Technology lures attackers to decoy machines to find out what mischief they are up to
Attivo Networks, a startup launched last year, has upgraded its deception technology so businesses can deploy it within the portion of their corporate cloud that is hosted by Amazon Web Services.
That means customers can lure attackers to what looks like legitimate physical and virtual machines among their production AWS resources. It lets attackers carry out their exploits harmlessly to see what damage they are trying to do. This information can be used to find instances of the attack against real physical and virtual machines that are in use.
Along with support for AWS, the company is introducing an upgraded management system that gives a single view of all the Attivo devices deployed in a single business network rather than viewing one at a time.
The Attivo platform, called BOTSink, inserts decoy machines into every VLAN on the network to detect when threats scan for vulnerable machines, says Attivo CEO Tushar Kothari. The decoy machines are outfitted with a range of operating systems and can be customized with a full set of the standard-build applications on endpoints. Botsink can be a plug-in appliance or a virtual appliance.