Cloud Cover with Attivo and Palo Alto Networks
Written by: Joseph Salazar, Technical Marketing Engineer – Recently, Attivo Networks® attended the Palo Alto Networks Cloud Security Summit in Irvine, CA, where we had productive discussions with customers and other partners regarding the value of leveraging deception technology to strengthen security both on-premises and in the cloud.
Companies who have deployed or are thinking of deploying into the cloud must now account for an attack surface that is accessible from anywhere in the world. The cloud expands an organization’s capabilities but moving to the cloud inherently has its own set of security issues. This is partly due to the ubiquity of cloud presence and access, and partly from the sharing of security responsibilities. Because cloud environments share computing and resources, traffic between individual virtual systems in the cloud bypasses traditional network monitoring. This lack of visibility leads to a detection gap that attackers can exploit to hijack cloud resources or access confidential information.
Traditional security controls may not be positioned to protect cloud-related functions. This is where companies can leverage new solutions such as deception technology to defend their infrastructure, regardless of where it is.
The Attivo Networks ThreatDefend™ deception platform is designed to detect attackers who manage to bypass prevention systems and infiltrate the network. By deploying authentic and attractive network decoys, endpoint lures and breadcrumbs, and deceptive data and applications, the entire network becomes a trap that quickly detects attackers that make it inside. The solution detects cyber-adversaries as they attempt to progress their attacks by conducting reconnaissance, stealing credentials, and moving laterally from system to system. The solution is effective across all attack surfaces, including on-premises, in the cloud, in distributed environments, or specialty networks such as IoT, POS, SCADA, medical networks, and others. Since the detections are engagement-based, the solution minimizes false positives while increasing alert-fidelity and records all attacker activity on the decoys to provide forensic evidence for investigations.
The ThreatDefend Platform operates in the cloud as it does on premises with no loss of functionality to detect threats and misdirect attacks. The solution deploys decoys across any number of VPCs, providing network deception capabilities to detect lateral movement and reconnaissance. The ThreatDefend cloud capabilities detect east-west traffic and provide engagement-based alerts on threats inside any cloud infrastructure, whether public, private, or hybrid, that target cloud-related assets such as the cloud instance, containers, serverless computing, or other cloud-specific technologies. Additionally, the platform supports deception on all cloud providers, including AWS, Azure, Google Cloud, OpenStack, and Oracle Cloud.
As a recognized leader in the “Magic Quadrant for Enterprise Network Firewalls” by Gartner Inc., Palo Alto Networks provides many security solutions that help protect the enterprise, even as they spread to the cloud. Attivo Networks and Palo Alto Networks have a long-standing partnership that provides customers with deception-based threat detection to complement their existing security infrastructure, making it difficult for attackers to reach or compromise valuable assets. Attivo Networks integration with Palo Alto Networks provides customers the ability to leverage deception-based alerts to detect advanced, inside-the-network threats with automatic response actions that add a firewall rule to a Palo Alto Network Next-Generation firewall. The integration allows organizations to block the attacker at the perimeter and stop them from exfiltrating data or communicating with command and control servers, or internally to prevent lateral movement across firewall-segmented VLANs. The Attivo Networks deception solution automatically captures Indicators of Compromise (IoC), such as SHA1 hashes of unknown malicious samples, that security teams can share with Palo Alto Wildfire, strengthening the overall security posture of the Wildfire community. Together, the partnership between Palo Alto Networks and Attivo brings more accurate alerting coupled with faster incident response to strengthen an organization’s overall security posture.
To learn more about deception technology and how Palo Alto Networks and Attivo Networks work together, read our partner brief or visit us at the February 12th Palo Alto Networks Sparks Bay Area User Group event.