Using a decoy-based approach to manage threats
Attivo Networks Blogs

Using a decoy-based approach to manage threats

By Ray Kafity, VP of META, Attivo Networks

In the wake of the pandemic, organisations must consider implementing new security strategies to safeguard remote employees, secure their sensitive data, and protect against cyber threats. Attack surfaces have expanded dramatically with the shift toward remote work, putting identity at the forefront of security. Organisations must now defend identities across the enterprise with identity-based, least-privilege access programs and defences to detect attack escalation and lateral movement on-premises and in the cloud.

The solutions provide exposure visibility, reduce the identity attack surface, prevent and detect cyber-attacks

Attivo Networks Identity Detection and Response solutions help organisations implement identity-first security. The solutions provide exposure visibility, reduce the identity attack surface, and prevent and detect cyber-attacks.

The platform uses machine language to profile every VLAN it can see, crafting custom decoy systems to mimic production assets

It also profiles the threats to create decoy lures to seed at the endpoints. The Attivo IDEntitleX, ThreatPath, and ADAssessor solutions analyse exposures and entitlement risks and endpoints, AD, and the cloud and remediates them to reduce the identity attack surface.

Adopting cloud technology has increased the attack surface for attackers to exploit. One way to minimise the attack surface is through Cloud Permissions Management, CPM. The objective of CPM is to control permissions or entitlements to cloud assets. The Attivo Networks IDEntitleX solution combines CPM capability with insight into events in Active Directory or on corporate endpoints to derive a fuller picture of what is happening in a customer’s infrastructure and take remedial action across different domains.

The platform combats supply-chain attacks and malware by deploying decoy systems and deceptive assets on endpoints

The Attivo BOTsink solution provides continuous threat detection on Industrial Control Systems ICS SCADA devices used in critical infrastructure. The BOTsink server lures attackers to engage with decoys using deception technology, providing real-time detection of BOTs and advanced persistent threats APTs within the networks. These can also provide actionable forensic insight to study the attacker’s tactics, techniques, and procedures.

Supply chain attacks leverage vulnerabilities to gain access to the target network. The Attivo Networks ThreatDefend Platform combats supply-chain attacks and related malware by deploying decoy systems and deceptive assets on the endpoints, including decoy credentials and fake file shares. It detects attackers stealing in-memory credentials or dumping passwords to steal and use the decoy credentials.

One way to minimise the attack surface is through Cloud Permissions Management

The Attivo Endpoint Detection Net suite includes the ThreatStrike solution, which provides deceptive lures to redirect attackers towards decoy assets or detect when they use decoy credentials in the network. The EDN suite also detects various memory dumping techniques attackers use to steal credentials.

9 of 10 attacks leverage credentials and Active Directory is exploited in virtually every ransomware attack. Attivo identity security solutions have skyrocketed in sales and the company has made substantial investments this past year in field channel sales, technical, and marketing personnel so our partners can understand, address, and capitalise on this opportunity.

IDC estimates that there will be 55.7 B connected devices globally by 2025. Increased connectivity means increased risk, and organisations with connected OT should be alert to these risks and have procedures to respond and remediate attacks.

The Attivo ThreatDefend Platform leverages machine language to create custom decoy network and identity assets and analytics to reduce the identity attack surface by revealing endpoint, and cloud identity risks and entitlement exposures. The platform uses machine language to profile every VLAN it can see, crafting custom decoy systems to mimic production assets.

Read the original article on Enterprise Channels MEA.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Ready to find out what’s lurking in your network?

Scroll to Top