Incident Response

SolarWinds Supply Chain Attack: Automating Incident Response to Detect Lateral Movement

Author: Attivo Research Team – SolarWinds issued an advisory on 13 December 2020 informing users of a sophisticated attack on its Orion Platform, an application that monitors and manages IT environments. FireEye analyzed the SolarWinds Orion Platform code compromise (dubbed SUNBURST) and shared further post-analysis details in a recently released blog.

betanews

Deception technology speeds up detection of attacks

Users of deception technology report a 12X improvement in the average number of days it takes to detect attackers operating within an enterprise network. New research for Attivo Networks carried out by Enterprise Management Associates suggests attacker dwell times can be as low as 5.5 days with deception in use compared to an average of 78 to 100 days for those not using the technology.

IT Pro

Security Incident Response Planning: 4 Lessons Learned

One of the most important, and yet easily overlooked, elements of keeping an organization secure is creating an incident recovery roadmap–also known as an incident recovery plan. As its name implies, this plan provides a course of action to be taken following a security incident. Having been involved in the creation of several such plans over the years, I wanted to pass along some lessons learned.

BankNews_logo2

Decoys to Dye Packs: Facing Down Cybersecurity Threats

The days of Jesse James’s train and bank robberies and John Dillinger kicking down doors with his trademark Tommy gun may be long gone, but bank heists are alive and well in the 21st century — albeit with a new flair. Instead of dramatic physical robberies, today’s criminals have shifted the battleground to cybersecurity, infiltrating the networks of financial institutions globally to steal money and personal information. The attacks remain staggering. Back in 2012, individuals and businesses are believed to have lost approximately $78 million during Operation High Roller. Fast forward to today, and the hacking group known as Bandidos Revolution Team is reported to have stolen hundreds of millions of pesos by infiltrating interbank payment systems and hacking into ATMs. Notably, this group is not believed to be connected to another, separate 300-million-peso heist from five banks last year.

computer weekly

GDPR: Are we there yet?

They have trouble modifying their strategy to report within 72 hours. Previous directives from the EU made no specific mention of data breaches, and GDPR now sets a clear directive as to what constitutes a data breach, how the incident is to be reported and the substantial penalties for not complying,” she said. “This has required businesses to reassess their technology and processes to understand their ability to detect, audit and report breaches in compliance with GDPR. Closing these gaps, in many cases, requires the adoption of new technology to ensure that the attack is not only detected, but understood in a way that can explain the magnitude of the breach and the corrective actions to contain it.

insider-threat-photo

Insider Threat – Tackling the Adversary Within

Written by: Mike Parkin – Product Marketing Engineer – I recently caught a webinar presented by ObserveIT that addressed the challenges presented by “insider threats.” They did a good job of defining the term, the threats, and they laid out some broad-stroke suggestions on how to address the problem. Something they didn’t talk about, was how deception technology is a powerful tool for dealing with this difficult problem.

CISO Mag logo

CISO Magazine – Interview of Carolyn Crandall

You have helmed several leadership roles in several companies. Tell us a bit about your journey from the marketing space to starting Marticulate and then becoming a Chief Deception Officer at Attivo. What was the transition like? From core marketing to core technology? I didn’t originally start out thinking I was going to become a sales or marketing professional. If you have ever played Monopoly, think of the stigma they put on that profession, and as such it really wasn’t top of mind. That said, while I was going to Santa Clara University, studying both electrical engineering and computer science, I took a job as an assistant to the VP of Marketing.

zero hour podcast

Zero Hour Podcast – Threat Detection, Deception & Intelligence

In the latest episode of the Zero Hour Podcast, Tony Cole joined Karl Sharman to discuss Threat Detection, Deception and intelligence. Tony is a veteran within cybersecurity having served in senior positions at Symantec, McAfee and FireEye over a 30 year career. Tony is now the CTO for Attivo Networks, the award-winning leader in deception for cybersecurity threat detection as well as serving as a member of the NASA Advisory Council.

Informer

“The Informer” for Defenders Needing a Quick Response to Threats

Authored by: Carolyn Crandall, Attivo Networks CMO and Chief Deception Officer – I know Sun Tzu quotes are overdone, but this was so fitting, it just made sense to use it. One of Sun Tzu’s most famous pieces of advice was “know thy enemy.” Those three simple words remain as relevant today as they were 2,500 years ago. And while the enemies we face now are different from those faced by the famous philosopher-general, the lesson remains the same: knowledge is power.

Scroll to Top