Pen Testers, Simulation Tools, Capture the Flag Provide Industry Validations
Fremont, CA, October 06, 2017 – Attivo Networks®, the award-winning leader in deception technology for cybersecurity defense, today announced industry validations that Attivo Networks deception effectively fools attackers. Validating deception’s ability to serve as a reliable security control for closing in-network detection gaps, the company has released results of a penetration test conducted by a top computer forensics company that specializes in penetration testing, announced the ThreatInject simulation tool for testing deception resiliency, and is embedding deception into the ISSA International Conference Capture the Flag (CTF) event. By creating an authentic synthetic network based on deception, organizations change the asymmetry on attackers by placing high-interaction traps and lures that efficiently reveal an attacker’s presence.
Pen testing is used for compliance and to test the resiliency of an organization’s security controls. A mission is often defined by a Red Team’s ability to capture an embedded flag without being detected. Blue Teams, the “defenders,” are using deception to obfuscate the attack surface and trick the Red Team, much like an attacker, into making a mistake and revealing their presence. In this test scenario, an advanced pen tester gathered information and attempted to execute their attack over the period of a week in order to capture the flag. Immediately upon activating their attack, Attivo was alerted to the tester’s presence and captured and recorded all of his actions. This test scenario validated the authenticity of deception and the accuracy to provide early detection of a threat, and proved that even expert pen testers can be fooled by deception.
To validate the resiliency of deception and stolen credential detection, Attivo Networks has released its ThreatInject simulation tool. Credential theft attacks are inherently difficult to detect because perimeter and anti-virus solutions are not designed to detect attacks based on credential use or lateral movement. Credential-based attacks start with attackers extracting user credentials from various places like Credential Manager and Registry and Memory using tools like Mimikatz and utilizing them to move laterally or compromise remote systems. Once an attacker steals credentials, they will either assume they are all real, as they are unable to validate them, or they will try to verify them against Active Directory. Deploying deception on the endpoints changes the credential landscape by adding deceptive credentials and deceptive hosts that appear valid and authentic.
The ThreatInject simulator provides the ability to discover managed and unmanaged credentials, and test their authenticity along with the computers that these credentials point to. The simulator will demonstrate an attack launch using the selected credentials, query Active Directory to calculate authenticity and understand credential access, and to simulate attacker behavior. Similar to a pen test, the ThreatInject simulator empowers an organization with a window into what an attacker would see for credentials and computer hosts, verifies that an attacker is unable to determine fake credentials, and demonstrates that their deception environment is working accurately and reliably.
Attivo Networks is taking the public challenge at this year’s ISSA International Conference on October 9-11 where Attivo Networks is sponsoring the Capture the Flag event that challenges participants to hack into a network and steal information from certain assets, or “flags,” without getting caught. For this event, Attivo Networks has publicly announced that it has deployed deception across the entire network to deceive and detect attackers as they try to move laterally in the network looking for the flags. By adding deception, not only will the game be more challenging, but it will also answer the question: Is deception technology authentic enough to fool skilled attackers?
Collectively, this pen test validation, the ThreatInject simulation tool, and taking the CTF challenge all provide substantial validation to the resiliency of deception and its ability to fool and misdirect attackers, putting offensive control back into the hands of the organization and away from the attacker.
To learn more about the ThreatInject simulation tool, read here
About Attivo Networks
Attivo Networks® is the leader in deception technology for real-time detection, analysis, and accelerated response to advanced, credential, insider, and ransomware cyber-attacks. The Attivo ThreatDefend™ Deception and Response Platform accurately detects advanced in-network threats and provides scalable continuous threat management for user networks, data centers, cloud, IoT, ICS-SCADA, and POS environments. Attivo Camouflage dynamic deception techniques and decoys set high-interaction traps to efficiently lure attackers into revealing themselves. Advanced attack analysis and lateral movement tracking are auto-correlated for evidence-based alerts, forensic reporting, and automatic blocking and quarantine of attacks. For more information visit www.attivonetworks.com.
UPRAISE Marketing + Public Relations