The Industry’s First Automated Use of Environmental Learnings to Deploy Advanced Deceptions for Deceiving and Misdirecting Attackers
Fremont, CA, September 29, 2016 – Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced Attivo Camouflage, the next generation in deception technology with a solution that uses self-learning to automatically alter itself, constantly generating fresh bait for attackers. Attivo Camouflage uses Dynamic Behavioral Deception to generate lures and decoys that are identical to real assets while continually evolving and scaling alongside the real computing environments it is protecting.dv
“Deception needs to be dynamic to remain authentic and attractive to an attacker.” said Tushar Kothari, CEO of Attivo Networks. “And it needs to blend in so that it is undisguisable from its surroundings. This new technology continually monitors, molds and refreshes the deception environment, making it impossible for attackers to profile our deception and too realistic to pass up.”
Dynamic Behavioral Deception has four components:
• Self-Learning. It learns the unique behavior of disparate networks, their applications and their device profiles. It is able to distinguish, for example, the difference between an IoT medical device, a SCADA environment, or an enterprise network.
• Intelligent Deployment. As it continues to learn, the technology matches network behavior, mimic devices, and deploys deceptive credentials and assets that are extremely authentic.
• Continuous Monitoring. Every aspect of the deception environment is monitored to determine when updates are required, credentials refreshed, and new deception decoys deployed.
• Dynamically Re-spin Deception. Following any attack, new deception is deployed and the entire deception environment is automatically refreshed. This prevents “fingerprinting” by attackers who would then know what to avoid.
Ultimately, behavioral deception means that all deception elements can be created to blend into the environment and become indistinguishable; that deceptive environments can continuously evolve and scale; and that attackers can’t defeat the deception by trying to profile it.
And this all happens automatically and without human intervention.
The Attivo Networks is recognized as a leader in deception for its efficiency in the early detection of an attacker’s presence in user networks, data centers, clouds, IoT, and ICS-SCADA environments. The Threat Matrix Deception Platform creates decoys that are based on real operating systems, runs environmental golden images, and configures them so that the decoys appear as authentic production units in every network. The overall ThreatMatrix Platform provides six pillars for Continuous Threat Management and includes Attack Detection, Attack Analysis, Forensics, Incident Handling, Threat Path Assessment, and Prevention. Behavioral Deception Automation aligns with Attack Detection, and provides simplified deployment, updating, and operational management of decoys and their corresponding credential, data, and application bait.
Other recent enhancements for deception authenticity and ease of use include
• IoT and ICS-SCADA gateway and supervisory control deceptions
• Deployment of deception in branch offices through integration with routing infrastructure and centralized decoy VM’s, removing the need for local device management
• Stealth mode operation to avoid interference with network scanning devices
• Enhanced threat intelligence dashboard with enhanced attack analysis and forensic reporting
• Automated blocking and quarantine of infected systems with the major firewall, NAC, end-point providers and SIEM integrations
“My favorite phone calls came from a customer sharing his story of how Attivo deception was able to deceive their Red Team into engaging with deception credentials or decoys and how the security operations team was able to track and report on their every move,” added Tushar Kothari. “It’s a testament to the authenticity of Attivo deception and one of the reasons it has been recognized for its effectiveness. This latest announcement is one more step in dramatically upping the ante on the complexity that an attacker will have to navigate in order to launch a successful attack.”
“At a minimum, with a deception minefield, the attack becomes more complex and ideally the attacker re-aims its sights on targets which are faster and easier to exploit,” stated Michael Suby, Stratecast VP of Research at Frost & Sullivan and author of. Deception as a Security Discipline – Going on the Offensive in the Cybersecurity Battlefield, available here.
About Attivo Networks
Attivo Networks® is an award-winning leader in deception technology for real-time detection, analysis, and acceleration of incident response to cyber-attacks. The Attivo Threat Matrix™ Deception and Response Platform provides early detection of advanced, stolen credential, ransomware, and phishing attacks that are inside user networks, data centers, clouds, IoT and ICS-SCADA environments. By deceiving attackers into revealing themselves, comprehensive attack analysis is efficiently gathered, actionable alerts raised, and response actions automated with prevention system integrations. As part of the continuous threat management platform, ThreatPath™ provides vulnerability assessment of attack paths for proactive incident prevention. For more information, visit www.attivonetworks.com
415-963-4082 ext. 101