Attivo Networks + Demisto = Faster Incident Response
Written by: Mike Parkin, Product Marketing Engineer – As attackers continue to become more sophisticated, security defenses need to improve to keep pace. Deception technology has become an important part of the security stack, as an unconventional approach that entices attackers into revealing themselves and provides unique advantages that conventional defenses can’t match.
The Attivo Networks® ThreatDefend™ platform demonstrates that we can change the game on attackers with deception technology, shifting the advantage from the attackers to the defenders. With the ThreatDefend platform deployed, attackers no longer get a clear playing field. They now need to be right every time or it’s game over.
That said, no security technology should work in a vacuum. This is one reason the Attivo Networks solution is built to natively integrate with the other components of the security stack, and this where security orchestration with Demisto comes into play. Where the ThreatDefend platform delivers high-fidelity alerts and actionable intelligence with its industry-leading deception technology, the integration with Demisto’s security orchestration and interactive forensics capabilties gives an organization’s incident response team the tools they need to quickly and accurately remediate those alerts.
Demisto’s solution leverages machine learning and automation for security orchestration, incident management and response, and gives the incident response team tools to conduct interactive investigations. Combined with the Attivo Networks solution, the incident response team becomes both more effective and more efficient. The Demisto solution is focused on enhancing the team’s capabilities rather than replacing them.
A powerful aspect of this integration is bi-directional communication between the solutions. While the ThreatDefend solution provides high-fidelity alerts to Demisto from a comprehensive range of lures, breadcrumbs, and decoys, the Demisto solution directly leverages the ThreatDefend solution in return.
For instance: when an attacker triggers one of Attivo’s deceptive assets, it sends an alert to the Demisto solution, triggering an automated response. The response playbook leverages the rest of the organization’s security stack to isolate the attacker and look for other indications of compromise in the environment, querying the ThreatDefend platform to confirm the identity of deceptive assets. Then, to reinforce the environment, the Demisto solution has the ThreatDefend platform spin up additional deceptive assets to mitigate the attack.
All of this in real-time, without requiring user intervention.
The integration between Attivo Networks and Demisto provides the incident response team a set of powerful and comprehensive tools to derail an attack, respond to it, and remediate it automatically. Working together through integration and orchestration with other systems, they also gain the tools they need to analyze an attack, gather valuable adversary intelligence, and prepare their defenses to mitigate future attacks.
Learn more about the combined strengths of Attivo + Demisto, in our joint partner brief.