ThreatDefend Platform Blog Terms - Page 6 of 7 - Attivo Networks

ThreatDefend Platform

VCJ Logo

Cybersecurity in 2018: broader scope of innovation and bigger venture dollars

Heightened attention to cybersecurity offensive countermeasures. Cybersecurity has been mostly defense-oriented, but this has never been sufficient. Moving forward, we will see more companies spring up along the lines of Attivo Networks, a leader in deception solutions. Attivo applies deception-based decoy and luring technologies within networks to misdirect attackers and deceive them into revealing themselves. (Disclosure: My firm has invested in Attivo.)

CSO logo

Security software reviews: How cutting-edge products fare against the latest threats

We go hands-on with some of the most innovative, useful and, arguably, best security tools from today’s most important cybersecurity technology categories.

Attivo addresses the one main weakness of most deception technology, having to rely on other programs to respond to an attack once revealed by the deception network. The Attivo platform offers quick response capabilities and the ability to interact with third-party programs for additional backup, configured using an intuitive drag and drop interface that requires very little training. After that, things like internal sandboxing and phishing e-mail protection are just icing on the cake of an already very impressive product.

How Enterprises Can Better Combat Advanced Cyber Attacks

Another key way to restack the deck in favor of organizational victims of cyber breaches is for them to embrace an offensive, as well as defensive stance against threat actors. Among the interesting players in this space is Attivo Networks, a leader in deception solutions for cybersecurity defense. Attivo develops traps and lures – called “honey nets” – to attract an attacker, which can be a human or a bot or an advanced persistent threat. Then it locks up the perpetrator in quarantine within the system and records actions and details for forensic analysis.

Why Deception Technology Will Change The Game In Our Favor Against Cybercrime And Breaches

Then, I heard about Attivo and as one of the four CDM judges on our Infosec Awards from 2017, with them being one of our winners, receiving an overwhelming positive vote from the judges, I wanted to dig into what they are up to a little further and look at them within the purview of the Time-based Security model – could a solution like the Attivo ThreatDefendTM Deception and Response Platform actually deliver a way to slow down the breaches, because, frankly, we’re not yet going fast enough to stop them?

Bad Rabbit Reminds Us That Ransomware is Here to Stay

By: Carolyn Crandall When my kids were little, I used to read them “Pat the Bunny,” a “touch and feel” book where they could feel the fur of a rabbit (fake), or sandpaper that represented dad’s scratchy face in the morning. As we have learned in the last couple of weeks, however, not all bunnies are cute and snuggly. The latest ransomware to emerge onto the world scene is Bad Rabbit. This threat contains 67 percent of the same code as NotPetya’s DLL, pointing to the potential that the two malware variants originated from the same threat actor.

POS Under Attack

By: Carolyn Crandall It is never a good time to have to report a Point of Sale (POS) breach, but having to do so as holiday spending season commences is especially miserable, as this is a sure way to lose consumers’ trust and confidence in your organization during a potentially lucrative time of year.

As we gear up for our eagerly-anticipated Black Friday and Holiday spending rituals, let us hone in on the pervasiveness of serious security threats at work in the nation’s largest POS systems.
This blog discusses how POS breaches continue to pose an overwhelming threat to retail, hospitality, and business organizations worldwide.


Attivo Networks® Honored with Three 2017 ASTORS Homeland Security Awards

Attivo Networks® announced today that it won the 2017 ASTORS Homeland Security Awards in three key categories. American Security Today presented these awards at the ISC East Conference in New York City to recognize organizations that are actively addressing today’s evolving Homeland Security challenges in innovative ways.

Seven Myths and One Compelling Fact about Deception Technology

By: Carolyn Crandall In my day-to-day conversations with the security community, including at the 2017 ISSA International Conference held in early October in San Diego, I continue to be surprised by misconceptions some very experienced cybersecurity professionals have about deception technology. I suspect it is mostly awareness, but sometimes I wonder if hackers spread these myths to deter companies from deploying deception. In this blog, I will share seven of the most common misconceptions and one very compelling fact.

Building, maintaining, and enhancing a highly robust adaptive defense should be a number one priority for every organization, however despite their best efforts, we still read every day about breaches from companies such as Equifax, Deloitte, Pizza Hut, Hyatt Hotels, and Red Cross. What these breaches point to is an inability for organizations to achieve 100% prevention security and that they must take a different approach or risk being breached and added to an unenviable list of compromised companies.

Deception technology is proving to be an exceptionally accurate and effective solution for detecting threats that have bypassed perimeter and anti-virus defenses. Gartner has promoted deception as a recommended 2017 security initiative and Attivo has engagement with over 350 organizations in various stages of evaluation and proof of concept. With all these great successes, it is natural to ask: What is holding companies back from adopting this technology?

Let’s dispel some of these common myths about deception and why these myths should not be inhibiting the broad-scale use of deception for threat detection:

Deception is only for outside the network and is a research tool

False. DecoyDoc technology was originally designed to research what types of attacks were happening outside the perimeter. The purpose was mostly for research and not for production level, scalable detection. Deception-based detection technology is different in that it identifies threats that have bypassed perimeter defenses and are inside the network. This has considerably more value to companies that lack visibility to detect in-network threats and their lateral movement. The lack of visibility is why attackers maintain an average of 99 days undetected within a network and why we see so many breaches go undetected until it is too late. By adding deception to endpoints and decoys within the network, customers gain accurate detection of initial reconnaissance and harvesting of credentials, along with the offensive advantage to reveal attacks early.

Deception is easy for an attacker to detect and avoid

False. Deception solutions, such as the Attivo ThreatDefend™ solution, run real operating systems and golden images to make the decoys high-interaction and appear identical to production assets. Additionally, dynamic deception campaigns continually refresh the environment’s assets and credential lures, while Active Directory integration provides an additional level of deception and credential verification. Data deceptions in the form of DecoyDocs are also providing invaluable counterintelligence to help organizations understand what attackers are seeking, where documents are ending up, and additional insight into attacker motivations. The authenticity and attractiveness of deception has been proven at scale with a number of Fortune customers, effectively detecting human and automated attackers. It has become so highly authentic that even the best Red Teams have been fooled during pen tests. Deception has also been applied in multiple capture the flag events, again demonstrating its ability to confuse and misdirect attackers.

Unique to Attivo, the Camouflage deception framework dramatically enhances deception authenticity in four key ways:

High-interaction deception based on real operating systems and customizable services
Deception Campaigns that use machine-learning to learn the behavior traits of a network, applications, and device profiles and propose deception campaign profiles for the highest authenticity
Adaptive campaign deployment will automate the deployment of deceptive campaigns based on assets, deceptive credentials, and network behavior based on preset parameters or suspicion of attacker presence
Dynamic respinning of deception will automatically occur after an attack to avoid attacker fingerprinting
Collectively, these features empower an organization to create an authentic deception environment and change the game board on attackers, dramatically increasing the effort and costs needed to advance their attack.

Deception requires highly skilled staff to operate

False. This is a legacy belief that is only attached to DecoyDoc based deception or deception solutions that deploy inline. With today’s deception, decoys are projected and not deployed inline. This creates a frictionless, highly scalable solution that is easy to deploy and operate. Adaptive deception campaigns will also fully automate the ability to change, on demand, deception configurations at scale. Additionally, operations are extremely efficient because alerts are based on actual engagement (zero false positives) with assets or deception credentials and have the attack analysis detail to substantiate the threat. Built-in forensic reporting will also remove many manual steps in correlating attack information and documenting findings. Unlike early generation DecoyDocs, the Attivo deception platform is designed to auto-rebuild after each attack, removing the time and skills that were previously required. Attivo has many customers that have deployed the ThreatDefend platform globally, without the need for additional staff. Many will state that the ThreatDefend platform makes them more efficient as it automates the attack information correlation and its integrations with third-party SIEM and prevention system integrations save them time by automating incident handling and the attack information sharing process.

Deception is hard to install, difficult to operate and not scalable

False. However, this is where all deception is not created equal. The Attivo ThreatDefend Platform includes multiple features that make it easy to deploy, operationalize, and scale from user networks to data centers, to cloud or to other specialized environments. This is achieved through dynamic deception campaigns, deployment options that include integration with EDR solutions from companies like McAfee and ForeScout; a non-inline design; and agentless deception lure configurations. Threat handling is also simplified with a comprehensive threat intelligence dashboard that includes attack analysis and dashboard features that facilitate forensic reporting. The Attivo Attack Threat Analysis (ATA) engine removes manual work by capturing and cataloguing attack activity to support understanding of the attack’s anatomy and objectives that can lead to a better overall security stance. Security professionals have access to detailed attack information through UI, PCAP files, syslog, IOC, and CSV report formats. Attack information can also be automatically shared through 3rd party integrations with firewall, NAC, endpoint, and SIEM vendors in order to automate incident response and attack information sharing. Attivo customers can also purchase a ThreatOps™ license for the creation of repeatable incident response playbooks.

Deception provides no incremental value to the security infrastructure

False. Deception achieves early and accurate threat detection at the end-point and in-network for both human and automated attackers. Deception solutions are not reliant on signatures or known attack patterns, thereby making them highly effective for reconnaissance, stolen credential, man-in-the middle and Active Directory-based attacks. Dynamic deception platforms will also provide automations and integrations for simplified incident handling and accelerated incident response. The end-point is the typical point of entry for an attack and the Attivo ThreatStrike™ Endpoint Deception Suite is designed to strengthen endpoint defenses by immediately misdirecting an attack through deceptive endpoint credentials or ransomware lures to a deception engagement server, which will reveal the attacker’s presence and actions. Network decoys will also notify on attacker reconnaissance and lateral movement, providing security teams with early notification of attacks and the time to shut down the attack before damages can be done.

Gartner analyst Peter Firstbrook recently defined deception as, “The most advanced approach for detecting threats within a network,” and another Gartner analyst, Neal MacDonald, has called out deception as one of Gartner’s “Top Technologies for Security in 2017,” noting, “Deception technology can be used to thwart or throw off a potential attacker. They allow enterprises to better detect attacks with a higher level of confidence in events detected.”

Deception is just a form of DecoyDoc

False. At the most basic level, there is some commonality. Both are designed to confuse, misdirect and delay hackers by incorporating ambiguity and misdirecting their operations. But that is where the similarities end. While DecoyDocs had a purpose, there were several weaknesses: DecoyDocs were simplistic and based on emulation, and as such not very authentic. Hackers therefore, had an easy time identifying and avoiding them. They also tended to be hard to maintain, which sapped resources of the security teams or limited their use to research vs. production deployment. Today’s deception solutions are dramatically different and are designed for authenticity and high-interaction attacker engagement. They are no longer based solely on the element of surprise and are designed for the anticipating attacker.

Our upcoming article in Dark Reading will go into quite a bit more detail about the difference between DecoyDocs and deception-based detection technology. (Note: after the article appears, we will change this sentence and add a link) In the interim, you can also read more in the blog post on (deception vs. DecoyDocs)

I also promised you one compelling fact and here it is: Deception works accurately and efficiently for early detection of in-network threats regardless of the attack vector or today’s evolving attack surface. The key here is early detection. Deception does not need time to “get good” and can add value immediately in providing visibility when other security controls have failed. Regardless of whether you have the most or least sophisticated security controls, everyone needs to know what’s lurking in their network.

Scroll to Top