Attivo Networks® Closes Serverless and Container Security Gaps Through Deception
Deception technology leader further scales ThreatDefend™ platform, reducing risks related to threats targeting next-gen cloud architectures
FREMONT, CA – Sept. 24, 2018 – Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, announced today that the company has further enhanced its portfolio with advanced deception techniques designed to accurately detect and derail sophisticated attacks targeting serverless applications in cloud and data center environments. Designed for the dynamic nature of cloud environments and shared security models, organizations can now add a proactive defense across traditional data centers and within popular public cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Serverless and container architectures are rapidly growing in popularity based on their ability to dynamically scale and improve utilization of server resources. However, as with many new technologies, these architectures have advanced ahead of traditional security controls, leaving gaps for attackers to exploit. These ThreatDefend™ platform enhancements break new ground in threat detection by covering all attack surfaces and reducing cloud security risks resulting from gaps left by legacy enterprise tools. ThreatDefend delivers a scalable deception-based defense for the early and accurate detection of credential theft attempts, in-network lateral movement, and advanced attacks targeting critical servers and databases.
“Detecting cloud-based, in-network threats and the lateral movement of attackers has been challenging for legacy security controls,” said Tushar Kothari, CEO of Attivo Networks. “By working closely with our customers, Attivo has developed new functionality within our deception offerings that accurately closes detection gaps and reduces risks, further empowering organizations to leverage the maximum benefits of the public cloud environment. We have achieved this without limiting their ability to detect and respond quickly to threats.”
This new functionality builds upon the company’s ThreatDefend deception portfolio, which provides extensive network, endpoint, application, and data deceptions for servers, cloud, user networks, and specialized environments such as IoT, SCADA, POS, network, and telecommunications. Unlike other detection methods that must rely on signatures, behavioral analysis, or database look-ups, Attivo Networks deception technology provides a preemptive defense based on decoy traps and lures. The solution proactively deceives and misdirects an attacker into revealing their presence. Additionally, since the platform is built with data center scalability in mind, it can easily operate without reliance on physical and virtual machine architectures.
The new enhancements expand deception decoys and lures for containers, serverless, and cloud shared security models, which will provide scalable detection of attacker lateral movement, credential harvesting, and a means to verify security controls. Platform enrichments also includes support for Lambda functions and CloudWatch/SIEM monitoring for finding attempted use of deception credentials.
The solution works by creating decoys that appear as production containers and by creating deceptive credentials, which can be embedded in container data sources. Then, the solution will entice in-network attackers with highly authentic looking credentials, decoys, applications, and database deceptions designed to attract adversaries into engaging. Any engagement with the deception environment will result in a high-fidelity alert being raised and the collection of threat intelligence; it will also efficiently pick up policy violations from both the organization and its providers. Through the deception environment’s collection of attack forensics, organizations will gain valuable insight into attacker intent and threat intelligence required for blocking attacks, threat hunting, and returning adversary mitigation.
This announcement represents one more step taken by Attivo Networks in providing the ultimate flexibility in choice when migrating to container or serverless cloud computing; without concern of security threat detection limitations.
About Attivo Networks
Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend™ Deception Platform provides a comprehensive and customer proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide-variety of specialized attack surfaces. The portfolio includes expansive network, endpoint, application, and data deceptions designed to efficiently misdirect and reveal attacks from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts, and native integrations automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 50 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.