Written by: Nick Palmer, Attivo Networks Technical Director, Europe I’ve come a long way in my view of more traditional security controls. For the longest time, I labored under the misapprehension that endpoint solutions were just signature based and that SIEM solutions’ primary value was in retrospective analysis of breaches, rather than threat hunting as augmented by relatively novel ideas like User Behavior Analytics (UBA).
Written by: Tony Cole, Attivo Networks CTO There are a lot of questions around why deception technology is applicable to cyber defense. There are many insightful answers to this question. The most pertinent one is that it allows you to shrink adversary dwell time inside your environment. Let’s talk about deception for a moment before digging into how it can reduce attackers’ dwell time.
By: Carolyn Crandall, Chief Deception Officer/CMO From Sun Tzu to George Washington, some of the greatest military strategists in history have lived by the philosophy that “the best defense is a good offense,” and the proverb also rings true when it comes to IT security. At Attivo, we see “good offense” as an active defense. In cybersecurity, active defense is a critical part of a solid security strategy – no matter the industry or size of the company. To better understand what exactly active defense is, how it works, and how organizations can benefit from it, check out our active defense playbook:
“The biggest threat posed by cyber-criminals today is their ability to remain undetected in the network for months, once they have bypassed perimeter defences,” he said. “New technologies and approaches like deception-based threat detection will be one of the techniques and investments that organisations will adopt to close this gap and strengthen overall defences.”
By: Tony Cole Earlier this month I joined Attivo Networks and a lot of friends and colleagues asked me, “Why move from a large public cybersecurity company to a startup?” The answer is pretty simple, because the technology actually works and closes a gap not addressed well by others. It detects bad actors that have successfully bypassed other systems.
I’ve spent a lot of my career meeting with CISOs and CIOs from every vertical around the globe advising and educating them on threats, required policies, processes, expertise, and of course technology. Regardless of how many times you tell them and show them that a breach is inevitable – and it IS inevitable – I’ve found most of them spend too much of their resources on prevention and not enough on detection.
How you instrument your enterprise can be integral to how much damage an attacker can do before being detected. Dwell time is the amount of time an attacker lives in your network undetected, and for most enterprises it’s usually a couple of months. It should go without saying that we don’t want to allow an attacker to move around a system for months without being detected. That will give them plenty of opportunities to steal anything they want and do enormous damage.
This is why I joined the leader in deception technology, Attivo Networks. Imagine a new neighborhood where a house is broken into during the middle of the night. The burglar knows the family is home and steals a few minor things quietly and prepares to quickly sneak out. As he passes the kitchen island, he notices a key and a piece of paper with an address and alarm code. Another neighbor is on vacation and now he has the key, the alarm code, and instructions on feeding the cat. The intruder quickly leaves and heads down to the other home he knows is empty. Now imagine that house is part of a deception layer across the entire neighborhood. The burglar has picked up a breadcrumb that led him to the perfect house to burglarize and yet when he uses that key or enters the alarm code, it will alert the police. That’s good deception pure and simple. It looks just like everything else and yet isn’t. Obviously, in the real world, we can’t build a lot of houses people don’t live in, it wouldn’t scale. However, unlike my example, real deception is designed to work at scale and with machine learning can even make the decoy house mimic the operations of a typical household, further adding to the authenticity and improving its efficacy in causing the attacker to fall prey.
The other fascinating aspect of deception is that these decoys are essentially projected like a hologram, making it extremely simple to deploy and low maintenance to operate. Unlike other detection controls, it is extremely accurate as the alert will only trigger if the attacker attempts to unlock a door, touches the alarm, or attempts to recon the house. A false alarm is essentially unheard of because it will only trigger upon engagement.
Today, breaches are happening constantly with adversaries continuously increasing their levels of sophistication to move over, under, and around prevention tools. Deception empowers an offense-driven defense against these advanced attackers with a minefield of deception throughout every layer of the network stack covering every threat vector. Decoys throughout the network will alert on early reconnaissance as attackers look to plot their attack, while deception-based credentials and mapped drives for ransomware bait will immediately alert analysts when utilized by an attacker. Even complex Man-in-the-Middle (MITM) attacks can be quickly identified. That long dwell time (from initial breach to discovery) usually lasting months is taken down to immediate and actionable alerts. A system you can trust.
So why did I join Attivo Networks? Because in any game against an adversary, you cannot win using defensive strategies alone. This team changes the game by empowering defenders with an offense and changing the game for the better. It is an exciting opportunity to be part of a team with the technology to disrupt traditional balances of power. I wanted to be part of this team driving this critical change.
Attivo Networks®, the leader in deception solutions for cybersecurity defense, has received recognition from Tech Tribune as one of the inaugural winners of the Top Ten Best Tech Startups in Fremont. To select the winners, the Tech Tribune staff identified the top startups in Fremont that have demonstrated excellence in the following…
By: Carolyn Crandall Smart medical devices have incredible potential to save lives and improve our general well-being, but they also present a host of untold threats that have yet to be fully exploited. You’ve probably heard the infamous story by now. Several years ago, it was revealed that Dick Cheney’s defibrillator was modified to prevent hacking. While Cheney’s medical team was quick to address this particular issue, the larger healthcare community has been slower to react to persistent threats and medical device security remains a growing concern even 11 years later. Almost 36 (35.6) percent of organizations’ IoT-connected medical device ecosystems experienced a cybersecurity incident in the past year, a recent Deloitte survey revealed. That’s more than one third of organizations experiencing some type of threat to the smart medical devices they are in charge of protecting.