage their risk tolerance levels, assessment, architectures and systems. It also aids in providing metrics for accountability and acting on or assessing achievement of a business’s risk management program. The ability to deliver fast and accurate notifications of malicious activity as well as policy violations and misconfigurations by threat actors with inside access allows organizations to better manage and reduce risks to the business.

Security Framework Alignment

Risk Reduction

Security Framework Alignment

Organizations must have the necessary metrics to baseline and measure the efficacy of their risk reduction programs. When deception is incorporated into an organization’s risk reduction strategy, it can aid in measuring the reliability of security controls and deviations from acceptable risk policies.

Organizations rely on security frameworks like NIST, MITRE, ISO, or industry-specific models such as PCI-DSS or HIPAA for setting acceptable operating practice. Each framework varies in approach but are all useful in defining how an organization is to behave, implement, integrate, manage, report and generally measure adherence to the controls being identified.

The ThreatDefend platform supports a wide variety of standard security frameworks. For example, it aligns to over 30 framework subcategories of the NIST Cybersecurity Framework s and has a direct and measurable impact in improving an organization’s security posture. It plays a similar role with the ISO Cybersecurity Framework, where it aligns to over 25 control requirements, and the MITRE ATT&CK framework, where it can detect across nearly all attack technique categories.

Ongoing Assessments

Risk Reduction

Ongoing Assessments

As the threat landscape changes, organizations must assess the effectiveness of their security programs. The ThreatDefend platform plays a critical role in an organization’s ability to adapt to the changing threat landscape by providing ongoing reliability assessments of both security tools and processes. By providing detection and insight into how and when an attacker bypasses a security control, it empowers the organization by identify gaps in coverage or capability to improve their defenses.

With ThreatPath, security teams can identify and mitigate exposures from stored credentials and misconfigurations that allow attackers to laterally move between systems and infiltrate deeper into the network. The visual replay capability provides session-based timelines of attacker activity that show how and when attackers bypassed controls so the defenders can add measures to compensate for the coverage gaps. With the network visibility the platform provides, security teams gain awareness of device adds and changes in near real time so they can adjust security controls or identify potential issues. The included CVE Simulator gives the organization the ability to appear vulnerable to specific attacks to assess whether attackers are actively targeting them. Together, these capabilities act as tools for the organization to actively assess and improve security.

Pen Testing and Red Teaming

Risk Reduction

Pen Testing and Red Teaming

Penetration Testing and Red or Purple Teaming are essential to evaluate an organization’s security posture. Organizations will conduct a pen test or Red Team exercise to meet regulatory demands, customer requirements, or to validate systems and processes. They receive a report that outlines findings and evaluations, but may not have all the information they need to improve their security controls or processes for the greatest benefit.

The ThreatDefend platform is a powerful tool during ongoing security control assessments, especially when coinciding with a Red Team, Purple Team, or Penetration Test. The platform immediately identifies when the Red Team or pen tester successfully bypasses a security control and engages with the deception environment. It can also assess process effectiveness by providing metrics on how effective the security team and existing controls are responding to such events. With the visibility and forensic evidence the deception platform provides, the organization can identify what security controls and processes need improvement and coverage gaps to address. Given its ability to validate the resiliency of networks and efficacy of security controls and processes, the ThreatDefend platform is a valuable means of measuring and improving overall security.

Legacy/Device Security

Risk Reduction

Legacy/Device Security

The explosive growth of interconnected devices into production and Internet-accessible environments has altered the threat landscape. IoT devices, SCADA systems, POS terminals, Telecom, and Medical devices all present increased security challenges. With older or stripped-down operating systems, the lack of built-in security controls, end-of-life patch cycles, or the inability to run antivirus or malware programs, even specialized devices with limited computing power are inviting targets to threat actors looking to use them as entry points or collectively for a more substantial attack. Even systems fresh from the factory can present a risk as attackers compromise supply chains to infect them with malware preloaded during manufacturing or in transit.

By introducing deception into these specialized environments, defenders efficiently identify attackers and divert them from their actual targets. The ThreatDefend platform can defend these specialized devices, whether they are legacy infrastructure with no available patches, or modern internet connected devices. It can provide deception for individual devices, at the Human-Machine Interface, or at the supervisory control level. The platform provides visibility, detection, and misdirection in Operational Technology networks to identify malicious activity. It creates authentic-looking decoys for individual devices or their control infrastructure to present inviting targets for attackers to engage. The platform gives tools for organizations to mitigate security risks associated with the limitations of many of these specialized devices to reduce overall risk to the environment.

Benefits

Organizations choose Attivo Networks for risk reduction because the solution offers:

forensic

Reporting

  • Reporting and recording of incidents
native-integrations

Close Gaps

  • Ability to close gaps related to security frameworks
Visibility

Visibility

  • Ongoing visibility into security control reliability
risk_reduction

Reduce Risk

  • Risk reduction related to deploying new programs and services
Cloud

Cloud

  • Mitigated risk associated with shared security models in the cloud
Increased preparedness

Compliance

  • Increased preparedness to maintain compliance and certifications
wifi

Less Secure Environments

  • Mitigated risk for less secure environments such as ICS/SCADA, IoT, Medical IoT, and more

Perspectives

Blog: Cyber risk management and return on deception investment
Blog: Mitigating IoT security risks through the use of deception technology
Blog: Why Smart Medical Devices Pose Security Risks to Hospitals

Resources

Solution Brief
Attivo Networks ThreatDefend Platform and the MITRE ATT&CK Matrix
Solution Brief
Meeting HIPPA Requirements with Attivo Networks Deception Technology
Solution Brief
Dynamic Deception for Industrial Automation and Control Systems

Spotlight

Attivo Networks ThreatDefend Platform and the NIST Cybersecurity Framework

Learn more

Find out how Attivo can help you reduce your risk.

Let's Talk

Ready to find out what’s lurking in your network?

Schedule Demo
Contact us
Scroll to Top