TAG Cyber Security Annual 4th Quarter: PREVENTING AND DETECTING LATERAL MOVEMENT
Register for Nov. 3 webinar, “Chris Krebs: What’s Buried in Every Breach Report that No One is Talking About”
When advanced attacks are initiated toward an enterprise, several familiar tactics are almost always used to gain privilege, traverse infrastructure, and advance the goals of the breach. Unfortunately, these steps are rarely addressed by existing cyber security solutions, which either try to prevent the attack (shift left) or just deal with its consequences afterward (shift right).
Founded in 2011 and headquartered in Fremont, California, Attivo Networks is a leader in bridging this defense gap for customers. With solutions that utilize visibility and mitigation into identity services, active directory, and deception- based processing, Attivo has become a major provider of advanced controls that can help customers avoid the negative impact of an active threat campaign.
TAG Cyber: Attivo is such a prominent brand in our industry. What has been the recent evolution of the company?
ATTIVO: We are best known for cyber deception technology, which provides customers with an active defense for Stage 2 post-compromise threat detection. This year, the company has extended its portfolio into the area of identity detection and response (IDR). This move is being referenced as the expansion that brings Attivo to a level where unicorn status is achievable.
With the rapid shift to remote working and accelerated cloud adoption, the concept of a perimeter and edge security has faded. Taking its place is the concept of an identity-first security posture, where security is centered on protecting credentials, privileges, cloud entitlements, and the systems that manage them.
Identity-first security is distinctly different than identity protection solutions, which include identity access management (IAM), privilege access management (PAM), and identity governance administration (IGA). Identity protection focuses on making sure that the right people can get uninterrupted access to the things they need.
Leveraging its expertise in lateral movement and privilege escalation, Attivo concentrates on prevention and detection technology. The company is uniquely positioned to provide end- to-end visibility across endpoints through active directory (AD), and into multi-cloud environments. When Attivo provides security professionals with unprecedented visibility, security teams can easily understand identity-based security exposures, reduce attack surfaces, and fortify the environment with concealment and deception technology for asset defense.
TAG Cyber: What are some emerging trends you see in the detection of lateral movement in an enterprise?
ATTIVO: Identity-first security has emerged as one of the top security risks and management trends for 2021. Attack surfaces have expanded dramatically over the past year as the COVID-19 pandemic forced record numbers of employees to work remotely. There’s been a clear shift toward remote work, making identity a priority and demanding vendors move away from traditional LAN edge design.
Given that 57 percent of breaches involve insider threats—and employee/third-party negligence is a leading cause of those incidents—it makes sense that securing identities has made its way to the top of every CISO’s to-do list. Detecting these insider threats remains a challenge for many organizations, and with more users than ever working from home, the ability to detect in- network lateral movement is only growing more important.
To make sure identities at the user, device, and domain level are secure, protecting AD is also becoming a CISO-level concern.
TAG Cyber: Do most enterprise teams understand advanced threats, and how to detect them and prevent consequences?
ATTIVO: The nature and scope of existing security paradigms are becoming outdated since the arrival of new identity-based threats in the public cloud. Identity security is central to the cyber security threat landscape, and the ability to detect and respond to identity-based threats is essential. While many tools intend to keep networks secure, IDR gives organizations a critical new weapon in their arsenal to find and fix credential and entitlement weaknesses, and to detect live attacks on a real-time basis.
As modern cyber criminals attempt to exploit vulnerable credentials and entitlements to move laterally across networks undetected, IDR solutions play a meaningful role in stopping them. Other tools simply cannot.
TAG Cyber: How does your platform work in the context of cloud infrastructure?
ATTIVO: In a traditional setting, user accounts are the primary security focus. But in the public cloud, applications, databases, and data stores (among others) routinely have entitlements to other resources. The sheer volume of cloud identities and entitlements resulting from new concepts like non-human identities and managed services is palpable for today’s overwhelmed cloud security teams.
What might amount to hundreds of identities on a traditional network can translate into thousands in the public cloud, leaving security teams often blind to the full extent of their exposure. High-profile data breaches have underscored what identity- based attacks can do once attackers exploit misappropriated privileged credentials.
To address this challenge, Attivo Networks introduced IDEntitleX, the company’s cloud infrastructure entitlement (CIEM) solution. Security teams gain actionable awareness of cloud identity and entitlement exposures so that they can see risky entitlements and drift from security policies. The solution makes identifying and reducing risk easy by providing intuitive and interactive graphical visualizations for cloud identities, roles/permissions, and resources. Defenders now gain the visibility needed to see misconfigurations and excess permissions that attackers can leverage to create attack paths and persistence within the cloud environment.
TAG Cyber: Do you have any predictions about emerging cyber threats to modern enterprise infrastructure?
ATTIVO: Next year will be the year of identity security. Businesses that want to arm themselves for an onslaught of advanced ransomware attacks must take fundamental measures to understand identity-based credential, entitlement, and active directory risks and attack activity.
Read the full report on TAG Cyber.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise