Attivo Networks® announced today that Network Products Guide, an industry leading technology research and advisory guide, has been named a silver winner in the 2017 IT World Awards® in the Best Deployments in U.S. category for work the company has done for Aflac, the leader in voluntary insurance sales at the worksite in the U.S. The Aflac deception-based security deployment was awarded based on its business value and technology innovation to address modern-day cyber threats.
Why Cyber Security?
The WannaCry virus which crippled over 300,000 computers globally reminded the world how fragile computer systems are. As IT systems are playing a larger role in all of our lives, how to shield the system against malicious attacks is one of the most pressing issues prioritise by many.
According to PWC’s crime survey 2016, incidence of cybercrime increased sharply among their respondents, making it the 2nd among the most reported types of economic crime. Yet, most companies are not adequately prepared for it, only 40% of the companies responded to the survey have personnel that are “fully trained” to act as the first responder and only 37% have fully operational incident response plan.
Organizations continue to state that deploying effective and efficient incident response remains one of their top ongoing challenges. Unfortunately, there isn’t an easy solution since the goal line continues to move back, while the “game” gets increasingly more complex. CSIRTs battle with a combination of more malicious activity data to sift through; limited time, manpower and expertise resources; and of course, the more severe consequences of today’s data breaches. Here are seven key steps that can help simplify and improve the process of detection, incident handling and response.
Written By: Carolyn Crandall, CMO & Chief Deception Officer -Recently, SC Magazine published an article covering several vulnerabilities that Positive Technologies found in GE supervisory control and data acquisition (SCADA) systems where an attacker could intercept passwords and disrupt utility and factory operations. While this particular vulnerability is limited to GE Proficy and Cimplicity SCADA systems, other manufacturers face similar issues. Such vulnerabilities are troubling because most companies are unable to reliably monitor the networks where SCADA systems communicate, nor are they consistently patched and updated. SCADA systems were meant to be open, robust, and easily operated and repaired, and as such, security is not natively part of their design. Many of these solutions also run on older XP operating systems, where security patches are no longer available and given the cost and complexity to upgrade, are kept in production. As a result, they continue to be vulnerable to typical network attacks and possess a strong need for efficient early detection.
RSA Conference underway
RSA, the world’s largest security conference, is underway this week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks. They’ll also be able to view the latest hardware and software to protect their most valuable corporate assets. Here is a brief description of some new security products being announced at the conference.
This week we announced that ThreatOps™ had been added to the Attivo ThreatMatrix™ Deception and Response Platform. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created. The playbooks can then be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, End-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network. Additionally, through an Attivo end-point agent or through integration with end-point companies like Carbon Black and ForeScout, information is shared so that customers can threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.
Attivo Networks® today announced that ThreatOps™, which has been added to the Attivo ThreatDefend™ Deception and Response Platform, will be launched at next week’s RSA Conference. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created.
Attivo Networks deception platform has integrated with Check Point R80 management platform. The integration combines prevention, advanced threat detection, and incident response capabilities into a collective defense solution capable of automatically identifying and blocking infected systems to prevent exfiltration of valuable company data and other malicious activities.
Integration between detection and prevention solutions is key to providing the critical infrastructure required for continuous response and protection against cyber attackers. The average dwell time of an attacker currently stands at 201 days, which is then compounded by another 70 days to contain the breach once it has been identified.
Attivo Networks and Carbon Black are partnering to provide customers with a powerful integrated solution for advanced continuous threat management and response. Integrating these solutions empowers organizations to reduce time-to- detection and the time required to respond to incidents, ultimately reducing the attacker’s ability to complete their ultimate mission.