Security Market Segment LS
Thursday, 28 November 2019 13:17

Attivo Networks' projections deceive attackers

By
Attivo Networks chief deception officer and chief marketing officer Carolyn Crandell Attivo Networks chief deception officer and chief marketing officer Carolyn Crandell

Security vendor Attivo Networks recently brought its deception technology to Australia.

Attivo Networks' deception platform is more than a honeypot, chief deception officer and chief marketing officer Carolyn Crandall told iTWire.

The platform aims to provide early and accurate detection of intrusions.

It does this by presenting realistically simulated servers, applications and endpoints (described as 'projections') on the network.

These are generated by a single physical or virtual appliance, so the administration and maintenance load is minimal, which is especially important for small security teams.

Deception gives "the earliest and highest protection alerts," she said, because deceptions will only be accessed by attackers.

Attivo recently added Active Directory servers to the list of available detection offerings. Attackers often target Active Directory and this provides a higher level of security by hiding the real objects. The ADSecure solution then returns deceptive information that leads attackers (including red teams) into the rest of the deception environment.

So the Active Directory projection returns information that leads attackers (including red teams) into the rest of the deception environment.

Obviously, attackers know about deception technology, but the quality of the simulation means they can't trust their automated tools, and that changes the economics of an attack.

Setting up deceptions throughout the network further increases the effort needed by attackers.

Conversely, Attivo's platform uses machine learning to help detect weaknesses related to exposed credentials or network changes, making life easier for IT staff.

ML is also used to configure the deceptions so they match production systems. There's also provision for applying real-life misconfigurations to decoys so that they become tempting targets for attackers.

In general, "people are fundamentally afraid to automate [responses]," but Attivo's high-quality alerts overcome that reluctance.

Other refinements include offering tempting but fake documents, and automatically updating the timestamps of credentials so deceptive credentials appear to be active.

Attivo provides more than 30 native integrations with other security products such as endpoint detection and response systems.

A recent survey found that users of deception technology are able to detect intrusions around 90% faster, reducing the risk of damage or loss because early detection helps to contain attackers, she said.

While deception does not provide full attribution, it can show where the initial compromise occurred, and this can reveal internal attacks. In one case, this led to 20 people being fired by a telecommunications provider, she said.

A significant benefit of using deception in this way is that it doesn't give false positives, as can happen with behavioural technology.

"Not all deception [technology] is created equal," she told iTWire, but Attivo's is "rock solid."

Red teams have been caught up in Attivo deception environments for as long as a week before being called off, she said.

Attivo recently set up shop in Australia, appointing Jim Cook as ANZ regional director.

Cook told iTWire that the company is talking to prospective customers in the public and private sectors, and they generally fall into one of two groups.

One wants to be able to see in detail what attackers are doing, and the other has a very small security team that needs a system that can generate high-quality alerts from the available data.

Some local customers have been signed up, but their names remain secret.

"People are pretty tight lipped about their use of deception technology," said Crandall, so the company cannot identify the vast majority of its customers. One exception is US insurance company Aflac.

Much of Cook's initial work has been to establish a partner network of security specialists. They already include Baidam, CyberRisk, Equate Technologies, ES2, Riot Solutions, Securite, The Missing Link, and Trustwave.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments