Written by: Venu Vissamsetty, Founding Engineer at Attivo Networks – FireEye recently published a report about a cyber attack that resulted in attackers stealing their Red Team tools. FireEye has also released countermeasures (IOCs, YARA rules) to detect the use of these stolen tools against organizations.
Written by: Joe Carson, Sr. Director, Professional Services at Attivo Networks, Inc. – From time to time, I am asked to help a customer validate the efficacy of their deception implementation. This can be part of a pilot deployment, or after full operationalization. In many cases, organizations have some in-house resources for penetration testing and possibly even red team expertise. These resources are often leveraged to test product controls or test systems against a direct attack.
Written by: Joseph Salazar, Technical Marketing Engineer – A few months ago, Attivo Networks released its ADSecure offering, which protects Active Directory against unauthorized queries. Before release, the solution went through extensive beta testing with several organizations that used Red Team security evaluations against it to gauge its effectiveness in detecting and misinforming unauthorized AD queries. Below is a case study in how the solution performed in such a scenario.
Written by: Marc Feghali, VP of Product Management – Microsoft launched Active Directory (AD) in the late 90s, and it quickly became the standard in the identity management market. For any company, AD is the crown jewels of its IT infrastructure, as inside AD resides a complete list of all the users, machines, logical grouping, and privileges. This confluence of information is compelling, and it enables modern operations and user experiences at work, in transit, or at their home offices. Also, other programs leverage AD to determine access and level of privilege to the users.
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team. In 1992, the film Sneakers introduced the term “Red Team” into popular culture as actors Robert Redford, Sydney Poitier, Dan Aykroyd, David Strathairn, and River Phoenix portrayed a team of security experts who hire themselves out to organizations to test their security systems by attempting to hack them. This was a revolutionary concept at the time — the term “penetration test” didn’t even exist yet, and the idea of a friendly security team trying to break through a company’s defenses wasn’t exactly commonplace. Today, penetration testing is an important part of any cybersecurity system, and both internal and external Red Teams play a critical role in that process.
Attivo Networks announced industry validations that Attivo Networks deception effectively fools attackers. Validating deception’s ability to serve as a reliable security control for closing in-network detection gaps, the company has released results of a penetration test conducted by a top computer forensics company that specializes in penetration testing, announced the ThreatInject simulation tool for testing deception resiliency, and is embedding deception into the ISSA International Conference Capture the Flag (CTF) event. By creating an authentic synthetic network based on deception, organizations change the asymmetry on attackers by placing high-interaction traps and lures that efficiently reveal an attacker’s presence.