Skip to main content

Attivo Networks Launches ThreatDefend Platform

6/16/2017
Attivo Networks announced the release of its ThreatDefend Platform, representing the next generation of distributed deception solutions. The new platform takes deception-based threat detection to a new level, addressing growing marketing demand and technology advancements to outmaneuver modern-day attackers that are anticipating detection technology as a security control. Additionally, the solution has further expanded its integration partnerships and forensic attack analysis automations to deliver streamlined playbooks to better arm incident responders with an actionable defense against in-network threats.
 
Deception is fast gaining acceptance within enterprises and government agencies in recognition of its accuracy and efficiency in detecting in-network threats that have bypassed prevention and evaded other detection security controls. As deception technology experiences greater attention and adoption, attackers will seek to detect its presence and circumvent basic detection techniques. Earlier and less mature forms of deception technology are designed with traps that rely predominantly on the element of surprise and do not take extensive measures to operate or authenticate as a true production asset. Next generation deception technology, advances the deception level well beyond simple emulations and low to medium interaction decoys. The environment becomes a "hall of mirrors" that is high interaction, runs the same operating systems and software as the production assets, authenticates, and provides the technology to dynamically refresh or respin after engagement to avoid attacker fingerprinting. The Attivo ThreatDefend Platform is ultimately designed to deceive and captivate the most sophisticated of attacker, even those who may be anticipating deception-based defenses.
 
The ThreatDefend Platform solution takes a layered approach to defense and easily scales to match the needs of the customer. The ThreatStrike end-point suite and the BOTsink engagement servers provide the deception-based decoys and lures for early and efficient attacker detection. Additionally, the BOTsink provides automated attack analysis, forensic reporting, and the evidence-based alerts of intruders. Customers seeking to add visibility into exposed attack paths can add the ThreatPath and may also choose to accelerate incident handling by adding the ThreatOps solution to create automated playbooks. Customers can conveniently start with base detection capabilities and expand platform usage based upon their business requirements.
 
This announcement includes new advances in the Attivo ThreatDefend platform technology, which fall into six categories that are designed to derail even the most sophisticated attacker, throughout the various phases of an attack.
 
  • Comprehensive - Combining network and end-point detection creates the highest efficacy of early detection coverage for advanced threats and their credential-based attacks and lateral movement. Deception placed at both the end-point and inside the network efficiently detect threats across all vectors including advanced, stolen credentials, Man-in-the-Middle, ransomware, phishing, and insider threats that often evade traditional perimeter-based systems. including deception solutions that rely on endpoint deception alone.
  • Magnetic - Attivo creates a camouflage of deceptions that provide advanced luring techniques designed to attract and drawn in attackers. These attractive decoys and lures, unbeknownst to the attackers efficiently lure the attackers into engaging with the deception environment, thereby stalling their attack and revealing their methods and presence. Deceptions are applied in decoys and on production end-points and servers with "bait" appearing identical to real user credentials, documents, mapped drives, and other information of interest. Decoys are high-interaction; run the same real operating systems and services as the production environment; and provide directory authentication to pass attacker verifications.
  • Dynamic - Attivo Networks employs machine learning to automate the creation, deployment, and updating of decoys and lures to maintain their credibility and attractiveness to attackers. High-interaction techniques are also applied to keep attackers engaged and to avoid the spread of malware, while providing time to isolate and analyze the attack. For example, Attivo Labs researched WannaCry ransomware attacks and found that its high-interaction engagement techniques successfully slowed down the attack process by 25X that of a standard drive under attack.
  • Scalable - The ThreatStrike Endpoint Suite is agentless for easy deployment and operates without the need for additional processing power to operate, or patching to maintain. The solution can also be easily integrated with end-point vendor solutions from vendors like ForeScout or McAfee. Environmentally adaptive, the platform easily scales to provide in-network threat detection for a wide variety of environments (user networks, data centers, cloud, ROBO) and efficiently addresses challenging detection issues ranging from the use of emerging IOT and open source technology, legacy systems, employee behavior (phishing, watering hole, software updates), and detection in specialty environments (ICS-SCADA, POS, SWIFT, VOIP).
  • Predictive - Through its ThreatPath™ attack path vulnerability assessment, network visibility, and attack time-lapsed replay, Attivo provides critical visibility into likely points of attacker entry and how attackers will move laterally during an attack. This information can be used to strengthen overall defenses and shut down the paths an attacker needs to launch a successful attack.
  • Responsive - Through the ThreatOps solution, Attivo provides extensive 3rd party integrations for simplified incident response and the rapid remediation of emerging threats. Aligned to a company's existing security policies and processes, these automations remove the typical attacker time advantage, provide valuable time to respond. The solution operates by leveraging attack information gathered and analyzed by BOTsink® engagement servers, memory forensics, and data from an organization's security assets to automate the correlation of attack data and create repeatable playbooks for automated incident handling. 
 
Collectively, these advancements in the ThreatDefend platform significantly change the game on attackers. Customers will benefit from these next generation deception techniques to outmaneuver the attacker and force the attacker to be right 100% of the time. Additionally, customers gain the ability to slow down an attack and turn the time advantage back in their favor to fortify their defenses.
X
This ad will auto-close in 10 seconds